Author: Scott Taylor, VP at Corero Network Security PLC (LON:CNS)
Protecting our critical infrastructure from cyber attacks has become a top priority for governments around the world – largely as a result of the Internet of Things (IoT). Within the energy sector, the increased connectivity brought about by IoT has improved how we manage our power distribution and consumption, enabling a more flexible and efficient energy grid. This has introduced a range of benefits, including a greater flexibility to accommodate new energy sources, better management of assets as well as greater reliability of services.
But as operating systems have become increasingly connected to the Internet, it has also increased the potential for damaging cyber attacks such as Distributed Denial of Service (DDoS). Modern DDoS attacks represent a serious security and availability challenge for infrastructure operators because even a short amount of downtime or latency can significantly impact the delivery of essential services.
When it comes to cyber attacks against the energy and utilities sector, it isn’t just customer data or corporate reputation at risk, but the safety of citizens. After all, if a successful attack was launched on an electricity grid, swathes of the country could be left in darkness and cold, for months. As the successive attacks on the Ukrainian power grid demonstrate, electricity operators are at significant risk from a potential adversary with malicious intent. Days before Christmas in 2015, remote hackers took control of Ukrainian grid operators and digitally commandeered substations, allowing them to shut off power for 225,000 customers for several hours.
Then in December 2016, hackers developed a malicious code that disrupted a Kiev transmission station and caused a substantial blackout lasting over an hour in the capital, in the first fully automated grid attack ever seen. While many believe these attacks to be part of the ongoing political conflict between Russia and Ukraine, the same risks apply to energy grids around the world. Irrespective of motive, a successful attack could see large populations suffering major power outages, as well as causing enormous business disruption and economic damage.