How Are Cyber Threats Targeting Power Grids?
Power grids (much like the construction industry) more and more depend on the Internet to operate, which makes them increasingly vulnerable when it comes to cyber threats as well. If you think that you are starting to read the plot of some low-budget movie, you are mistaken. Not only are cyber threats aimed at power grids the reality of our time, but it wouldn’t actually take much for all of us to be left out of power when we least expect it because of some black-hat hacker and their dishonorable intentions.
A cyber attack on power grids wouldn’t cause as much damage as a physical one, but would certainly have significant effect on people’s lives, especially if we are talking about cutting electricity off to hospitals, factories, banks and similar institutions of great importance. We aren’t talking about losing power for a couple of minute, either. We are discussing having no power for days on end! That is precisely why it is crucial for the critical infrastructure of any country to realize what they are up against and direct their resources towards enhancing cyber security.
Here are only a few examples of cyber attacks on critical infrastructure:
- Stuxnet (worm) – gained attention for the damage it caused at a nuclear facility in Iran
- Slammer (SQL Server worm) – the worm disabled a safety-monitoring system for several hours and led to a temporary failure of a nuclear powerplant’s process computer
- Shamoon (virus) – the national oil company of Saudi Arabia, Aramco, reported in 2012 that this was responsible for damaging around 30.000 computers in an effort to disrupt energy and oil production
- Aurora – the planned cyber attack on a generator control system led to the destruction of the generator and a fire.
As cyber criminals increase their knowledge about the way industrial systems work, they find weak points to exploit – not only in the area of computer technology, but from an industrial engineering standpoint, as well. They have moved onto finding ways to damage the equipment itself, destroy even. Case in point are two separate campaigns in which malware programs were deployed against companies from the energy sector – BlackEnergy2 and Havex – culminating in the Ukrainian attack (2015-2016) when sectors of the Ukrainian power grid were brought down.
As for what exactly cyber criminals are doing while attacking critical infrastructure such as power grids, there are two answers:
- Information acquisition
- Power grid disabling and equipment damage
The first type of cyber attacks is more frequent than the latter – a proper espionage attempt to gain, corrupt or delete information. Moreover, it is essential in the second type of attack, as this is where intruders steal the data pertinent to a specific industry, or target within, only to use it in further attacks.
But how to protect critical infrastructure such as power grids against cyber threats?
ICS (Industrial Control Systems) through which power grids are controlled usually perform single functions and have very limited number of devices they need to be in communication with in a routinely manner. Therefore, they should be really easy to secure, but that is not how it actually works in practice. Namely, the majority of ICS were built on generation-old general computing systems, which means that security was not a concern when they were built, so they cannot be updated. Furthermore, they are often unable to authenticate administrators and maintain activity logs pertinent to forensic analysis, for example. Not to mention the fact that they can often be accessed to from the public Internet since their authentication mechanism are weak. Hence the need for a complete technology overhaul where these safety deficiencies could be remedied.
For practical advice on how to secure a power grid, take a look at our infographic:
Or you can have us do it all for you!
We have over 275 clients who are more than satisfied with our services. On more than 1500 websites we actively monitor, nearly 55,000 security threats were successfully prevented using our solution. Not only do we perform full WordPress security scans on the platform itself, we examine and secure all plugins in order to make sure there are no security threats. The websites under our protection are watched 24/7 for threats and updates, allowing the businesses they represent to thrive. Finally, the already compromised websites are fixed by being thoroughly cleaned of malicious content and protected from future threats.
TLDR: Cyber attackers want to gain, corrupt or delete information about the infrastructure or want to use that information for more devastating and possibly life endangering attacks.
Since no cyber threat can be removed permanently on the Internet, we will keep your defense line firm and evolving with security practices to keep you safe.