In today’s world, a multitude of smart devices helps us to improve our lives, as we rely more and more on technology for a comfortable and efficient lifestyle – smart appliances, smart cars, smartwatches. Life as we know it is possible thanks to all of these working together for us and with us. But how do different devices synchronize and function as an ensemble?
The answer is smart grids. Smart grids enable entire cities to be networked together. Everything, and I mean EVERYTHING, is connected. Home devices to the transformer station, the station to the power supplier, and the supplier to the power plant.
But with every technological step, a new wave of threats and vulnerabilities arose in terms of cybersecurity. And smart grids are NOT an exception.
I am writing now from my office, in Denmark, where a comfortable light comes from an IKEA lightbulb. Such a small object can lead to the crash of the entire country’s power grid! If you are intrigued (and maybe a little scared), do continue to read about the possible consequences of a cyberattack.
What Is a Smart Grid?
Smart grids (SGs) are energy networks that use digital technology to deliver energy more efficiently and reliably. They enable customers to have greater control over their energy use and costs while providing suppliers with better information and tools to improve service delivery.
Here are a few examples in real-time of how SGs distribute energy in Denmark and the UK.
According to Markets and Markets,
The global smart grids market in terms of revenue was estimated to be worth $43.1 billion in 2021 and is poised to reach $103.4 billion by 2026, growing at a CAGR of 19.1% from 2021 to 2026.
Smart grids are touted as the way of the future. They are a more efficient, modernized method of energy delivery that can help to reduce emissions and carbon footprints. So you can understand why they are increasingly common worldwide.
But the vulnerabilities of such energy networks are far from being tackled and can generate true economical collapses for countries or even regions.
SGs usually rely on digital communications networks, which themselves are extremely vulnerable to attacks. Any device connected to such a network can be used to compromise the whole network, as long as you have access to the next compromised chain within it.
Think about it this way: every machine/device is a possible entry point for cybercriminals. Then make a round-up of all the devices from your home that are connected to the network. When did they become so many, right? Now imagine every device, from every network connected to the smart grid… The damage can be done by hacking into any one of these millions of devices.
And yes, electrical cables can function as network cables as well.
Cybersecurity Challenges in Smart Grids
Hacking the grid is simpler than you think because, as I explained already, any connected device can be a route of entry in each part of the grid. Also, a grid is a secondary Internet in itself, because it’s cabled and connected. That means, on the consumer side of the grid, that your car, heating controller, Alexa, Philips Hue, Google, and Sonos devices, or the IKEA lightbulb that I mentioned in the beginning, can serve as an attack hub.
You can be targeted by cybercriminals on different routes: From device, from charger to power supplier, from power supplier to grid control, and then from grid control to the power plant.
To get in, threat actors can take advantage of well-known and unpatched vulnerabilities in widely used software, improper device setups, and the reuse of exposed credentials.
Compromise in the supply chain is another issue that is crucial to the progress of the smart grid. A malicious actor can easily target an organization by utilizing equipment with unknown exploitable features.
APTs are other dangerous cyber threats for SGs. These cyberattacks are long-term, multi-stage, and typically carefully planned by extremely well-organized criminal organizations or even nation-state groups that target high-profile companies.
As cybercriminals get through the grid to your service provider, they’ll need a new attack service hub. That could be a server on the network of the power supplier and then they move on to the power production units themselves, which could be windmills, power plants, etc. So, using lateral movement, a simple hack in an unimportant device could lead to a complete blackout. No more power for businesses, markets, schools, and even hospitals.
If cybercriminals take control of the network, the lack of power can topple a nation.
Potential Consequences of an Attack on Smart Grids
The need for reliable and secure infrastructure grows as our world becomes increasingly digitized and intertwined. This is especially true for critical infrastructure, such as the electrical grid.
As our jobs and economy rely on it, we may think that this infrastructure is very well secured, but the truth is that it is more fragile than we like to admit. All the entities involved in a SG are trusting each other with a part of their own security – from the power supplier to the end user – as the strong links between them make them all as vulnerable as the weakest component. This is why strong security measures should be enabled on every level of the grid, you can’t rely only on your power plant to take charge of the security, for example.
Attacks on smart grids could lead to:
Controlled Outages
Cyberattacks on power grids can cause systematic outages, which can be hard to spot at first glance. But this type of incident can disrupt the supply of electricity and other services to individuals and businesses in affected areas. Or, if hackers get control over the Road Grid, intersection lights, the entire road, and train transportation can grind to a halt.
You think that having a blackout on your street is inconvenient? How about a part of Europe? In fact, is not that hard to get ourselves into such a situation that seems emerged from an apocalyptic movie. Europe’s national power grids are interconnected by cross-border lines. This establishes the framework necessary for international trade in electricity that could easily convert into a framework for a massive attack.
The consequences of such a scenario can span from massive economic losses to severe impacts on the quality of life of the affected population.
Mass Disruption
If malicious actors successfully breach a smart grid network, they can insert disruptive code into the system and take control over large parts or even all of it—bringing a production infrastructure to a standstill in no time.
Remember that all companies heavily rely on electricity for their production. This would result in disruptions on an unprecedented scale, causing irrevocable damage to industries and economies. It could reach the scale of a world wore in terms of consequences on the production of goods.
Collateral Damage
Many government agencies rely heavily on SGs for security purposes, and any attack on these networks will incur collateral damage as well. This will lead to financial losses as companies will be forced to invest in new technologies or be replaced by competitors using more secure systems. It would also cost governments millions of dollars in damages as they need to upgrade their power facilities or reimburse customers for any losses incurred due to outages.
