Power Sector Is Just as Vulnerable to Cyber Attacks

While there is hardly any industry that has escaped the notorious attempts of hackers, critical industries such as energy face a higher risk of cyber attacks, according to a recent study from Unisys.

power

Photo: Lisa S / Shutterstock

The survey, spanning 13 countries and 599 info-tech executives, was recently conducted by Ponemon Institute to decipher the readiness of companies working in the utility, manufacturing, and energy sectors against probable cyber attacks. The Unisys-sponsored survey revealed that most of these companies have hardly any infrastructure in place to fight such attacks.

Cyber experts in the US have started giving more attention to the power and oil industry that is highly susceptible to such attacks.

According to Michael Gomez, an executive at KPMG, the energy industry today is more vulnerable to these attacks due to the evolution of technology. The digitization of control rooms and almost every device used in these plants has made it easier for hackers to plan their attack.

The growing concerns aren’t without proof. According to an agency report, out of the 200 infiltration attempts handled by the Department of Homeland Security, more than 40 percent were aimed at the industries related to the energy sector.

Surfwatch Labs Report

According to the Surfwatch Labs report, the data collected in the first half of 2014 clearly indicates the rising cases of espionage. Such reports are compiled on a monthly basis and cover the threats of cyber attacks across all the major industries.

Another interesting feature of the report is that a majority of these attacks took place due to ‘unpatched back doors’ in networks. Even after the findings of this report came out, there hasn’t been much improvement in the cyber security infrastructure of the industry.

Espionage Threats

The most sensational of these cyber attack stories was the one involving five Chinese hackers. This is the first incident in which the US has charged any foreigners for cyber espionage. With no extradition treaty in place between the US and China, this incident would just remain in a file. This incident heated up the already fragile relationship between China and US. The two companies on the radar of the attackers were SolarWorld and Westinghouse Electric.

The attack on Westinghouse came at the time when the company was in talks with the Chinese Government to finalize a deal regarding the development of nuclear plants. The attack was aimed at extracting confidential communication and product specifications. Though the attempted espionage caught many newspaper headlines, it had little impact on the $20 billion deal between the company and the Chinese Government.

Contrary to Westinghouse, SolarWorld’s reaction wasn’t very amicable. The company accused the hackers of stealing information regarding their solar energy products. It asked the US Commerce Department to launch a full-fledged investigation, and demanded return of the stolen information.

Apart from these two companies, Japan’s Monju Nuclear Power plant was also illicitly accessed by hackers in January 2014. After the attacks, some important emails and training reports went missing.

Inadequate Cybersecurity

The cyber attacks have surely highlighted the inadequacy in the prevailing cyber security infrastructure of these companies. But according to the Department of Energy (DOE), this isn’t very threatening as these attacks are small constituents of the service outage incidents.

At the same time, another class of experts believes that these incidents must not be taken lightly as they present a major threat to the entire industry.

With improving technology, the threats to the energy industry will certainly increase. The US is doing its bit by opting for smart grid technology. The downside to this approach is that enhanced interconnectivity gives more chances to the hackers to attack.

There have been many cases involving the energy sector. In May 2014, vital SCADA architecture was found infected with the Heartbleed virus. Also, earlier this year, a group of hackers was able to penetrate into SCADA systems. Another case in June saw the presence of Energetic Bear malware.

Preparing for Potentialities

When there is a cyber attack, there is much more at stake than the possibility of a revenue loss. This critical sector, if faced with a potent cyber attack, could affect the economy of the entire country.

Nuclear plants are the most crucial infrastructure in any country’s energy sector. The cyber attacks on the Japanese and Iranian nuclear plants had the potential to force catastrophic devastation.

With the advent of smart grid technology, there will be more chances of cyber attacks. An aggressive attack could also be used to cripple down the military might of the country by cutting the energy supplies. What is even more unsettling is the fact that most of the cyber attackers on the energy sector are still anonymous. There is certainly some information leak, but nobody knows where it is going.