According to a global survey by Accenture, 63% of utility executives believe their country faces at least a moderate risk of electricity supply interruption from a cyber attack on electric distribution grids in the next five years.
The report makes clear that there is a significant threat to electricity distribution grids.
It said that ‘a sustained failure of the electricity grid has the potential for devastating consequences. From transportation, to health and human and services, to food security, virtually every infrastructure is dependent on the grid.’
>See also: UK’s critical infrastructure ‘skipping basic cyber security checks’
Reacting to this, Sean Newman, Director at Corero, said: “Cyber attacks against national infrastructure have the potential to inflict significant, real-life disruption and prevent access to critical services that are vital to the functioning of our economy and society. These statements suggest that many such organisations are not as cyber resilient as they should be, in the face of growing and sophisticated cyber threats. To keep up with the growing complexity and organisation of well-equipped and well-funded threat actors, it’s essential that critical infrastructure, including energy and utilities maintain comprehensive visibility across their networks to instantly and automatically detect and block any potential cyber-attacks, including Distributed Denial of Service (DDoS) attacks as they arise. Proactive DDoS protection is a critical element in proper cyber security protection against loss of service and data breach activity. This level of protection cannot be achieved with traditional Internet Gateway security solutions such as firewalls, IPS and the like.”
Distribution utilities are well-practised at restoring grids after bad weather or asset failure, but the Accenture research has revealed that dealing with the new threats of cyber attacks is new territory for many of these. Indeed, only half of utility executives thought they were well-prepared for the challenges of an interruption from cyber attack.
>See also: New malware represents biggest threat to critical infrastructure
The report adds that putting cyber security at the core of the smart grid will be critical for distribution businesses to fulfil their core mandate of delivering reliable power to society. To do so, distribution utilities will need to make bold moves toward a more resilient power delivery system.
Total protection for distribution electricity grids, like any other organisation, is virtually impossible. However, designing and building resilient security systems, with an agile and swift capability that creates situational awareness, and that can quickly react and intervene to protect the grid will mitigate the risk.
“Electrical grids across the globe have continually targeted both physically and digitally,” commented Kyle Wilhoit, senior cyber security threat researcher at DomainTools.
“These attacks come in many forms, from targeted, advanced malware to ransomware locking down HMI’s.”
“The concern raised by the respondents is comforting, knowing that most of respondents appear concerned with cyber security. The respondents across the globe seem to understand the information security implications of utilising advanced technologies in these OT environments.”
>See also: Connected cities could suffer ‘catastrophic’ blackouts
“However, it’s important to note that many electrical grids across the globe are distributed in such a fashion that a cyber attack against ‘the grid’ as a whole would be difficult. This style of targeted attack would need to be coordinated, orchestrated, and performed by skilled attackers acting in unison. Additionally, accessing these networks remotely would often prove difficult as the connected nature of operational technology environments move to a more ‘air-gapped’ security architecture.”
“The opportunity for attack is rife in electrical grids. But, so long as cyber security is at the core of all technology, that opportunity should decrease.”