8. August 2014

What attacks on oil pipelines have in common with epidemics

Energy and Environment

How susceptible is the global energy infrastructure to attacks by non-state actors? Has the number of attacks on this infrastructure actually increased of late? Which regions of the world are especially vulnerable? And which tactics do the attackers use? Scientists are looking to find the answers to these and other related questions with the aid of a database developed by researchers from the Center of Security Studies at ETH Zurich in collaboration with the Paul Scherrer Institute PSI.

If an armed conflict is raging somewhere in the world, it won’t be long before the region’s energy infrastructure becomes the target of violence. Attacks on energy infrastructure - particularly in the crude oil and gas industry be it pipelines, tankers or transport vehicles – are increasingly part of the repertoire of armed groups in troubled areas rich in fossil resources. Frequently, the perpetrators are classified as terrorist groups and their motives as political however there are a growing number of attacks carried out for economic motives.

Scientists studying the topic of energy security and the vulnerability of energy infrastructure to violent non-state actors have good reason to focus on the fossil sector. After all, it is the most common target for attackers. In some cases, however, their true motivation is less obvious. The Energy Infrastructure Attack Database (EIAD), a new database developed by the Center for Security Studies at ETH Zurich in collaboration with PSI, aims to provide a more objective, comprehensive dataset for researching these connections. The EIAD currently spans the period from 1980 to 2012 and is designed as an open-source database for scientists.

Motivation not always obvious

The Global Terrorism Database (GTD), which, as the name suggests, strives to record all manner of terrorist attacks worldwide, serves as a model for the EIAD. Unlike the GTD and other similar known databases, however, the EIAD records all forms of attacks on the energy infrastructure by non-state actors. These actors can be politically motivated and use their actions as a means of exerting pressure on a government or have their sights set on a purely economic gain, such as through ransoms for the release of hostages from energy facilities or for the purposes of oil theft.

One special feature of the EIAD in this respect is the fact that in the database no explicit information is provided on the motivation behind the attack. The EIAD developers believe that the motives are not always obvious or objective and that, in certain cases, indicating them could thus be misleading. On the other hand, precise information on the kind of attack (bomb attack, sabotage, kidnapping etc.), the methods used (explosives, arson, firearms etc.) and, if possible, information on the perpetrators, which can indicate motive, is recorded in the database. This information and other evidence furnished by specialists who evaluate the database should help to answer the question of motivation.

Moreover, the database keeps a record of attacks not only on the physical infrastructure but also on personnel (hostage-taking, kidnappings). For cyber-attacks the researchers have begun to code such attacks that fit within the EIAD criteria. The reason for the broad inclusion criteria (across physical, human and cyber systems) is based on the observation that violence against the energy infrastructure results in changing tactics. For example, if the security along a crude oil pipeline is stepped up, the attackers start kidnapping the staff at energy facilities or taking them hostage. Cyber-attacks on the energy infrastructure constitute a new phenomenon that is often difficult to document. Researchers and decision-makers from politics and industry were given their first taste of it with the attack by the computer worm Stuxnet: to this day, it is unclear who was behind the attack, which targeted important control and monitoring software in the energy industry.

Attacks on the increase

A quantitative evaluation of the database reveals that, at over 4,200, the number of attacks has more than doubled between 2000 and 2009 compared to previous decades (1980s: 1,808 attacks; 1990s: 1,508 attacks). What’s more, the trend still appears to be rising: 1,063 attacks have already been recorded in the first few years of the current decade.

According to the statistics, most attacks are successful, with only 5 per cent of attempts failing or being thwarted. Nonetheless, the researchers point out that these statistics might be somewhat inaccurate as many failed or foiled attacks are not even reported and therefore cannot be recorded. Furthermore the number of plots, threats or hoaxes – three other categories defined in the database – is equally low. The researchers partly attribute their dwindling, minimal frequency in the database to the fact that private companies in possession of energy infrastructure information understandably endeavour to keep any threat to their assets secret – a clear disadvantage for a database like the EIAD, which relies on publicly available information. The EIAD therefore strives to include non-public information supplied by private companies or governments.

Do attacks on energy infrastructure spread like viruses?

The EIAD’s operators hope to use EIAD to make a key contribution towards research on fundamental, general patterns regarding the targeting behaviours of violent non-state actors and the dynamics of attacks on the energy infrastructure. However, it should also be possible to uncover regional distinctions with the aid of the EIAD. With this in mind, the precise geo-coordinates of the attack location are provided for as many of the incidents recorded in the database as possible, which enables their visualisation and geostatistical analysis. The initial evaluations have revealed that attacks on the energy infrastructure are often more frequent in particular hot spots and soar in a wavelike fashion before “ebbing” away again. In light of this pattern, these attacks can be understood as a kind of epidemic as they essentially do not spread any differently to a viral infection. The next step should therefore be to conduct detailed regional case studies on the one hand and develop global statistical prediction models on the other, which should help to spot the development of attack clusters at an early stage and gain a better understanding of the underlying factors and dynamics. By combining these two different approaches scientists from diverse disciplines will jointly contribute towards new quantitative and qualitative insights into the complexity of energy infrastructure attacks.

Text: Paul Scherrer Institute/Leonid Leiva
Additional information
Center for Security Studies

Gruppe Technology Assessment am PSI
Jennifer Giroux, Center for Security Studies, ETH Zurich,
Telephone: +41 44 632 04 07, E-Mail: giroux@sipo.gess.ethz.ch

Dr. Peter Burgherr, Head of the Technology Assessment Group,
Laboratory of Energy Systems Analysis,
Paul Scherrer Institute,
Telephone: +41 56 310 26 49 , E-mail: peter.burgherr@psi.ch