Data Exfiltration
Smart grids mean bidirectional electricity and information flow. SGs collect vast amounts of data from various sources, including sensors, meters, and control systems. This data is then processed and transmitted to energy providers in order to manage the grid effectively. However, if this data falls into the wrong hands, it could be used to wreak havoc on the grid. For example, attackers could use stolen data to gain insights into grid vulnerabilities or manipulate energy prices.
Malware Spreading
Malware specifically designed to target SGs can potentially disable critical systems, not only turning the power off, but even causing physical damage to equipment. Once a threat actor is plugged into the network, he has, theoretically, access to everything, if he can hack the “next” station.
An infection means that this malicious software would spread on deeper and deeper into the grid, making a recovery or mitigation harder and less probable. That is why I compare such malware with a weapon of mass destruction.
The potential consequences of a completed attack on a smart grid are serious and just like the existing Internet battlefield of malware, I expect the power grid to be a cat-and-mouse game in the coming years, where defenders consistently try to improve, whilst attackers consistently evolve their attacks.
Examples of Smart Grid Attacks
Maybe you think that SGs attacks are something that the future you should worry about, but this gloomy perspective that I paint is not the future, it is here. The danger of smart grids targeted by cybercriminals is not just hypothetical – we already have a number of critical examples all around the globe:
Ukraine
Three Ukrainian electricity distribution companies’ control centers from Ivano-Frankivsk city were remotely accessed on December 23, 2015. As a consequence, 80,000 people experienced a blackout. Another attack occurred on December 17, 2016, almost a year after the first incident, when one transmission substation in Kyiv’s north lost power.
These acts of sabotage followed a political uprising in Kyiv, shortly after Crimea was annexed, and in the midst of military conflicts in the eastern Donetsk and Luhansk regions. Governments and cybersecurity firms have blamed state-affiliated Russian groups for the cyberattacks that were meant to cause chaos among civilians.
Europe and North America
The menace is so real that the Cybersecurity & Infrastructure Security Agency (CISA) released technical alerts TA17- 293A on October 20, 2017, to warn the public about APT attacks targeting the energy sector and other critical infrastructure segments. And on the same day, SGs attacks hit the energy sectors of Europe and North America. The attacks were closely linked to the cyberespionage organization Dragonfly.
In the same period, the number of cyberattacks on SGs increased, reaching no less than 4300 cyberattacks over the French network (Electricity Transmission Network known as RTE).
The Enel Group
The Italian multinational energy company Enel Group was infected with Snake ransomware in June 2020. Then, in October 2020, another ransomware strain infected the company, the Netwalker. The Netwalker ransomware‘s creators asserted to have gathered multiple terabytes of data from the business. They demanded a ransom of $14 million in bitcoins, threatening to release the data if they weren’t paid.
As mentioned in the paper “Smart Grid: Cyber Attacks, Critical Defense Approaches, and Digital Twin”,
In general, adversaries aim to obtain customer information through eavesdropping, get financial benefits through ransomware, penetrate and sabotage the smart grid through sophisticated attacks, including phishing emails, malware, etc. Attacks trying to destroy the smart grid are more complicated, requiring the cooperation of various types of attack approaches and turn to be state-sponsored. APT has become the most severe threat to smart grid entities.
Attack Countermeasures
SGs are connected to millions of IoT devices, from refrigerators and air conditioners to cars, each coming with its own vulnerabilities. Both smart grid developers and companies must take serious cyberattacks countermeasures in order to keep such networks and the devices they connect (and therefore the people that use them) safe.
So, what can smart grid developers do to prevent cyber incidents?
- Improve grid security through better design, such as segregation and development processes for the software controlling the grid.
- Develop comprehensive security policies and procedures – such as incident response, backups, rollback, and replacement of hardware.
- Conduct regular risk assessments of the grid infrastructure.
Incident response plans are particularly important because they offer the chance to establish clear post-event instructions, roles assignment, and incident response management standards, as well as instructions on how to communicate with consumers and stakeholders quickly and effectively during a crisis.
However, as I have previously explained, relying on incident response is the traditional approach – threat prevention must be mandatory. This leads us to the next point:
What can companies do to minimize the risks of cyberattacks on smart grids?
- Enhance employee awareness of cybersecurity threats and risk mitigation measures.
- Implement strong authentication and authorization mechanisms for accessing grid data and control systems.
- Always keep software up to date.
- Encrypt all communications between different parts of the grid system.
- Protect industrial control systems with firewalls, intrusion detection/prevention systems, and physical security controls.
Smart grid cybersecurity should be a top priority for any company that uses it. The more connected smart grids are, the higher the risk to be used by terrorist organizations.
Alexandru Panait, System Administrator at Heimdal
In a world where everything is getting smarter, it’s no surprise that even our energy grids are joining the tech revolution. But with the smarts comes the challenge of cybersecurity. Hackers are waiting in the shadows to unleash chaos on our power grids and steal our private data. With the right measures in place, we can prevent these cyber threats and protect our smart grids from disaster. Regular software updates, employee training, and strong passwords are just a few steps we can take. Let’s raise the voltage on our cybersecurity game and ensure that the future of energy remains bright.
Joseph Shenouda, Cybersecurity Consultant
Final Thoughts
A smart grid is an integral part of a nation’s critical infrastructure and a particularly tempting target for cybercriminals. That is why, infected SGs can have disastrous consequences not only for the industrial/energy sector, but also for the business environment and consumers.
I think it’s clear by now that cybercriminals have learned already how energy facilities operate, and they know how to attack. Therefore, although the technology behind smart grids is evolving as well, ensuring that they are secure is a shared responsibility. Every time you plug a device to be charged, you have a part of this responsibility too.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.
If you liked this post, you will enjoy our newsletter.
Get cybersecurity updates you’ll actually want to read directly in your inbox.
