The American homeland is one attack on only nine substations away from going in the dark. A critical portion also doesn’t even need to be hacked, as sniper rifle fire was enough to already get the job done on one power station in April of 2013. If the bad guys only wanted to wreak havoc instead of 100% destruction, they would take advantage of the vulnerable SCADA system, where medication dosages for example, could be manipulated.
Sadly, the most of what’s being done to mitigate such threats are only warnings written in articles like this. There’s a lot of lights and cameras, but no action.
As our electrical system lifts itself out of the stone age, the defense built around it will require added vigilance.
My favorite joke when I was 5 years old was, “Where will you be when the lights go out?” The answer, of course, is “in the dark,” though I used to make my very patient sister guess a bunch of other places first, which I used to think was absolutely hilarious.
We are fortunate that in this country having the lights unexpectedly go out is actually a pretty big deal, and quite rare. You don’t have to wonder whether the light will come on when you throw the switch, or if your computer will have enough power to boot up. The sodas in the fridge are always cold and our showers are always warm. It always just happens, so we more or less take it for granted.
For utilities, their IT networks are just as vulnerable as anyone else. In fact, some of the utility clients I have recently worked with were seeing Advanced Persistent Threats attack their networks as far back as 2010. So, it’s safe to say there have already been successful cyberattacks against utilities.
So, why haven’t the lights gone out?
Because compromising an email server or stealing personnel and customer records, while bad, won’t let an attacker stop the flow of water at a dam or overload a substation. For that to happen, they would need to tap into the second type of network in place at most utilities, the one made up of operational technology.
Operational Technology, which is mostly called OT, consists of everything from industrial control systems to mechanical computers and even electric valves and switches. Many of our nation’s power plants were built decades ago, with some hydroelectric dams going back to the 1920s. Those plants have been haphazardly upgraded over the years, and today contain a mix of modern technology working alongside some of the original equipment much more manual than automated.
Even if the bad guys don’t yet have the capability to do any real harm to utilities, it’s only a matter of time. If we want to make sure having the lights going out is still exclusively part of a marginally funny kid’s joke, we need to continue to take the threat seriously, and build up our defenses even as we network and expand our aging OT infrastructure.
Full article: What It Would Really Take to Knock Out the Power Grid (Defense One)