As utilities turn to sources of renewable energy and add millions of other components like smart meters, they’re rapidly multiplying the number of connections and sensors along their networks, widening the potential for intrusions.
“Power grids are getting increasingly vulnerable because of digitalisation and the use of more smart applications,” said Daine Loh, a Singapore-based power and renewables analyst at Fitch Solutions.
It’s a threat highlighted in an initial probe in India that found an October blackout in Mumbai may have been caused by cyber sabotage. That outage impacted stock markets, trains and thousands of households in the nation’s financial hub. The disruptive potential of grid failures — as seen in Texas last month due to a sudden deep freeze — makes the sector a key target, particularly for state-based hostile actors.
Over the past four decades, power plants and substations have been moving from manual to automatic controls, and are increasingly being connected to public and private networks for remote access, leaving them exposed to attacks. Producers and distributors have also often been reluctant to spend on protecting themselves against low-probability attacks.
“India’s power system is in urgent need of proper cybersecurity systems,” said Reji Kumar Pillai, president of India Smart Grid Forum, a think-tank backed by the India’s power ministry and which advises governments, regulators and utilities. “Both the state and the central governments need to treat this with utmost urgency, without waiting for a disaster to happen.”
There’s been a sharp rise over the past two years in cyber attacks targeting critical infrastructure, including grids, and it’s also becoming easier for hackers to gain access to key equipment, according to Darktrace, a UK-headquartered security provider.
“There is now a path for attackers to run from spoof emails in an employee’s inbox right through to critical gas compressors and turbines,” said Sanjay Aurora, Darktrace’s managing director, Asia-Pacific.
The US Department of Energy and its National Nuclear Security Administration said in December they were among targets in a suspected Russia-backed hack. Nuclear Power Corp of India Ltd said in 2019 that malware infected a computer network used for administrative functions.
Attacks aren’t confined to power grids. Recorded Future, a privately held cybersecurity firm based near Boston that tracks malicious activity by nation-state actors, said it noticed activity by a China-linked group against an Indian maritime port this week.
“Essential state infrastructures like power grids and nuclear reactors have been and will continue to be a target of cyber attacks because modernisation allows internet connectivity, which makes them vulnerable,” said Kim Seungjoo, a professor at Korea University’s School of Cybersecurity. “It’s almost a natural instinct of hackers, especially the state-sponsored ones, to attack energy infrastructure because they can easily disrupt national security.”