Could drones be a threat to offshore energy installations?

There's a pincer movement on offshore energy installations around Scotland's coast - on one side from the rapid development of drones, from the other, their growing use in hostilities.

As Ukrainians know well, the threat comes from the air. But it can also be afloat, with underwater sabotage a major new theatre of low-level warfare.

The threat comes primarily from Russia, according to experts. The Kremlin sees itself as already engaged in a hybrid form of warfare aimed at undermining Nato while avoiding a full-on conflict.

That threat comes also from "non-state actors", capable of using drones to inflict a lot of harm to vital infrastructure - ranging from anti-fossil fuel activists to mercenary proxies of state adversaries.

Cliff Thoburn, head of intelligence of RMI security consultants, says: "We're using drones more and more in the industry. Some employees don't see drones as anything unusual, and adversaries have noticed that, getting drones closer to our platforms for reconnaissance activity.

"There is credible intelligence out there that suggests at a time and a place of their choosing, an adversary - state-based or not - may use drones to mount an attack on our infrastructure."

He talks of drones potentially carrying explosives or nerve agents, suggesting that offshore operators will have to deploy defences to counter drone attacks.

There's a huge amount to target. There are more than 160 platforms visible above the North Sea surface, and far more to be found in the pipelines that link them.

There are thousands of offshore wind turbines in UK waters alone, each linked by cable and linked to substations. Thousands more are planned.

There are high voltage power grid connections crossing the North Sea and along Britain's shores, with yet more planned.

They are in addition to many more telecom cables carrying the data that drives much of the world's economy and transmitting the data that lubricates society, work, public services and leisure, linking across northwest Europe and the Atlantic.

Increasing in scale, increasingly vulnerable and at increasing risk: this much was the sobering assessment of industry experts, security technologists, and academic experts, several of them hinting at experience of the intelligence services, gathered for the first time this week by industry body Offshore Energies UK.

Meeting in Aberdeen's Union Kirk, their task was to compare notes on security and resilience, bringing home global and European lessons to the UK's island and trading vulnerabilities, and to Scotland's energy sector.

They did so as Spain and Portugal recovered from their electricity grids being knocked out - possibly the result of a cyber-attack, and a reminder of how vulnerable societies and economies are if infrastructure is not secure and resilient.

Closer to home, Marks and Spencer, which trades on being among the most trusted of retail brands, was struggling to contain the effect of a cyber-attack, crippling its ability to deliver to stores and fulfil customers' online orders.

Much of the discussion in Union Kirk was about cyber resilience, where companies and public services have immensely complex and overlapping IT systems, open to their workers and contractors, that face a near-constant onslaught of attacks to probe for weaknesses.

The attackers may be faceless but they are known to those on the front line for their preferred targets, several of them emerging out of the Ukraine war and Russia with names that give them personalities; Kamacite, Electrum, Voltzite.

Some are there for crime, some for the thrill. The conference was told of an IBM estimate that the average crime costs more than £4m, the average ransomware secures nearly £3m (it's declining, as attackers pitch their demands at levels more likely to secure payouts) and the average denial of service attack on a company lasts for 19 days.

But viewing the energy industry from Aberdeen, it's the hardware out at sea that is the distinctive vulnerability. Half a century of installing offshore production infrastructure has paid little attention to fending off attack or sabotage.

During the Cold War, a naval threat could be spotted and seen off. Until recently, only a well-resourced navy could pose a threat under water.

Russia has continued to invest in deep sea submarine capability even while it cut back on other defence spending. And now, subsea drone technology available on the open market is capable of offensive and surveillance activities. It makes sabotage all the more deniable by those who wish Britain's economy ill.

Tracey German, professor of security and conflict at King's College London and a Russia expert, speaking at the OEUK Aberdeen conference, says the marine energy sector is both especially vulnerable and an appealing target for Russia's provocations.

"They see us as being in a perpetual state of confrontation," she told BBC Scotland. "Between peace and war, you've got this broad spectrum of neither peace nor war. That's where the Russian leadership perceives itself to be in relation to western states.

"They're learning all the time from their own experience in Ukraine and elsewhere, and also by watching others.

