Smart grids resiliency affected by increasing cyberattacks
There is a perception within IT circles that cyberattacks threats against critical infrastructure such as smart grids are a problem waiting to happen, but not right away. Nonetheless, the recurrence of these attacks weakens the smart grids ‘ efficiency and offer a wake up call for the power industry.
A recent study published by EuroActiv indicates that criminals who had access to power plants systems extorted one in four of the companies in the world. Modernized electrical grid that uses information and communications technology, it offers a lot of advantages such as the real-time measurement of power consumption, better understanding of use patterns and the ability to add and disconnect customers remotely. Representing the biggest upgrade to the electrical power infrastructure in many years, they could be exploited for criminal or even terrorist actions and thus raise some significant security issues.
According to figures from Department of Homeland Security’Industrial control systems computer emergency response team, 41% of incidents reported and investigated by the agency in the United States last year were related to the energy industry. Few days ago, a German powerplant specialized in renewable energy has been the victim of a cyberattack that lasted five days. Systems online communication were cut. In fact the systems were attacked by a denial-of-service so that thousands of requests are sent to a server to every second in order to block the system operation. Last year, a denial-of-service attack already knocked the internal communications system of a German power utility. The supply for electricity to customers was unaffected but it reportedly took a few days to repair and bring back the email server and the other communications platforms. It was the first digital attack confirmed against a European network operator. The traditional thinking is that smart grids are isolated networks separated from the Internet and require a VPN for remote access. However this kind of perimeter security is not sufficient anymore.
Default passwords are also a problem for smart grid equipment. So long as the local admnistrator does not change the hard-coded default passwords, attackers have a backdoor into the system.
According to a report from MacAfee, electrical networks are a prime target for cyberattacks beacause they depend on a myriad of all integrated systems that communicate with each other through a set of cable modems. The risk of disruption of the most advanced systems should be even higher in the future because millions of interconnected nodes will connect smart meters to domestic and industrial supply network. But about 80% of electricity consumers in the EU must be equipped with smart meters by 2020, according to European directives on the internal market for electricity and gas.
Therefore some countries and private agencies develop standards to protect critical infrastructure such as NERC-CIP ans IEEE 1613 in the US which outlines environmental requirements for IT equipment in substations. In the US again, $ 3,4 billion of federal stimulus funds have already been allocated for electric grid projects.