News broke yesterday that amost two-thirds (63%) of utility executives believe their country faces at least a moderate risk of electricity supply interruption from a cyber attack on electric distribution grids in the next five years. IT security experts commented below.
Kyle Wilhoit, Cenior Cybersecurity Threat Researcher at DomainTools:
“Electrical grids across the globe have continually targeted both physically and digitally. These attacks come in many forms, from targeted, advanced malware to ransomware locking down HMI’s.
The concern raised by the respondents is comforting, knowing that most of respondents appear concerned with cyber security. The respondents across the globe seem to understand the information security implications of utilizing advanced technologies in these OT environments.
However, it’s important to note that many electrical grids across the globe are distributed in such a fashion that a cyber attack against ‘the grid’ as a whole would be difficult. This style of targeted attack would need to be coordinated, orchestrated, and performed by skilled attackers acting in unison. Additionally, accessing these networks remotely would often prove difficult as the connected nature of operational technology environments move to a more ‘air-gapped’ security architecture.
The opportunity for attack is rife in electrical grids. But, so long as cyber security is at the core of all technology, that opportunity should decrease.”
Sean Newman, Director at Corero:
“Cyber-attacks against national infrastructure have the potential to inflict significant, real-life disruption and prevent access to critical services that are vital to the functioning of our economy and society. These statements suggest that many such organisations are not as cyber resilient as they should be, in the face of growing and sophisticated cyber threats. To keep up with the growing complexity and organization of well-equipped and well-funded threat actors, it’s essential that critical infrastructure, including energy and utilities maintain comprehensive visibility across their networks to instantly and automatically detect and block any potential cyber-attacks, including Distributed Denial of Service (DDoS) attacks as they arise. Proactive DDoS protection is a critical element in proper cyber security protection against loss of service and data breach activity. This level of protection cannot be achieved with traditional Internet Gateway security solutions such as firewalls, IPS and the like.”