Smart Cities

Undetected Hacks of IoT Devices May be Straining our Power System & Strangling our Economy

Copy article link
“We’ve all seen the headlines: A major cyber attack on the US electric grid could cause over $1 trillion in economic impact,” says Yotam Gutman, VP Marketing at SecuriThings. “Nevertheless. to date, there have been no recorded cyber attacks on power facilities that have caused a major physical catastrophe or long blackout,” he points out. The absence of catastrophic cyber attacks on our power systems is, of course, a good thing but it raises certain questions, namely - why hasn’t it happened yet? Maybe no one is attacking. Not according to Energy Secretary Rick Perry, who officially states that these cyberattacks are “literally happening hundreds of thousands of times a day.” While an alert issued by the Department of Homeland Security and the FBI, states that “since at least March 2016, Russian government cyber actors targeted government entities and multiple US critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing […]

Stay ahead of the pack

with the latest independent smart building research and thought leadership.

Have an account? Login

Subscribe Now for just $200 per year per user (just $17 USD per month) for Access to Quality Independent Smart Building Research & Analysis!

What Exactly Do you Get?

  • Access to Website Articles and Notes. Unlimited Access to the Library of over 1,700 Articles Spanning 10 Years.
  • 10% discount on ALL Memoori Research reports for Subscribers! So if you only buy ONE report you will get your subscription fee back!
  • Industry-leading Analysis Every Week, Direct to your Inbox.
  • AND Cancel at any time
Subscribe Now

Want a Corporate or Group subscription? Get in touch.
Email us at: support@memoori.com

“We’ve all seen the headlines: A major cyber attack on the US electric grid could cause over $1 trillion in economic impact,” says Yotam Gutman, VP Marketing at SecuriThings. “Nevertheless. to date, there have been no recorded cyber attacks on power facilities that have caused a major physical catastrophe or long blackout,” he points out.

The absence of catastrophic cyber attacks on our power systems is, of course, a good thing but it raises certain questions, namely - why hasn’t it happened yet?

Maybe no one is attacking. Not according to Energy Secretary Rick Perry, who officially states that these cyberattacks are “literally happening hundreds of thousands of times a day.” While an alert issued by the Department of Homeland Security and the FBI, states that “since at least March 2016, Russian government cyber actors targeted government entities and multiple US critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.”

Based on this we might be led to believe that our cyber security measures are simply up to the challenge. Not according to news agency GovTech, who suggests the fact we haven’t had a successful attack is more about luck than prevention. “CEOs, CIOs, and CISOs pay billions for cybersecurity solutions only to discover that, at best, these technologies solely help in gathering information after an attack rather than stopping the attack from occurring,” the agency said. The approach has even widely become known as “patch and pray.”

Putting aside theories of state issued fear mongering or some form of dependable luck, we are left with a puzzling situation. We’ve had ransomware attacks which have brought down telecom and healthcare systems, numerous data breaches that have given up the personal data of millions of people, even DDoS attacks that have taken some of the world’s biggest websites offline. Successful cyber attacks have become commonplace in our highly-connected digital society, so why have we not seen a catastrophic cyber attack on our power system yet?

The reason, according to Gutman, starts with the fact that power stations are physically secured from cyber attack, “they are generally not connected to outside networks, and they often use robust industrial protocols,” he says. “In recent times, power stations have also enjoyed large security upgrades that will continue to make hacking into them harder than it seems.”

Power stations are only one part of our energy system however, and while they might be relatively secure, the same cannot be said for our sprawling and increasingly connected grid. A cyber attack on Ukraine’s power grid in December 2016 plunged the northern part of the capital, Kiev, into darkness. This attack followed a similar one in December 2015, “it was the first attack in the energy sector,” said Michael John, director at the European Network for Cyber Security, a non-government group that focuses on the safety of Europe’s grids and infrastructure. “It demonstrated it is possible.”

Gutman acknowledges the vulnerabilities of the grid but his greater concerns lie elsewhere. “Lately, another element has entered the equation - that of consumption and its potential manipulation. IoT devices are being rapidly adopted and used everywhere by consumers, enterprises and governments. What if, instead of trying to hack a power plant, a nation-state hacked millions of smart devices connected to a power supply, and used them to manipulate the grid?” he asks.

Gutman is referring to two types of attack using connected devices. The first is what you might expect, gaining access to and switching on a huge number of devices at the same time to overwhelm the grid and cause a blackout. Such an attack would have some disruptive and financial implications, especially if used at crucial moments, but more than anything else it would be a statement and a show of force to its victims.

The second form of attack is much more sinister, less detectable and potentially much more impactful. In a society where connected devices become widely adopted, by hacking a huge number of devices attackers could increase the energy consumption of each device very slightly or in a way that is hidden to the users and the grid.

In doing so, the overall energy consumption of a city, region or entire country could be raised undetected for months or years. This would increase the financial burden on the economy from energy, slowly draining that economy over longer terms. This would not be a show of force but rather an attack designed to truly create economic suffering.

Approximately one quarter of all residential energy consumption today comes from devices sitting unused in an idle power mode. In the US that is equivalent to 50 large power plants’ worth of electricity and is estimated to cost bill payers more than $19 billion every year. The environmental cost is also hugely significant, an estimated 10% of carbon dioxide emissions in the US are said to be a direct result of these idle devices. These figures not only underline the impact that small power consumption increases of large numbers of individual devices can have on an economy but also highlight how such consumption increases may go unnoticed.

In fact, such a strategy may already be in motion today, albeit limited by the number of connected devices available, which is already quite significant. IHS forecasts that the IoT market will grow from an installed base of 15.4 billion devices in 2015 to 30.7 billion devices in 2020 and 75.4 billion in 2025. A 1% increase in energy consumption from even half these devices would represent an economy strangling strain on any country. Detection may be near impossible with our current approach to IoT cyber security, and the potential problem will only get more severe as we push towards our connected future.

“As the grid becomes “smarter” and our homes more connected, it is imperative that we employ robust security mechanisms,” says Gutman. “Not just for power generation, but for the entire supply chain in order to maintain a predictable, secured economy.”

Most Popular Articles

Complimentary Article AI Interface Commercial Buildings
Smart Buildings

Recording: AI as an Interface for Commercial Buildings

Here is the recording and presentation from our live stream with Jonathan McFarlane from PlaceOS discussing how AI Large Language Models (LLMs) will change the way we interact with our buildings. The future of building system user interfaces is not dashboards! Artificial Intelligence, and specifically LLMs, will change commercial building system interactions from “point & […]

Matterport Costar Acquisition
Smart Buildings

What’s Behind the Acquisition of Matterport by CoStar?

In this Research Note, we examine what’s behind the Costar acquisition of Matterport, the US digital twin business founded in 2011. This analysis is based on Matterport’s investor presentation 20th February 2024, 10K Annual Reports, and recent press releases. CoStar Business Founded in 1987, CoStar Group is a $2.5 billion revenue company, operating some of […]

AI Commercial Buildings 2024
Smart Buildings

Mapping the Global Landscape of AI in Commercial Buildings 2024

The artificial intelligence (AI) landscape in commercial buildings is rapidly evolving. Significant growth in the number and size of companies offering AI-enabled products and services in commercial real estate has been growing around the world in recent years. The private sector has seen a sharp rise in AI development and with that, the number of […]

Subscribe to the Newsletter & get all our Articles & Research Delivered Straight to your Inbox.

Please enter a valid email

Please enter your name

Please enter company name

By signing up you agree to our privacy policy