Smart Cities

Undetected Hacks of IoT Devices May be Straining our Power System & Strangling our Economy

“We’ve all seen the headlines: A major cyber attack on the US electric grid could cause over $1 trillion in economic impact,” says Yotam Gutman, VP Marketing at SecuriThings. “Nevertheless. to date, there have been no recorded cyber attacks on power facilities that have caused a major physical catastrophe or long blackout,” he points out. The absence of catastrophic cyber attacks on our power systems is, of course, a good thing but it raises certain questions, namely - why hasn’t it happened yet? Maybe no one is attacking. Not according to Energy Secretary Rick Perry, who officially states that these cyberattacks are “literally happening hundreds of thousands of times a day.” While an alert issued by the Department of Homeland Security and the FBI, states that “since at least March 2016, Russian government cyber actors targeted government entities and multiple US critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing […]

Stay ahead of the pack

with the latest independent smart building research and thought leadership.

Have an account? Login

Subscribe Now for just $200 per year per user (just $17 USD per month) for Access to Quality Independent Smart Building Research & Analysis!

What Exactly Do you Get?

  • Access to Website Articles and Notes. Unlimited Access to the Library of over 1,700 Articles Spanning 10 Years.
  • 10% discount on ALL Memoori Research reports for Subscribers! So if you only buy ONE report you will get your subscription fee back!
  • Industry-leading Analysis Every Week, Direct to your Inbox.
  • AND Cancel at any time
Subscribe Now

“We’ve all seen the headlines: A major cyber attack on the US electric grid could cause over $1 trillion in economic impact,” says Yotam Gutman, VP Marketing at SecuriThings. “Nevertheless. to date, there have been no recorded cyber attacks on power facilities that have caused a major physical catastrophe or long blackout,” he points out.

The absence of catastrophic cyber attacks on our power systems is, of course, a good thing but it raises certain questions, namely - why hasn’t it happened yet?

Maybe no one is attacking. Not according to Energy Secretary Rick Perry, who officially states that these cyberattacks are “literally happening hundreds of thousands of times a day.” While an alert issued by the Department of Homeland Security and the FBI, states that “since at least March 2016, Russian government cyber actors targeted government entities and multiple US critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.”

Based on this we might be led to believe that our cyber security measures are simply up to the challenge. Not according to news agency GovTech, who suggests the fact we haven’t had a successful attack is more about luck than prevention. “CEOs, CIOs, and CISOs pay billions for cybersecurity solutions only to discover that, at best, these technologies solely help in gathering information after an attack rather than stopping the attack from occurring,” the agency said. The approach has even widely become known as “patch and pray.”

Putting aside theories of state issued fear mongering or some form of dependable luck, we are left with a puzzling situation. We’ve had ransomware attacks which have brought down telecom and healthcare systems, numerous data breaches that have given up the personal data of millions of people, even DDoS attacks that have taken some of the world’s biggest websites offline. Successful cyber attacks have become commonplace in our highly-connected digital society, so why have we not seen a catastrophic cyber attack on our power system yet?

The reason, according to Gutman, starts with the fact that power stations are physically secured from cyber attack, “they are generally not connected to outside networks, and they often use robust industrial protocols,” he says. “In recent times, power stations have also enjoyed large security upgrades that will continue to make hacking into them harder than it seems.”

Power stations are only one part of our energy system however, and while they might be relatively secure, the same cannot be said for our sprawling and increasingly connected grid. A cyber attack on Ukraine’s power grid in December 2016 plunged the northern part of the capital, Kiev, into darkness. This attack followed a similar one in December 2015, “it was the first attack in the energy sector,” said Michael John, director at the European Network for Cyber Security, a non-government group that focuses on the safety of Europe’s grids and infrastructure. “It demonstrated it is possible.”

Gutman acknowledges the vulnerabilities of the grid but his greater concerns lie elsewhere. “Lately, another element has entered the equation - that of consumption and its potential manipulation. IoT devices are being rapidly adopted and used everywhere by consumers, enterprises and governments. What if, instead of trying to hack a power plant, a nation-state hacked millions of smart devices connected to a power supply, and used them to manipulate the grid?” he asks.

Gutman is referring to two types of attack using connected devices. The first is what you might expect, gaining access to and switching on a huge number of devices at the same time to overwhelm the grid and cause a blackout. Such an attack would have some disruptive and financial implications, especially if used at crucial moments, but more than anything else it would be a statement and a show of force to its victims.

The second form of attack is much more sinister, less detectable and potentially much more impactful. In a society where connected devices become widely adopted, by hacking a huge number of devices attackers could increase the energy consumption of each device very slightly or in a way that is hidden to the users and the grid.

In doing so, the overall energy consumption of a city, region or entire country could be raised undetected for months or years. This would increase the financial burden on the economy from energy, slowly draining that economy over longer terms. This would not be a show of force but rather an attack designed to truly create economic suffering.

Approximately one quarter of all residential energy consumption today comes from devices sitting unused in an idle power mode. In the US that is equivalent to 50 large power plants’ worth of electricity and is estimated to cost bill payers more than $19 billion every year. The environmental cost is also hugely significant, an estimated 10% of carbon dioxide emissions in the US are said to be a direct result of these idle devices. These figures not only underline the impact that small power consumption increases of large numbers of individual devices can have on an economy but also highlight how such consumption increases may go unnoticed.

In fact, such a strategy may already be in motion today, albeit limited by the number of connected devices available, which is already quite significant. IHS forecasts that the IoT market will grow from an installed base of 15.4 billion devices in 2015 to 30.7 billion devices in 2020 and 75.4 billion in 2025. A 1% increase in energy consumption from even half these devices would represent an economy strangling strain on any country. Detection may be near impossible with our current approach to IoT cyber security, and the potential problem will only get more severe as we push towards our connected future.

“As the grid becomes “smarter” and our homes more connected, it is imperative that we employ robust security mechanisms,” says Gutman. “Not just for power generation, but for the entire supply chain in order to maintain a predictable, secured economy.”

Most Popular Articles

ABB Smart Buildings 2023
Smart Buildings

ABB Smart Buildings Business 2023 Examined

In this Research Note, we examine the Smart Buildings business of ABB, based on their February 2024 Factsheet and building automation portfolio, acquisitions, divestments and investments throughout 2023. This article updates our 2022 Examined article published in March 2023 and the Capital Markets Day update for Smart Buildings in December 2023. The Smart Buildings division, […]

UK Green Building Council Progress Report
Energy

“Our Industry is Not Moving Fast Enough” – UK Green Building Council

The United Kingdom (UK) is falling behind in its projected green building roadmap according to the UK’s Green Building Council’s (UKGBC) progress report. The initial 2021 roadmap demanded a 19% drop in emissions over the past four years but the latest data shows just a 13% fall, more than 30% short of the target reduction. […]

Honeywell Building Technologies 2023
Smart Buildings

Honeywell Building Technologies Business & Financials 2023 Examined

In this Research Note, we examine the Building Technologies business of Honeywell (HBT) based on their 2023 10K Report, investor presentations and commentary from their Q4 investor call. The strategic rationale for the Carrier Access Solutions acquisition is further discussed and significant investments and partnerships by HBT throughout the year are highlighted. Honeywell Products & […]

Subscribe to the Newsletter & get all our Articles & Research Delivered Straight to your Inbox.

Please enter a valid email

Please enter your name

Please enter company name

By signing up you agree to our privacy policy