The Energy and Utilities Sector Remains Vulnerable to Hackers
For years, energy and utility organizations have been high-profile targets for hackers, cyberterrorists and foreign governments. Infrastructure organizations are seen as vulnerable targets that can be used to cause mass disruption with a relatively few keystrokes pressed from a home located a few blocks away or from a foreign nation on the other side of the world.
Because attacks on the energy and utility sector are often kept confidential—unlike data breaches suffered by retailers and healthcare organizations that are highly publicized to warn customers and patients whose information has been stolen—the public has little knowledge of infrastructure attacks, and even some cybersecurity professionals are unaware of a breach’s true extent. New information, however, reveals that cyberattacks on utility and energy organizations are a serious and growing threat.
Cyberattacks on Energy and Utilities Increasing
A 2016 survey of 150 IT professionals employed by companies in the natural gas, electricity and oil sectors revealed that cyberattacks are much more common than the public realizes. More than 75 percent of the respondents stated that their companies had suffered at least one attack during the previous year in which intruders breached a minimum of one firewall, antivirus software or other safeguards. Almost 50 percent stated that known cyberattacks in their industry had increased during the previous 12 months, and over 80 percent believed that a major breach damaging critical infrastructure is looming on the horizon.
What Are Hackers After?
When cybercriminals target a retailer, it is easy to determine what they hope to recover—data that they can sell to other criminals. Typically, hackers are looking for credit card numbers and personal data such as cardholders’ addresses and phone numbers. However, the reasons for hackers to attack energy and utility companies are less straightforward.
According to several analysts, cyberattacks on public utilities and energy companies have thus far been focused primarily on reconnaissance rather than data theft. Most believe that the hackers are checking to see what systems they can breach, the type of information they could access, and where the vulnerabilities are; they can then store away the knowledge for an attack at a later date. However, at least one unnamed pipeline company in the United States had proprietary information stolen, and Telvent Canada suffered a malware attack that enabled hackers to steal proprietary information of a product developed by the company to allow new smart grid systems to work with older SCADA control systems.
Furthermore, in December 2015, the first documented cyberattack to disable a power grid occurred in Ukraine. Although there has been widespread speculation that Russia was behind the attack, it may never be possible to prove who the actors were beyond a reasonable doubt. What is known is that the attack had been planned over several months and began with reconnaissance to learn about the networks and steal operator credentials. When the attack came, it was in the form of a synchronized, well-choreographed assault that took down three power distribution systems and almost 60 substations, leaving more than 230,000 people without electricity.
How Secure Are the Power Grids in the United States?
Cybersecurity at energy and utility companies in the United States is a study in contradictions. Utility companies are heavily regulated, requiring them to take various security measures for regulatory compliance. The utility industry is regarded as having a higher level of cybersecurity sophistication than most other industries.