New research from Accenture has revealed that distribution business executives consider interruptions to power supply their biggest cyber attack concern, ahead of potential impacts on customer/employee safety and the theft of sensitive data.
In its Outsmarting Grid Security Threats report the firm surveyed more than 100 utilities executives from over 20 countries, discovering that 63% of those polled believe their country faces at least a “moderate risk” of suffering electricity supply interruption as a result of a cyber attack on electric distribution grids within the next five years.
“A typical distribution grid has neither the size of a transmission network nor the same risks of cascading failure,” said Accenture. “However, distribution grids have the same vulnerabilities and, as a potentially softer target, could be increasingly subject to attack. Breaches by a wide range of potential attackers could have devastating impacts along the entire electricity value chain, from generation through to consumers.”
Accenture added that the increased connectivity of industrial control systems enabled by smart grids will drive significant benefits in the form of safety, productivity, improved quality of service and operational efficiency. However, there is also a fear that the same greater connectivity could create opportunities for cybercriminals to launch crippling attacks, opening the potential of new threats into industrial control systems.
“The current technology landscape for many utilities features control systems that work on old or vulnerable operating systems – commonly without sufficient processing power to run effective virus scans; a lack of encryption or authorization on communications channels – accompanied by limited or no security for end points such as programmable logic controllers (PLCs) and intelligent end devices (IEDs),” the company explained.
Sean Newman, director at Corero, said that cyber attacks against national infrastructure have the potential to inflict significant, real-life disruption and prevent access to critical services that are vital to the functioning of our economy and society.
“To keep up with the growing complexity and organization of well-equipped and well-funded threat actors, it’s essential that critical infrastructure, including energy and utilities maintain comprehensive visibility across their networks to instantly and automatically detect and block any potential cyber attacks, including Distributed Denial of Service (DDoS) attacks as they arise. Proactive DDoS protection is a critical element in proper cyber security protection against loss of service and data breach activity. This level of protection cannot be achieved with traditional Internet Gateway security solutions such as firewalls, IPS and the like.”
Source: Michael Hill – infosecurity-magazine.com