Threats to the cybersecurity landscape have become more abundant and dangerous than ever before. With the number of attacks on the rise, it seems like no one can be truly safe. The energy industry is not an exception.
Something that used to sound like a sci-fi plot not so long ago has now, sadly, become a reality. Cyberattacks on power grids have the potential to be incredibly devastating to millions of people and hundreds of businesses, disrupting the very flow of our lives and endangering us in many ways. What is worse, it looks like they are going to become a staple in cyber warfare.
Recent examples of power grid attacks
Cyberattacks on electric grids are the invention of the last decade. The first documented case occurred in 2015 and affected several electricity providers in Ukraine. More than 230,000 people were left without power for several hours during the winter.
The perpetrators were able to gain unauthorized access to the system thanks to having obtained credentials of several workers on the hacked plants. Sadly, it was done because of employees’ mistakes: malicious software that gave the hackers an ability to break into the system of the power distribution companies was installed because several workers fell for a fake email.
According to the North American Electric Reliability Corporation (NERC), another type of cyberattack on power grids involves exploiting vulnerabilities in firewall firmware. Such an attack happened in 2019 and caused communication outages between the control center and generation sites. The report specifies that the disruption occurred due to an outside party rebooting the company’s firewalls. Although each communication failure took less than five minutes, the entire attack lasted for around ten hours.
Why power grid attacks become more prevalent
There is a motivation behind each cybercrime. Usually, it involves monetary gain acquired by extorting a ransom for unblocking the affected entity’s systems or by selling information gathered during a data breach.
However, there is an additional reason why hackers choose to attack electric grids. It has less to do with profits and more with politics.
Unfortunately, cyberattacks on power grids are very useful in cyber warfare between states. Modern societies run on electricity and if it can’t be delivered to the customer, the scale of the consequences can be extremely large. Heating systems, law enforcement, hospitals, etc. depend on power and when it is cut off, a real collapse can happen, leading potentially to a loss of many lives.
It’s easy to understand why this type of attack is so tempting to state-employed hackers. The more devastating the effects are, the better to terrorists, and that is exactly what these hackers are.
Another major cause of cyberattacks on grids is that they often lack proper cybersecurity defenses. It is especially true when the grid uses Internet of Things devices and applications. Unfortunately, using smart grids can make a provider an easier target for criminals.
Since an IoT environment implies that all the devices are connected to one another, hacking just one of them can be enough to gain access to more important parts of the system.
Despite the projected growth of the IoT in the industry, these smart devices are notorious for putting functionality and ease of use first and security second. Besides any vulnerabilities they may have, there is also an ever-present risk of the support of a particular device incorporated into the grid being discontinued by the manufacturer. And the more obsolete its last patch becomes, the more exploits the device can have.
So, to summarize: attacks on electric grids take place because of several main factors: their destructive potential and the indispensability of power generation and delivery systems to any state, making intrusions into them a viable cyber warfare tactic. An additional cause is the vulnerability of smart power grids that makes them easier to hack into.
How the danger can be mitigated
In its report, NERC provided several recommendations aimed at increasing cybersecurity of the energy grid. While not an exhaustive list of measures, it still gives a good idea of what can be done to make it harder for any malicious parties to disrupt the work of the industry.
To prevent dangers coming from the interconnected nature of devices used in the industry, it is advisable to implement a VPN solution. A VPN, or a virtual private network, is software that secures the connection between devices and the network by encrypting it. Thus, no third party can access it.
In regards to firmware patches, the lack of which made the attack possible, the Corporation gives the following advice. The release of such patches to firewalls must be monitored by a company to ensure that the newest and most up-to-date versions are applied. Before applying them, however, it is recommended to test their performance in a controlled environment.
The use of screening routers is also encouraged. Such routers operate based on predetermined sets of rules and prevent inbound or outbound traffic under certain conditions.