Assessing The Growing Threat To Grid Cybersecurity
By: Peter Kelly-Detwiler
Every year Connecticut releases a review of its critical infrastructure. This year’s report provided a statistic that may have sent chills down the backs of electric grid security experts.
The state’s electric, gas and water utilities often see more than one million “distinct probes” in a single day.
Actually, this isn’t uncommon among utilities. Electric power giant Duke Energy recently revealed it fended off about 650 million intrusion attempts last year.
While some attempts are from private actors, many are from powerful nation states. And it’s not just giant utilities that are targets. In a 2014 test run with cybersecurity company N-Dimension, the National Rural Electric Cooperative reported the average small utility is being probed or attacked every three seconds.
Vulnerabilities at The Bulk Power Level
While our bulk power SCADA systems are better defended than distribution utilities, they are not immune to attacks. Hackers who have already breached many utility networks remain in reconnaissance mode.
The ability to access utility networks and attack grid assets was first revealed during the 2015 and 2016 assaults on Ukraine’s power grid. Cybersecurity firm Dragos conducted the forensic analysis on those attacks. According to Dragos CEO Robert Lee, the aspects of the 2016 attack suggested “it was meant to be used multiple times. And not just in Ukraine.”
Connected Devices: Entry Portals and Weapons
Obviously, vulnerable SCADA-driven systems are of great concern. However, the soft underbelly of the utility industry will likely be exposed during the proliferation of Internet-connected distributed energy devices.
The Connecticut report says as much. It acknowledges the Internet of Things “proliferates the number of ways a company can be hacked and penetrated and offers more platforms to attack.” The document further warns that IoT devices often fall outside traditional vulnerability scanning and security patching for computers and network devices.
The report also notes that the industry relies on broadband cable infrastructure to connect to these devices. That dependence grows daily as more connected assets join the grid. This is a large reason why Connecticut’s review of it critical infrastructure suggests communications companies also be part of the annual cyber review.
Those who need further proof we are becoming a world full of utility connected devices need only consult the just-released report on demand response (DR) from Smart Electric Power Alliance. It states that last year utilities reported over four million customers enrolled in direct air conditioning switch programs, 1.2 million customers with connected water heaters, and almost 1.4 million customers enrolled in smart thermostat programs. Each of those devices represents a potential attack vector.
That much we know. What we haven’t thought enough about is what might happen if these devices were hijacked.
A Bad Day for The Power Grid
In its recent paper Defending the Grid from IoT, Pacific Northwest National Laboratory gives us a glimpse of what might happen when DR aggregators are compromised.
A hacker programs multiple connected and distributed asset to change their behavior. Those devices could then immediately consume enough energy from (or release energy into) the grid to destabilize it. These devices could also be programmed to act at a certain time without human direction. This could create significant voltage fluctuations and volatility which would trip protective systems and cause blackouts.
Right now, we’re talking about present-day targets like water heaters and air conditioners. Now imagine a world with bidirectional vehicle-to-grid integration. Electric buses and passenger vehicles would contain battery packs holding up to 600 kilowatt hours (kWh) and 100 kWh respectively.
An attacker’s signal to a fleet of hundreds or thousands of these connected vehicles could instantly manipulate these battery packs to release or absorb power. This could significantly destabilize the grid beyond the regional distribution system up to the bulk power level.
So, whether attacking water heaters or electric vehicles, hackers could destabilize the grid without ever coming into direct contact with the power industry’s IT systems.
The scenarios are chilling. However, there are steps we can take now to prevent them.
Next Time: How to Better Protect the Grid
Critical Infrastructure On Edge: Colonial Pipeline Is Only the Latest Example of the Massive Risks Associated with Attacks
This past week Colonial Pipeline company, which operates a pipeline that carries gasoline, diesel fuel, and natural gas along a 5,500-mile path from Texas to New Jersey, was forced to take itself offline after being attacked by a criminal cyber gang. The pipeline, which carries 2.5 million barrels a day, nearly 50% of the East Coast supply of diesel, gasoline, and jet fuel, is still working to restore service and gain access to their systems after the malicious cyberattack, while its four mainlines remain offline.
Financial Services Companies Struggle With The Work from Home Digital Perimeter With Serious Cyber Attacks on the Rise
When pandemic lockdowns turned many jobs into work-from-home almost overnight, some industries experienced relatively seamless transitions; however, the banking industry was not one of them. These institutions were forced to pivot from traditional office environments, but the switch to remote working came with an abundance of challenges, the most serious being cybersecurity.
With physical retail re-opening, large retailers with hundreds or thousands of locations are rethinking their security strategies, especially when it comes to Point-of-Sale (POS) systems.
Retailers need reliable, resilient networks, as downtime leads to slow checkout lines and unhappy customers.