Cyber-Attacks on Power Grids: What You Should Know
Up until recently, nationwide power outages were something we could only see in sci-fi movies. However, this frightening scenario has already entered the lives of those living in countries with volatile regimes. Just recently, we’ve been seeing plenty of reports coming from Venezuela about the country’s political situation that’s on the brink of civil unrest.
There are numerous possible causes for what happened in Venezuela when close to the entire country suffered a blackout that lasted for over one week. Still, many of those revolve around cyber-attacks that reportedly caused one of the main power lines to overload and fail. With this said, we can’t help but wonder if cyber-attacks can affect power grids in such a dramatic way? What are the common methods of performing such an attack? And most importantly, what can be done to secure power grids?
Throughout this article, we will be exploring all the ways that cyber-attacks can affect electric utilities and power companies. We’ll talk about high-profile cyber-attacks and whether it’s possible to prevent them. Without any further ado, let’s jump right in.
First things first – why attack a power grid?
As you already know, we’re surrounded by electronics whose intercommunication is growing stronger each year. Today’s smart homes are made of devices created to talk to each other, exchange data within a close group and send that data to third-parties. And all of this is done to improve our quality of life and to make it easier to perform tasks that were deemed complex a decade or two ago.
So far, we gave you an example of the power that today’s consumer devices have. Just as those devices are evolving, top-level digital systems are changing as well. In simple terms, much of today’s civilization relies on the Internet. Even power plants and utility companies rely on the web to simplify their operation. And this means that if proper security measures aren’t employed, they are left exposed to unauthorized tampering by third-parties.
Causing a wide-scale power outage is just one part of today’s cyber warfare. Attacks no longer happen only via land, air, and sea. Digital attacks have the power to affect a massive number of individuals. Perhaps the most frightening scenario consists of affecting sewage and water treatment systems along with transportation systems. In the simplest words possible, without power, we lose the way to fulfill our basic needs.
Common methods of performing cyber-attacks
When thinking about someone infiltrating a power grid, you probably imagine a highly skilled hacker typing commands across the planet. However, cyber-attacks aimed at power grids consist of a systematic approach usually backed by simple methods.
Back in 2016, Ukraine’s power grid was systematically attacked which led to the city of Kiev losing all power for an hour. It was later revealed that malware known as Industroyer caused this attack. This malware was created for the sole purpose of attacking the power grid by exploiting the CVE-2015-537 vulnerability. That same malware was also connected to an attack that happened in 2010, targeting an Iranian nuclear facility’s centrifuges.
Another attack targeted at Saudi Arabia has blocked a major oil company from operating in 2012. This attack started as an old-fashioned phishing email. A secretary opened an email without suspecting that it might be infected with a virus. It took only a few seconds for the virus to infect the computer, which later led the attacker to the company’s servers.
If you take a close look at the two previously explained cyber-attack methods, you’ll see one prominent difference. The attack in Ukraine took advantage of hardware vulnerabilities, while the attack in Saudi Arabia was based on “human factor.” In other words, a person needed to open an infected email message for the virus to spread. This leads us to the following questions – can we trust ourselves to manage cybersecurity effectively? Is there a way to reduce the risks of human error? Let’s find out!
Developing the culture of cybersecurity
Every single day, we get to hear about hacking attempts, databases exposed, and how personal data gets stolen. However, even after that many warnings, not many of us are ready to protect ourselves online. For this to happen, we all should be using antivirus applications, prevent web services from tracking us (if possible), use different passwords for each account we own, and plenty more. How many of those things have you done? Not many, for sure.
Educating individuals of using security measures has become imperative, especially if those individuals have access to closed networks. This is why we’re beginning to see a trend of improving our overall culture of cybersecurity. That’s because it takes only one weak leak for the whole system to go down.
Aside from education, specialized systems are being developed from isolating individuals from the rest of the network. And interestingly enough, one of those cybersecurity systems is already available for the public. We’re talking about VPN applications that can be used in your home as well.
By using a VPN, an individual connects to a secure server through a user-friendly UI. Once connected, all incoming and outgoing data becomes highly encrypted. No one can see what you do online, no one can track your online whereabouts, and no one can collect your data. Sounds ideal, right?
You should also know that today’s VPNs (the ones available commercially) also come with some tradeoffs. The most prominent one is a certain level of speed reduction as your data has another stop before it reaches its destination. However, even such tradeoffs can’t be put against numerous benefits that VPNs offer.
The bottom line is that we all need to step up. Educating ourselves about digital dangers and understanding the way our personal data is handled has become imperative. There’s no excuse, especially since we already have the needed tools in our hands.
What does our increasingly connected future hold?
In the decades upon us, we will most likely go through a revolution in terms of energy production. As the entire world shifts toward sustainable energy sources, it is expected for this trend to translate to individual cases. We’re talking about solar panels on private homes, specialized batteries that store more power than before, and other methods of eco-friendly energy production oriented towards individual homes.
Changing the way we produce power and going towards eco-friendly solutions comes with grave dangers, from the cybersecurity perspective. As individuals start to take part in energy production, they also become responsible for maintaining their interconnected digital systems. On the security front, this will translate into an increased number of cybersecurity firms.
At the moment, the USA is leading the field of cybersecurity providers. According to a recent study, there already are over 850 cybersecurity firms in the greater Washington, D.C. At the moment, these firms work with businesses on improving their corporate networks. However, they are expected to shift toward individual users soon enough. To back this claim up, another study predicts that there’ll be a shortage of 1.8 million cybersecurity professionals by 2022.
The bottom line
We should not underestimate the fact that we all live in the same digital (global) village. As our lives become fully digital, our environment and the way our basic needs are met will also enter the digital era.
You can be sure that governments are working hard on creating cybersecurity systems that protect us on a large scale – and power grids are only one part of that equation. However, don’t forget that everything starts with us, individuals. So, make sure to do your research about how to be safe online, how to avoid being targeted by hackers, and employ common-sense cybersecurity measures in your everyday life. Every step counts, and even the smallest action can go a long way.
