As featured in DisruptiveViews
We are spending an inordinate amount of time lately reporting and examining the very real threats from cyber attacks.
Our focus has been primarily on what happens when core networks, application and cloud servers, as well as online personal information which is accessed and disrupted by hackers and professional cyber thieves.
But a far greater cyber threat exists, one that we may be taking for granted yet could be of far greater consequence than any other single attack – and it would affect not one but many of the systems we have come to rely on.
I refer to the power utilities – from generation to distribution – that provide the most basic component of all – electricity. Do we take it for granted? You’re damn right we do, and we may come to rue the day when the ‘bad guys’ get really interested.
The United States is taking notice with a Department of Energy announcement that it will invest more than $34 million into two projects underscoring the vital role that strong cybersecurity technologies and practices play in creating a modern power grid that is reliable, resilient, and secure.
An article on cybersecurity for the grid in the October issue of The Electricity Journal by Carol Hawk and Akhlesh Kaushiva profiles four Smart Grid Investment Grant recipients that are advancing state of the art of power grid security by designing cybersecurity into the foundation of the smart grid. The article also discusses how the Department and the energy sector are partnering to keep the smart grid reliable and secure.
The risk of a serious cyber attack on civil nuclear infrastructure (primary producers of electrical power) in the UK is also growing as facilities become ever more reliant on digital systems and make increasing use of commercial ‘off-the-shelf’ software, according to a new Chatham House report.
The report finds that the trend to digitization, when combined with a lack of executive-level awareness of the risks involved, means that nuclear plant personnel may not realize the full extent of their cyber vulnerability and are thus inadequately prepared to deal with potential attacks.
Some of the specific findings of the report are rather frightening:
- The conventional belief that all nuclear facilities are ‘air gapped’ (isolated from the public internet) is a myth. The commercial benefits of internet connectivity mean that a number of nuclear facilities now have VPN connections installed, which facility operators are sometimes unaware of.
- Search engines can readily identify critical infrastructure components with such connections.
- Even where facilities are air gapped, this safeguard can be breached with nothing more than a flash drive.
- Supply chain vulnerabilities mean that equipment used at a nuclear facility risks compromise at any stage.
A USA Today report in March this year noted that about once every four days, part of the nation’s power grid — a system whose failure could leave millions in the dark — is struck by a cyber or physical attack.
The associated article went on to state that “some experts and officials fear the rash of smaller-scale incidents may point to broader security problems, raising questions about what can be done to safeguard the electrical grid from an attack that could leave millions without power for days or weeks, with potentially devastating consequences.”
Can you imagine the repercussions of being without power, internet and phone service for days on end? And if it happened in the middle of winter the potential number if casualties that could result?
Would it be fair to say that our concerns over cyber attacks on networks and online services are dwarfed by the much bigger ramifications of cyber attacks that bring down our power grids? Maybe it’s time to get our priorities right!