State-sponsored hacking groups, often traced to Russia & China, increasingly regard power stations on both sides of the Atlantic as ‘soft’ targets. Prepare or face increasingly frequent & severe power blackouts.
New vulnerabilities are being created following the recent trend for utilities in the US and the UK to step up digitalisation plus the recent inclusion of previously stand-alone systems such as surveillance cameras and building management systems into the Internet of Things (IoT).
Ever since the early days of computerisation, utilities such as power stations have relied on the existence of the supposed ‘air gap’ that exists between such facilities’ internal IT networks and the internet. But the inclusion of entry systems, surveillance cameras and any other connected device which sit on the outer perimeters of the facility’s own operational technology (OT) has created numerous highly vulnerable entry points in many power facilities’ IT systems – in some cases even creating potential access points to the utilities’ mission-critical control rooms.
While, for some time, it has been acknowledged that power companies have been the target of financially-motivated ransomware attacks, a new and disturbing trend is now emerging with potentially devastating consequences. State-sponsored hacking groups now being tracked to countries such as Russia and China appear to be increasingly targeting power facilities in the US and the UK.
Ever since the successful 2015 attack on the Ukraine’s power grid attributed to a Russian hacking group called Dragonfly or Energetic Bear, a growing number of cyber-attacks on both sides of the Atlantic are now being traced back to Russia. The same group is also now alleged to have been responsible for a major attack on the UK’s power grid in 2017, an attack which only came to light as a result of a leaked memo from Britain’s spy agency GCHQ. According to the US Department of Homeland Security, state-sponsored Russian hacking groups have also been responsible for hundreds of attacks on power utilities.
Russia is not the only foreign power to have identified power stations as soft targets. A recent series of attacks on the US power grid that took place in July of this year is now being attributed to a notorious Chinese state-sponsored hacking group APT10, which is believed to act for the country’s Ministry of State Security. State-sponsored hacking groups from Iran have also stepped up cyber-attacks on critical infrastructure.
Power stations present highly attractive targets to aggressive foreign powers since the economic and political impact of a successful attack can be extremely high. Bringing shops, businesses and transport systems to a standstill on an unpredictable but frequent basis could have a highly negative financial impact on cities such as London and New York. It is no longer unrealistic to envisage attacks on a scale which could result in widespread looting, lawlessness and rioting in cities temporarily deprived of power.
It is no exaggeration to say that the current frequency of attacks of power stations by state-sponsored hacking groups may soon be seen as the first salvos in a new era of cyber-warfare and cyber-terrorism. Unlike other forms of state aggression such as espionage or physical attacks, cyber-attacks offer nation states a high degree of what politicians call “plausible deniability”, the ability to lie and get away with it.
Even if the UK or US government suspect a cyber-attack that has caused a serious power outage may be state-sponsored and can trace the attack to a region such as Russia or China, such a case would be hard to prove in an international court. State-sponsored terrorist attacks on key nodes in a national power grid can also easily be disguised as a financially-motivated ransomware attack that went wrong or was mishandled by the organisation operating the facility. All this makes cyber-attacks on utility systems a highly attractive option for nation states who wish to cover their tracks.
Power utilities are also frequently reluctant to admit that their systems have been hacked from outside, preferring to claim an internal systems error. National governments frequently support this kind of cover-up – not wishing to panic the general populace into thinking it is under attack.
And the pace of digitalisation of utilities such as power stations shows no danger of slowing. The organisations managing power stations do not have the option of turning back the clock as OT network connectivity has now become a mandatory requirement for facilities such as power stations in the drive to cut costs and increase efficiency. To secure vital utilities such as these requires a shift in the security mindset from “How can I air gap or isolate?” to “How can I stay secure while connected?”
Organisations responsible for the secure running of utilities such as power stations need to embrace continuous monitoring of 100 percent of all network traffic in real-time. It is also essential for power station operators to deploy wire-speed deep packet inspection, allowing them to analyse and protect network traffic against upcoming threats. Power companies now face the challenge of having to instigate truly comprehensive but non-intrusive security whilst simultaneously seamlessly integrating their IT and OT systems.
So far, the general population in countries such as the UK and the US has been largely ignorant of the escalating level of cyber-espionage and the increasing frequency of politically motivated cyber-attacks. Unless Western governments and the organisations which run their countries’ vital utilities begin to take cyber-security more seriously than they have in the past, city-dwellers in the UK and US may soon have to learn to cope with the consequences of increasingly frequent and severe power blackouts.
Contributed by Elad-Ben Meir, CEO, SCADAfence.