“We know that LNG terminals are a target. It’s just a question of when and how,” researcher Casey Brooks of the American cybersecurity company Dragos told RTL Z.
Dragos, which specializes in securing industrial companies, sees that two hacker groups, Xenotime and Kamacite, are conducting ‘exploratory research’ into the digital systems of Gasunie’s LNG terminal in Rotterdam. In addition, they would analyze the systems of other European LNG terminals and infrastructure in the energy sector.
“These are tests to see where they could potentially have an impact with a digital attack.” According to the FBI and cyber researchers, the groups have ties to the Russian secret services.
In addition, the FBI warned earlier this year even though Russian hackers similarly investigated the systems of American energy companies.
Other cybersecurity companies are also seeing more activity around vital infrastructure in Europe and in the Netherlands. Like the Dutch company EclecticIQ. According to that company, it is the first time that Xenotime focuses on Europe.
It makes sense that Dutch LNG terminals are now the target of investigations by Russian hackers, says Joep Gommers, the founder of EclecticIQ. “It is certainly within Russia’s modus operandi and focus at this time.”
That is also what Ralph Moonen of cyber security company Secura says. “Russian hacker groups are known to carry out such investigations.”
More cyber attacks since war
Due to the war in Ukraine, cybersecurity companies are seeing a significant increase in the number of cyberattacks in general this year. In the months of January to September, this averages more than 5 million unique cyber attacks per month, according to figures from cybersecurity company ESET. That is more than 20 percent more than in 2021.
This concerns, for example, phishing attacks, attacks with hostage software or other forms of malicious malware and DDoS attacks to make websites inaccessible to visitors.
Concrete threat from energy crisis
Security guard Fox-IT estimates that due to the energy crisis there is a concrete threat that malicious parties will target companies that are active in the energy sector. “Particularly in the supply chain for the supply and distribution of LNG,” says a Fox-IT spokesperson.
“The parties interested in this sector are probably state-sponsored malicious groups, for example, the groups led by the Russian FSB and GRU (secret services, ed.).”
Act before things go wrong
MEP Bart Groothuis (VVD) is aware of the signals from Russian hacker groups investigating the systems of LNG terminals.
“It is gradually time that we act on this before things go wrong. Gas is Russia’s favorite weapon against the EU. Causing chaos on the energy market and manipulating that market is a clear geopolitical objective,” says Groothuis.
Why are LNG terminals so important?
LNG is important to the Netherlands now that the Russian gas tap has been closed due to the war in Ukraine. If those terminals come to a standstill for whatever reason, gas production capacity will be lost, says René Peters, director of gas technology at TNO.
The capacity in Rotterdam will be expanded to 16 billion cubic meters per year. While Eemshaven now produces 8 billion cubic meters per year. Together they account for more than half of the Dutch gas consumption of 40 billion cubic meters of gas per year.
“If we lose that capacity for a short time, then we don’t immediately have a problem. Because we still have 14 billion cubic meters stored in storage and we still have our small fields.”
Gasunie is silent
Gasunie does not want to say whether it is aware of Russian hackers looking for vulnerabilities at the company. “In the context of security, we do not provide any information about this.”
Gasunie also does not want to say whether it has tightened security measures. “Apart from the war situation, safety is of paramount importance and we take all kinds of situations into account.”
The company owns the LNG terminal in Eemshaven and, together with Vopak, owns the terminal in Rotterdam. Vopak did not want to respond to questions from RTL Z.