Welcome to the new Energy Central — same great community, now with a smoother experience. To login, use your Energy Central email and reset your password.

Intelligent Utility
Julian Jackson
Julian Jackson
·Posted in Intelligent Utility
Fri, Jan 12

A Primer on Hacking

A famous saying is, “Know your enemy”; hackers are a persistent threat to utilities and other companies involved in power production. It is important to understand the reasons behind cyber crime as a method to resist these attacks.

How hacking works: normally there are five phases to a cyber intrusion: reconnaissance, scanning, access, maintenance, and covering up.

1. Reconnaissance

Reconnaissance is the first phase of hacking, where the hacker tries to gather the maximum information possible on the target’s ICT system. It is a laborious process, as the hacker has to identify weak entry ports and active machines and do network mapping to gain detailed information about the target network.

Sometimes hackers use “social engineering” - duping employees into clicking phishing links and the like, as well as looking through organizations' garbage to obtain sensitive information like passwords, account details, social security numbers, and other credentials.

2. Scanning

After the first phase has been satisfactorily completed, hackers then scan the network for specific vulnerabilities they can exploit. They generally search for open services and ports and the devices used on the network, basically anything that could let them in.

Here are the three main types of scanning:

  • Port scanning to extract information about live ports and services running on the network.

  • Vulnerability scanning to identify vulnerabilities and exploit them. Hackers often use automated vulnerability scanners to speed up the process of detecting vulnerabilities more quickly.

  • Network scanning to create maps of networks and locate the organization’s firewalls, routers, and networks.

3. Access

This is where the hackers do the actual attack. They can use a wide variety of techniques, which includes brute force attacks, spoofing, session hijacking, and denial-of-service (DoS). Man-in-the-Middle (MitM) attacks are when perpetrators insert themselves into a transmission stream between a user and an application, so that it appears a normal transaction is under way.

The objective of an attack could be to steal personal information, a “data breach” but also to disrupt the target organization or plant ransomware so they can receive a payoff. Some hackers do it purely for a thrill, but even so, they are still dangerous as they could deposit malware on the system or reveal an access point to other cyber criminals.

Note that even a data breach that does not actually cause damage, can cause enormous reputational repercussions and substantial fines if the company is found to be negligent by the authorities.

4. Maintaining Access

In this phase, hackers try to maintain the access they gained earlier. They use several options like backdoors, Trojan horse viruses, and rootkits to secure continued access to the network and acquire administrative privileges.

Getting elevated privileges allows them not only to control and modify data within the network but also to use the system to launch attacks on other networks which are linked to the entry point. As IoT and entities like smart cities become more extensive, this area will need greater protection and scrutiny.

5. Covering Up

This is the last phase of hacking, where hackers try to remove all signs of the attack to evade detection and any legal problems that might occur. They achieve this by deleting log files, closing all open ports, and clearing cookies and caches.

 

Companies that are part of a nation's critical infrastructure are a juicy target because they have plentiful financial resources, but also by being vital, they enable the hacker to have “leverage” that other kinds of hacking cannot provide: if your favorite snack was disrupted, that would be an irritation, but if power gets cut off, that is a major national disaster.

In-house and external cybersecurity teams and policies need to be operating and updated continually. Training for the workforce is also necessary, and often overlooked as an important defence against cyber criminals. As social engineering is a major way for hackers to get passwords and access codes, through manipulating workers into giving away sensitive information, it is necessary to keep reminding personnel how alert they must be during their normal operations.

A utility's Disaster Response Plan needs to have a section on what to do if any part of the network is cyber hacked, and procedures to alert the appropriate people and put in place a backup plan to restore any infiltrated services as soon as possible. Unfortunately cyber hacking seems destined to increase as more complex computer and communication systems become more deeply embedded in everything we do. The idea that your fridge or car would be in continuous communication with a myriad of other systems would have seemed like science fiction a few years ago, but it is now reality. The energy transition will need a lot of real-time data if our societies are to handle more intermittent renewable technology, energy storage, and electric vehicles, as well as mega-networked smart cities. Let's hope we have smart cyber defences as well.