Should the Energy Industry Prepare for Cyber-Attacks on the Power Grid? Signs Point to Yes
Sometimes, it feels like the Texas grid cannot catch a break. Last year, Texans sampled how quick and easy our unweatherized infrastructure caused blackouts as an unseasonable cold front knocked substations out of commission, cascading across large segments of the grid. Now, there’s a new threat looming, not just to a single state but an entire nation’s energy system: the resumption of serious tensions with Russia.
In the early days of the Russian invasion of Ukraine, President Vladimir Putin warned leaders across the European Union and United States that any interference is his empire building would result in “consequences greater than any […] faced in history.” Though this may have been bluster, Russia’s reputation for elite hackers and coders means they’re not a paper tiger in cyberspace, but a viable threat to our national security and energy infrastructure.
Even if Russia doesn’t end up retaliating against us for our sanctions or Ukrainian aid efforts, there is no shortage of nation states willing to launch cyber-attacks on the power grid. As the Ukraine story has been unfolding, we’ve been considering possible threats to the energy system, what they might look like, and how energy industry leaders can prevent debilitating outages. Here’s what we think you should know.
Foreign Powers See Energy as a Prime Target
Why do we suspect that Russia might sabotage power infrastructure? They have been training their hackers for years to attack these systems, even holding cyber competitions with mock cities as detailed in this report from ABC news. In the real world, they have likely already tested out this attack strategy elsewhere. The 2016 attack upon Ukrainian power centers resulted in the deactivation of almost 60 substations across power distribution centers, plunging 230,000 citizens of western Ukraine’s into the dark. The attacks were expertly coordinated and involved extensive prep work to compromise credentials and map out systems.
One senior grid strategist said the “attacks in Ukraine were demonstrations […] the whole world was watching.” In coordination with the current invasion, Ukraine has been bombarded by the HermeticWiper malware, which corrupts multiple systems and prevents reboots, a clear menace to utilities or other critical systems.
Not long after Russia attacked Ukraine’s grid, Russian malware was found within a minimum of ten U.S. utilities, including electrical stations in Vermont. In most cases, the code was caught before any attacks took place, but it’s not outside of the realm of possibility that ongoing threats are avoiding detection.
The Kremlin isn’t the only government initiating these types of cyber-attacks on the power grid. In 2017, North Korea likely attempted to use spearfishing emails to target electric power companies, whether the reason was retaliation for U.S. injunctions or to ransom our energy systems in exchange for cryptocurrency is uncertain (North Korea has been described as a “criminal syndicate with a flag,” if that tells you anything).
Even the United States is believed to have collaborated with Israel to shut down Iran’s nuclear facilities with the notorious Stuxnet worm. This is how modern warfare works and it appears everyone is doing it.
What Does an Attack on the Grid Look Like?
Let’s say that Texas energy grid or the other national counterparts are targeted. What will that look like? A Bloomberg article highlighting a drill held by DARPA on Plum Island, New York demonstrated how chaotic cyber-attacks on our energy infrastructure might be. As part of the $118 million Rapid Attack Detection, Isolation and Characterization Systems (RADICS) project, this exercise pitted a team of utility operators and cybersecurity experts against white hat hackers to protect a hypothetical assault.
In the exercise, hackers did everything from manipulating sensor data and shutting down communication to disabling portals and faking dead equipment, which forced the defenders to scramble in response to an ever-evolving scenario. Every win could turn into another setback at a moment’s notice, conveying just how important preparedness is for experts throughout the energy industry.
In an article about North Korea’s hacking army, Simon Choi, a security-intelligence analyst from South Korea, said, “The key to their success is their relentlessness—they just attack, endlessly.” It’s the age-old hacker strategy, a perversion of Thomas Edison’s quote, that their efforts aren’t failures, they’re just discoveries of thousands of ways that don’t work. With enough time, money, and hacking talent, they’ll find what does.
How Can You Protect the Power Grid from Cyber-Attacks?
Overall, digital transformation has enabled the energy sector to improve energy demand management, proactive maintenance, and decision making. However, connecting the grid to digital networks has invited cyberthreats that can destabilize already precarious infrastructure. Since the modern electrical grid requires constant realignment to meet precise customer demands in real time, hackers simply need to knock out a few key power stations with outages to cause an avalanche of issues across the system.
What can you do to prevent those outages? The typical recovery techniques alone will not prevent every possible attack, so energy industry leaders need to keep their eyes on innovative strategies as well as incorporate holistic approaches to protecting the grid. Here are a few cornerstones that should be front of mind:
Coordinating Cross-Discipline Efforts
In the DARPA exercises on Plum Island, the participants quickly recognized the challenge of systems operators and cybersecurity specialists not speaking the same language. They had different perspectives that could complement one another but were not actively collaborating during early stages of the training. Until they realized how to get on the same page, the hackers were running circles around the teams of experts.
In any attack, those first few minutes and hours are critical to the success of your defense. Everyone needs to lock step and collaborate to regain control and evict intruders from your systems. That’s why long before an attack, there should be clear channels of communication, defined protocols, and ongoing knowledge sharing. Early internal collaboration frustrates hackers from the start.
Diversifying Energy Sources
As the industry has diversified energy sources, there has been an unintended but positive consequence: increased resilience and reliability. In the process of upgrading and variegating our national energy infrastructure, the sector has created fail safes that make a total collapse more difficult. Creating a diverse combination of natural gas, renewable energy, and nuclear power can create barriers to hacking (it’s much harder to map out all those intricate systems).
The catch is there needs to be operators who understand new technologies and how their energy generation works as well as professionals who can integrate these disparate systems in a way that maintains protections but allows for smooth distribution of the energy generated.
Implementing the Right Detection & Defense Tools
Your warning system is going to be crucial to your ability to respond. With the complexity of attacks that are directed at the energy industry, utility operators need to use every possible tool at their disposal to prevent access and mitigate threats. Secure access management, endpoint remediation, vulnerability scanners, cloud threat detection tools, and more should be evaluated for their effectiveness and alignment with your industry.
Depending on the size of your operation, you may or may not be able to access the full scope of premium resources necessary to ward off hackers. However, tools like the Essence Cybersecurity Tool from the National Rural Electric Cooperative Association (NRECA) can help smaller utility operators bridge the gap, fight above their weight class, and maximize their budgets. In fact, this co-op is a great way to share resources and tactics in an area that might otherwise require a hefty war chest to achieve your goals.
Staying Aware of Ongoing Threats
At the end of the day, even if your utility is only focused on customers in the United States, you’re a conspicuous target for hackers. Staying aware of both the global news of the day as well as stories about cyber threats will help you to keep you aware of what dangers are on your horizon and how to protect yourself.
If you’re not doing this, a dedicated cybersecurity partner should. Though your organization and systems will regularly be in the crosshairs of foreign agents, the right cooperation can keep the wolves from the door and the lights on.
Want to dig deeper into some of the defensive strategies that can diminish the impact of any cyber-attack on the power grid end points? Stay connected to our blog for all the latest cybersecurity and energy industry news
View our blog