An investigation is underway over a cyber attack on Ukraine’s power grid last month. The attack, which plunged the northern part of the capital, Kiev, into darkness, is part of a series of strikes on its energy and financial infrastructure, the head of the state-run power distributor said.
This event follows a major cyber-attack on Ukraine’s power grid in December 2015, the first of its kind anywhere in the world. Then, Russian-nexus actors caused blackouts in several regions in Ukraine. The actors used spear phishing to plant BlackEnergy3 malware, which was used to disable control system computers. As a result, Ukrainian utilities relied on manual efforts to restore power.
“Ukraine became such a big story because it was the first attack in the energy sector,” said Michael John, director at the European Network for Cyber Security, a non-government group that focuses on the safety of Europe’s grids and infrastructure. “It demonstrated it is possible.”
Ukraine is not alone, last year Israel experienced a serious hack attack on its electrical grid. The “severe” attack came as temperatures in Jerusalem dipped to below freezing, creating two days of record-breaking electricity consumption. It was one of the biggest computer-based attacks Israel’s power infrastructure has experienced. The energy ministry didn’t identify any suspects behind the attack or provide details about how it was carried out.
“The virus was already identified and the right software was already prepared to neutralize it,” Israeli Energy Minister Yuval Steinitz told attendees of a computer security conference in Tel Aviv. “We had to paralyze many of the computers of the Israeli Electricity Authority. We are handling the situation and I hope that soon, this very serious event will be over,” he said at the time, “but as of now, computer systems are still not working as they should.”
At the end of last month a major cyber-attack was the source of the widespread electricity cuts across Istanbul, Turkey. “The attacks are generally aiming to seize Internet sites and secure infiltration,” a senior anonymous source said on Dec. 31, as quoted by state-run Anadolu Agency.
He also said the cyber attacks started after the failed July 15th coup attempt and have been increasing ever since. “Many infiltration attempts to the systems controlling our transmission and electricity producing lines were determined and prevented. The infiltration attempts are indicators of a major sabotage preparation against Turkey’s national electricity network,” the source added.
Energy Minister Berat Albayrak said a comprehensive investigation has been launched to figure out the real reasons behind the electricity cuts in a trip to the northwestern province of Kocaeli, which is the main center of the breakdowns.
It seems, after years of talk about vulnerabilities that may come from the digitization of power grids, that it is finally and inevitably happening. With a plethora of countries around the world investing heavily in smart grid technologies, we should probably prepare for more and more attacks.
The EU in particular, where 72% of European consumers are expected to have smart meters by 2020, has reason to be concerned. The basis of the policy is that more empowered consumers enabled by smarter grids will lead to a greater energy efficiency and more green energy flowing through Europe’s power networks. However, every smart element means greater vulnerability.
“Every component in the grid that has become digitized is becoming an attack point,” says Sander Kruese, privacy and security adviser at Alliander, a distribution system operator in the Netherlands. The Netherlands has opted for smart meters without the remote switch-off option, “because they saw this threat,” Kruese said.
While in the UK, where 53 million smart meters are set to be installed by 2020, the government has asked the GCHQ intelligence agency to help design security for smart meters.
“If somebody could hack into that or turn off very large numbers of meters by mistake, the sudden shock of taking them off the grid — even worse if they were all turned back on at the same time — would cause significant damage,” UK-based technology consultant Nick Hunn said in September during testimony before a smart meters parliamentary committee.
This raises a lot of questions for the smart technology sector, as well as the governments, businesses and citizens adopting such technologies. The modern energy infrastructure we are creating, which includes smart buildings and cities, powered by renewable energy under demand response systems, all depends on the smart grid. But how can we move forward with these increasingly stark vulnerabilities.
“Technology becomes your Achilles heel if you don’t do the right things,” said Nuno Medeiros, information systems officer at Portugal’s power distribution company EDP Distribuição. While racing towards a digital grid will bring about desperately needed grid efficiency and flexibility, it will also open us up to dangerous attacks on basic systems.
We need to stop, take a step back and find a solution, before implementing a new system. If we don’t, we can and should expect cyber attacks taking down our power systems when we need them most.
[contact-form-7 id="3204" title="memoori-newsletter"]