Advertisement

Blog

The Smart Grid: Intelligent but vulnerable to a new kind of war

In light of recent events where North Korea or maybe some other high-tech entity is suspected of a Ransomware hacking assault worldwide, we need to be very concerned about our Smart Grid security. A major loss of power on a large section of our electric grid in the US could be devastating and cause major chaos and loss of lives. It happened in the Ukraine on December 24, 2015 and it can happen here too. My colleague and friend, Patrick LeFevre, from Powerbox sent me most of this information and it was extremely enlightening.

If this latest Ransomware group is savvy enough to steal NSA software tools, then we had better be worried and take preventive security measures in the Smart Grid and on the Internet (Closely linked to the Smart Grid) because the Internet of Things (IoT) is growing and we can’t afford a chaotic breach of that system.

The US government Office of Electricity Delivery & Energy Reliability is very concerned with improving cybersecurity.

On April 26, 2016, the Michigan Board of Water & Light (BWL) was attacked with Ransomware as well. It took months to completely restore the system to normal.

On September 16, 2016, the OVH in France was a victim. The very next month it was Dyn in the US and the month after that it was Deutshe Telekom.

A cybersecurity expert and Wired journalist, Kim Zetter, wrote an excellent book entitled Countdown to Zero Day which tells about the story of the virus that sabotaged Iran’s nuclear efforts. The virus was named Stuxnet which caused physical destruction of the nuclear facility.

The IEEE Spectrum has a really good examination of Stuxnet malware in The Real Story of Stuxnet

A study by the UN Institute for Disarmament Research1 indicated that “32 states included cyberwarfare in their military planning and organizations, while 36 states had civilian agencies charged with a domestic cybersecurity mission.”

The Sparks Project2 is developing innovative solutions and recommendations to ensure the cybersecurity and resilience of smart grids, such as the investigation of key smart grid technologies like the use of big data for security analytics in smart grids, and novel hardware-supported approaches for smart meter (gateway) authentication.

What other ideas might help in this effort? Please share your thoughts and start a good technical discussion here with our savvy audience.

References

1 United Nations Institute for Disarmament Research, The Cyber Index: International Security Trends and Realities

2 The Sparks Project

Also See

How smart is it to deploy smart meters on the smart grid?

Is your Smart Grid Secured?

1 comment on “The Smart Grid: Intelligent but vulnerable to a new kind of war

  1. Victor Lorenzo
    May 21, 2017

    Steve, this is a not so simple topic.

    When we turn our eyes off the EDA tool and look at what real life is, it is not too difficult to see the huge number of connections that float over the apparently unrelated web of events occurring all around the globe. But for that we need to be more critics with what we “see”. In too many cases, what we perceive as a “fact” is merely an ilusion that mass medias, as the executor part, are projecting over what in fact is the real iron courtain. Cyberwarfare is not an exception to this. It is difficult to imagine a couple guys hidden in a dark garage, wearing a black hat, and creating something like Stuxnet.

    For improving security what is obligatory is acting over the compromised system. It makes no sense to go blaming others for doing bad things of for being smarter and brighter.

    Here are some figures, approximate number of publicly known vulnerabilities of some products. Not all vulnerabilities allow the attacker to gain control of the system, part of them are limited to leaking potencially sensitive information or providing a means for generating denial of service attacks.

    Chrome: 1450, Firefox: 1437, Internet Explorer: 840,
    Linux Kernel: 1881, MAC OS X: 1821,
    IPhone OS: 1178, Android: 925,
    Windows server 2008: 846, Windows Server 2012: 467, Windows 2003 Server: 443,
    Windows Vista: 814, Windows XP: 726, Windows 7: 708,

    On APRIL 12/2017 Windows 10 already scored for 293 known vulnerabilities, it seems like many of them have existed for years (since Windows server 2008 and Windows 8 times).

     

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.