Cyber security in power distribution networks

Energy distribution is the engine for all industrial and domestic activities, and as our dependency on electricity keeps rising, even seconds of interruption can have devastating effects. But in the age of the smart grid and Internet of Things, how secure is our energy distribution network? Damon Mount of  Megger will attempt to answer these questions and look at what the future holds for the British power networks.

The grid has always been vulnerable to physical threats such as storms and earthquakes – and that has been a universally accepted truth for which producers and operators have prepared by improving the quality of the infrastructure. But in recent years a new type of threat has emerged and experts believe we are more susceptible to malicious attacks than ever before. Cyber attacks can remotely penetrate electricity grid control networks, shutting down power for large numbers of people and businesses. Sometimes the perpetrators openly admit responsibility for the attacks and ask for ransom; sometimes the hackers and their motives remain in the shadows.

In 2015, the power distribution in the Ivano-Frankivsk region of Ukraine was disrupted for six hours, leaving hundreds of thousands of customers without power. The outages, as was later found out, were the result of a cyber attack and were caused when substations were disconnected remotely from the grid. It is believed that thehackers infiltrated the electricity distribution control centers in Ukraine using a combination of software vulnerabilities, stolen authorisations and sophisticated malware.

And as proof that people indeed never learn, a year later, Ukraine’s electricity transmission facilities were also attacked - leaving thousands of homes and businesses in the dark and creating millions of pounds of damage. The malware found in affected networks was a variation of BlackEnergy, a Russian hacker programme.

Similarly, there have been reports of “state sponsored” hacking on the Irish power grid company EirGrid’s  network, which left it exposed and vulnerable to further sabotage. The report, issued in August 2017, says the hackers installed ‘eavesdropping’ software on the routers used by EirGrid and were able to see encrypted communications sent by the company. Their communications provider Vodafone, who uncovered the attack, later confirmed the scale of the threat.

So how are these attacks possible? According to the Guardian  a primary target “is the smart meters that are being installed in every home by the end of 2020, to automate meter readings. The Capita-run body set up to handle the data, the DCC, is being treated as critical national infrastructure and the company’s chief technology officer insists the data is safe.”

Similarly, power substations are increasingly controlled via internet-enabled networks andsoftware – which creates even more security issues for senior chief information officers.  

The biggest worry is that hackers could penetrate into any of these IoT-ready applications and they could then find their way upstream into the electric grid. The situation is made even more troublesome by the seeming lack of urgency from power distribution companies to make provisions for the eventuality of a malicious attack.

Research into grid security is moving away from investigating ways to better handle equipment failures and natural disasters toward increased availability and creating a well-defended power grid for the future. Equipment redundancy represents one of the ways in which operators can prepare. By installing additional equipment that can basically step in the moment an attack occurs, energy continuity can be ensured, avoiding chaos and millions worth of damages and downtime to industrial environments.

But increased redundancy is a costly affair that not many power companies can afford. A more achievable approach relies of systematically analysing the risks in critical systems and methodically defending against each of them.

Cybersecurity analysts specialising in penetration testing can figure out where the vulnerabilities are and catch them before anyone else. This allows companies to develop strategies that prevent attacks, detect and respond to them when they happen. This approach will require industry leaders to ensure that each new piece of hardware or software added to the grid is protected, no matter how small. There is also an acute need for developing new systems that can uncover atypical grid communications and create more secure network architectures for critical control systems.

In addition, governmental regulating agencies will need to keep updating the rules governing the industry to raise minimum security standards over time. Lastly, a change in attitudes towards  risk and cyber crime has to take place; without it, next time we reach for the switch we may all have nasty surprise!