The mission of this group is to bring together utility professionals in the power industry who are in the thick of the digital utility transformation. 

WARNING: SIGN-IN

You need to be a member of Energy Central to access some features and content. Please or register to continue.

Post

How and Why Power Grid Cyberattacks are Becoming Terrorists' Go-To

image source: https://safety4sea.com/wp-content/uploads/2018/05/cyber-resilience-concept-image-1280x640.jpg

Threats to the cybersecurity landscape have become more abundant and dangerous than ever before. With the number of attacks on the rise, it seems like no one can be truly safe. The energy industry is not an exception.

Something that used to sound like a sci-fi plot not so long ago has now, sadly, become a reality. Cyberattacks on power grids have the potential to be incredibly devastating to millions of people and hundreds of businesses, disrupting the very flow of our lives and endangering us in many ways. What is worse, it looks like they are going to become a staple in cyber warfare.

Recent examples of power grid attacks

Cyberattacks on electric grids are the invention of the last decade. The first documented case occurred in 2015 and affected several electricity providers in Ukraine. More than 230,000 people were left without power for several hours during the winter.

The perpetrators were able to gain unauthorized access to the system thanks to having obtained credentials of several workers on the hacked plants. Sadly, it was done because of employees’ mistakes: malicious software that gave the hackers an ability to break into the system of the power distribution companies was installed because several workers fell for a fake email.

According to the North American Electric Reliability Corporation (NERC), another type of cyberattack on power grids involves exploiting vulnerabilities in firewall firmware. Such an attack happened in 2019 and caused communication outages between the control center and generation sites. The report specifies that the disruption occurred due to an outside party rebooting the company’s firewalls. Although each communication failure took less than five minutes, the entire attack lasted for around ten hours.

Why power grid attacks become more prevalent

There is a motivation behind each cybercrime. Usually, it involves monetary gain acquired by extorting a ransom for unblocking the affected entity’s systems or by selling information gathered during a data breach.

However, there is an additional reason why hackers choose to attack electric grids. It has less to do with profits and more with politics.

Unfortunately, cyberattacks on power grids are very useful in cyber warfare between states. Modern societies run on electricity and if it can’t be delivered to the customer, the scale of the consequences can be extremely large. Heating systems, law enforcement, hospitals, etc. depend on power and when it is cut off, a real collapse can happen, leading potentially to a loss of many lives.

It’s easy to understand why this type of attack is so tempting to state-employed hackers. The more devastating the effects are, the better to terrorists, and that is exactly what these hackers are.

Another major cause of cyberattacks on grids is that they often lack proper cybersecurity defenses. It is especially true when the grid uses Internet of Things devices and applications. Unfortunately, using smart grids can make a provider an easier target for criminals.

Since an IoT environment implies that all the devices are connected to one another, hacking just one of them can be enough to gain access to more important parts of the system.

Despite the projected growth of the IoT in the industry, these smart devices are notorious for putting functionality and ease of use first and security second. Besides any vulnerabilities they may have, there is also an ever-present risk of the support of a particular device incorporated into the grid being discontinued by the manufacturer. And the more obsolete its last patch becomes, the more exploits the device can have.

So, to summarize: attacks on electric grids take place because of several main factors: their destructive potential and the indispensability of power generation and delivery systems to any state, making intrusions into them a viable cyber warfare tactic. An additional cause is the vulnerability of smart power grids that makes them easier to hack into.

How the danger can be mitigated

In its report, NERC provided several recommendations aimed at increasing cybersecurity of the energy grid. While not an exhaustive list of measures, it still gives a good idea of what can be done to make it harder for any malicious parties to disrupt the work of the industry.

To prevent dangers coming from the interconnected nature of devices used in the industry, it is advisable to implement a VPN solution. A VPN, or a virtual private network, is software that secures the connection between devices and the network by encrypting it. Thus, no third party can access it.

In regards to firmware patches, the lack of which made the attack possible, the Corporation gives the following advice. The release of such patches to firewalls must be monitored by a company to ensure that the newest and most up-to-date versions are applied. Before applying them, however, it is recommended to test their performance in a controlled environment.

The use of screening routers is also encouraged. Such routers operate based on predetermined sets of rules and prevent inbound or outbound traffic under certain conditions.

Dean Chester's picture

Thank Dean for the Post!

Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.

Discussions

Matt Chester's picture
Matt Chester on Jan 14, 2020 5:55 pm GMT

This context is so important and greatly appreciated-- thanks Dean!

Unfortunately, cyberattacks on power grids are very useful in cyber warfare between states. Modern societies run on electricity and if it can’t be delivered to the customer, the scale of the consequences can be extremely large. Heating systems, law enforcement, hospitals, etc. depend on power and when it is cut off, a real collapse can happen, leading potentially to a loss of many lives.

This is a great point-- directly attacking civilians is a no go in most contexts (thankfully), but this represents a way to put on the squeeze on a nation's populace without directly attacking. Couldn't be a more important area to stay focused on. 

You note how the danger can be mitigated-- but do you think overall enough is being done? In the cat and mouse game, are utilities ahead or behind of these adversaries? 

Dean Chester's picture
Dean Chester on Jan 16, 2020 11:26 am GMT

Hi Matt, and thanks for your question!

You are very right to call the whole situation a cat and mouse game. As of now, though, it is still in a pretty nascent stage and it’s hard to tell who will have the upper hand – especially since we don’t know what bad actors are up to exactly before they strike.

So far, it’s been reported that the US grid can become more vulnerable to attacks. However, the government doesn’t sit idle: the Securing Energy Infrastructure Act is expected to be passed this year. It involves the energy sector companies collaborating with the Department of Energy to find out vulnerabilities and work out solutions. You can look it up on congress.gov to review its whole text.

This bill proposes that manufacturers of critical components of power grids should also participate and I see it as a good sign because it should logically involve IoT device manufacturers. Hopefully, we’ll see major improvements to the cybersecurity of those.

Matt Chester's picture
Matt Chester on Jan 16, 2020 12:48 pm GMT

 especially since we don’t know what bad actors are up to exactly before they strike

A very good, and also pretty nerve-wracking, point. Thanks, Dean!

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »