ELECTRICAL GRID HACKING, A NEW FORM OF PUBLIC SECURITY THREAT
With global success of the new HBO/Sky miniseries Chernobyl, the mass audience is strongly affected by the dramatic story of the biggest catastrophe of the 20th century caused by flawed equipment and human error. The 1986 accident at the Ukraine’s nuclear power plant (still a part of the USSR at that time) was a proper dystopian nightmare of the commercial nuclear power era, causing massive fatalities and long-term consequences from wide-spread radiation.
Although as a work of fiction the series does not necessarily depict the tragic events with utmost precision, it definitely echoes a message of great relevance in a more and more tech driven world: One should never underestimate the vulnerability of systems of great public importance.
The global tendency for interconnectivity, smart technology and Internet of Things brings a promise of immense power optimization. However, with great promises always come great threats as well. And one of those threats can be found within the world of electrical grids.
Most electric power companies today go through the fast-paced optimization for the sake of higher level of performance. Their robust systems depend on interconnected computer networks, which have their weak points in terms of maintenance but also, more importantly, in terms of their extreme vulnerability to cyberattacks. Ironically, we were reminded about this vulnerability in Ukraine again, when hackers took down portions of electricity grid in 2015 and 2016, cutting electric power to thousands of people. But also more recently, in March 2019, when the power grids in California and Wyoming were also targets of cyber attacks.
The blackouts of electrical power don’t just cause minor inconvenience for people in their homes. They rather cause damaging disruptions of massive proportions at important public points. Blackouts affect data centers, hospitals, public systems – big and small – that is, public and private points on which the whole society depends. And yet, their security is still taken lightly. With more and more smart grid solutions running the electrical plants, the race for performance optimization does not come with the optimization of security measures taken. And in the era of cyber-attacks, are we neglecting the wake-up calls for people responsible for our most critical infrastructure to upgrade their systems?
To be able to protect ourselves from abrupt and dangerous blackouts, what do we need to know, learn and do?
Take care of the compliance
Security standards are the pillars of grid protection. Complying with them is the first obligatory step that any company dealing with electrical power needs to take. In the USA for instance, the North American Electric Reliability Corporation (NERC) sets rules on adequate protection of power grids, both physically and electronically via a set of Critical Infrastructure Protection (CIP). There is also a set of standards for the Synchronous grid of Continental Europe, which is the largest interconnected network covering most of the Europe. By avoiding compliance with the adopted network standards, companies impose the risk for the entire network and not just their own system.
Test cybersecurity readiness
Many companies from the energy industry used to willingly deny or underreport the cases of hacking attempts. However, with the rising public pressure and debates on these matters, they are now more and more prone to combat the potential hacks by using their own weaponry. By employing the experienced software engineers and hackers, they do hack tests on their systems to spot all potential weak spots. By doing this, they try to recognize which system parts ask for the additional security and protection. After all, fighting hacker attacks cannot be done without doing some homework on the subject. It is extremely important to familiarize with hackers’ tools and programmes, such as malware apps, plug bots, wire-dialers, port scans etc. Only by understanding the system weaknesses can help you overcome them successfully.
Invest in new approaches and technologies
Long gone are the days of centralisation. What data protection and blockchain technologies have shown us is that the data decentralisation is the key to system failure prevention. Control should not be in the hands of a single control point. Decentralisation decreases the risk of massive system failures and human error by limiting the potential hacking damage to the lowest possible scope. Learn about and invest in AI device control and blockchain technologies which will serve as extra security layers with encrypted data access verification. Provide solutions that go a long way in ensuring optimum energy protection through smart grid analytics and other available tools designed for power grid protection.
Only by initiating debates, avoiding lazy solutions and learning about all aspects of power grid protection do we take all necessary steps for providing the light future ahead, in its most literal sense. Let’s create the future in which catastrophic failures and damaging blackouts appear only in the works of pure fiction.
If you need help in understanding power grid protection and the relevant tools, we are willing to talk more about it. Let’s shine a light on the blackout threats.