"There's a sense that wars are not just about the holding of territory," says German. "They are also about degrading an adversary's ability and will to resist.

"You do that by targeting a population's support for a government and support for fighting. And if you target energy infrastructure, as you're seeing in Ukraine, if you leave a population without heating and without electricity, you can undermine popular support."

Another professor of defence and security, Andrew Neal from Edinburgh University, presented his research into published government security assessments showing that Europe's countries perceive increasingly complex and wide-ranging threats.

"Even 10 years ago, European states weren't considering any territorial or offshore threat," he says.

"There's a lot of unprotected infrastructure on land as well, and it doesn't need a ship or submarine to access it - data cables, pipelines, data cables, some of it buried under one or two feet of soil.

"You could go to Shetland with a shovel and cut off the internet to the Faroe Islands fairly easily if you wanted to.

"But a lot of the focus on investment and design is in hardening some of the infrastructure, protecting it under the water, burying it, and detecting interference as well as attributing it."

The high-voltage cables being laid on the seabed are now equipped with sensors which warn of unexplained visits by subsea vessels.

Listening devices on the seabed can detect the unique sound signature of passing ships on the surface. The conference heard how artificial intelligence, drawing on vast data sources from underwater and from satellites, can identify which ships are where and when.

While the offshore energy sector may be vulnerable, its subsea maintenance technology offers some such solutions for its protection. Drones can also be deployed to check for the tracks of unwelcome drones.

Honuworx, an Aberdeen firm, is now under contract to Nato to develop its autonomous underwater vehicle for defence purposes. The Loggerhead has the range and capability to operate remotely for long periods, using a buoy to transmit data and not requiring an expensive surface ship.

In the Baltic Sea, the Nato military alliance has stepped up activity this year with the multi-nation Operation Baltic Sentry putting naval ships and planes into the sea lanes. It has lowered the reported incidents of ships dragging anchors and damaging cables, which have been linked back to Russia's client tanker fleet.

Baltic coastal states served notice that such ships can be seized. Using layers of data, a senior Nato official told BBC Scotland that the 6,000 ships to be found at one time in the Baltic can be whittled down to around 20, with suspicious routes and crews, that need to be carefully monitored.

This is not only the work of governments, navies and military aircraft. The Aberdeen conference was told of a senior British military officer saying that 85% of information briefed to ministers is from publicly-available and commercial sources. The remainder is largely to confirm what others can find out.

Industry has an important role, alongside military defence. For OEUK, Mark Wilson, head of safety and security and a former soldier, there is an important role for its members' offshore workers.

"The role of the private sector is to make sure we're prepared," he says, "that those 7,000 or 8,000 people who work offshore on any given day continue with their levels of training and practice to make sure they respond to a wide range of threats, and report anything they see that requires further action by the police, Coastguard, the Ministry of Defence and other agencies."

UK waters have seen surveillance and mapping of subsea assets by Russian spy ships, which the government chose to highlight on one occasion last year, tracking a frequent Russian visitor to British waters with a Royal Navy warship and submarine.

The Ministry of Defence recently commissioned Proteus, a former offshore supply vessel now in the Royal Fleet Auxiliary, with a specialist role in subsea surveillance.

But there have been no high-profile incidents of sabotage in British waters. The oil and gas industry, as well as National Grid which owns several of the high-voltage power cables on the seabed, note that most incidents of damaged pipelines and cables are the result of fishing activity.

Artificial intelligence is also being used to identify the worst offenders with trawling gear. National Grid has developed software with which to hold them accountable.

Prof Andrew Neal has a warning not to overdo the warnings, reminding us not to get the threat levels out of proportion.

There's a danger that a gathering of security experts will only serve to highlight and emphasise risks.

But they concluded with a call for their voices to be heard in boardrooms, saying security threats are too infrequently embedded into company strategy.

There was also a call to embed security awareness into public awareness.

"We need to be a bit more Israeli," said one cyber-security and intelligence expert. "They really understand a security culture."

It's a provocative view, when others had observed that the number one activist threat they perceived in Britain was in support of Palestinians.

"Or Finnish," suggests an academic contributor, lowering the temperature.