Intelligence chief warns of cyber risk to LNG terminals

Head of the BND intelligence service Bruno Kahl recently warned a security conference about the expansion of targets of cyber criminal activity, according to one report.

He said that conflict was spreading geographically beyond the immediate war region and was expanding into other targets.

“Beyond the known spectrum the new facilities for landing liquefied gas must also be considered as possible further targets," Kahl told a forum in Stuttgart in September.

IT law expert Stephan Appt of Pinsent Masons said that laws are in place or are being formulated to give some protection against such attacks.

“European legislation like the NIS2 Directive has already been enacted or will be soon, as is the case with the Cyber Resilience Act. These aim to protect critical organisations and infrastructure in the EU , such as transport, energy, health and banking businesses, from cyber threats and to achieve a high level of common security across the EU,” he said. “EU-wide legislation on cybersecurity provides legal measures to boost the overall level of cybersecurity in the EU.”

Regulators are also looking at which areas of infrastructure require additional cybersecurity protection.

“There are specific cyber security requirements for some sectors: Carmakers for example are required to implement a cyber security management system and flow it down through the supply chain as failure to do so would mean that their cars will not get type approval and could not be sold in the EU,” said Appt. “Germany’s Federal Office for Information Security (BSI) focused in its latest report on cyber threats to automotive, aerospace and defence, energy, industrial supply chain and telecoms industries as areas where BSI to some extent also is the regulator overseeing information security.”

Russia’s invasion of Ukraine resulted in many European countries stopping using relatively cheap Russian gas, distributed through long range networks of pipes. Countries have become more reliant on LNG, where gas is transported in cooled liquid form by ships and brought ashore at terminals for onward distribution and use.

Kahl’s comments will heighten fears that LNG terminals are a potential high value target for those wishing to destabilise energy supply or undermine nations’ rejection of Russian gas.

It also raises broader questions about companies’ networks of reliance and exposure to cyber weaknesses, said Pinsent Masons technology expert Stuart Davey.

“There is now real awareness of the cyber threats faced in the infrastructure and energy sectors - not only must operators of essential services, known as CNI organisations under NIS Regulations, be prepared for the risk posed by cyber criminals seeking financial gain, they also are the subject of risk of nation state-backed attacks seeking to cause societal disruption. Regulators expect a certain level of cyber capability,” he said.

The warning came as a committee of the UK parliament launched an inquiry into the cyber-readiness of the UK’s critical national infrastructure (CNI).

The inquiry relates in part to energy infrastructure and seeks to understand what the government’s role should be in setting standards and regulations for cyber resilience and preparedness.

The call for evidence said that the inquiry would “explore the progress of UK CNI toward achieving recently announced resilience targets by 2025, and what support the sector needs to achieve those targets and efforts to make computer hardware architecture more secure by design to protect CNI”.

Earlier this year the UK's National Cyber Security Centre (NCSC) warned that cyber criminals are intent on achieving “a more disruptive and destructive impact against western critical national infrastructure (CNI), including in the UK”.

A government minister said at the time that groups allied to Russia were using cyber crime to disrupt or destroy infrastructure.