Smart grids resiliency affected by increasing cyberattacks

There is a perception within IT circles that cyberattacks threats against critical infrastructure such as smart grids are a problem waiting to happen, but not right away. Nonetheless, the recurrence of these attacks weakens the smart grids ‘ efficiency and offer a wake up call for the power industry.

 

smart grids A recent study published by EuroActiv indicates that criminals who had access to power  plants systems extorted one in four of the companies in the world. Modernized electrical grid    that uses information and communications technology, it offers a lot of  advantages such as the  real-time measurement of power consumption, better  understanding of use patterns and the    ability to add and disconnect customers  remotely. Representing the biggest upgrade to the  electrical power infrastructure in  many years, they could be exploited for criminal or even  terrorist actions and thus  raise some significant security issues.

According to figures from Department of Homeland Security’Industrial control  systems computer emergency response team, 41% of incidents reported and investigated by the agency in the United States last year were related to the energy industry. Few days ago, a German powerplant specialized in renewable energy has been the victim of a cyberattack that lasted five days. Systems online communication were cut. In fact the systems were attacked by a denial-of-service so that thousands of requests are sent to a server to every second in order to block the system operation. Last year, a denial-of-service attack already knocked the internal communications system of a German power utility. The supply for electricity to customers was unaffected but it reportedly took a few days to repair and bring back the email server and the other communications platforms. It was the first digital attack confirmed against a European network operator. The traditional thinking is that smart grids are isolated networks separated from the Internet and require a VPN for remote access. However this kind of perimeter security is not sufficient anymore.

Default passwords are also a problem for smart grid equipment. So long as the local admnistrator does not change the hard-coded default passwords, attackers have a backdoor into the system.

According to a report from MacAfee, electrical networks are a prime target for cyberattacks beacause they depend on a myriad of all integrated systems that communicate with each other through a set of cable modems. The risk of disruption of the most advanced systems should be even higher in the future because millions of interconnected nodes will connect smart meters to domestic and industrial supply network. But about 80% of electricity consumers in the EU must be equipped with smart meters by 2020, according to European directives on the internal market for electricity and gas.

Therefore some countries and private agencies develop standards to protect critical infrastructure such as NERC-CIP ans IEEE 1613 in the US which outlines environmental requirements for IT equipment in substations. In the US again, $ 3,4 billion of federal stimulus funds have already been allocated for electric grid projects.

 

Sources:

http://www.informationweek.com/security/attacks-and-breaches/what-it-can-teach-utilities-about-cybersecurity-and-smart-grids/d/d-id/1112734,

http://www.euractiv.fr/energie/le-reseau-energie-renouvelable-t-news-516550,

https://www.usenix.org/system/files/conference/cset12/cset12-final13.pdf,

http://assets1.csc.com/utilities/downloads/ny11_0338_Grid_Exposure_to_Cyber_Attack.pdf.

Vous aimerez aussi...

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.