World Review | Electricity supplies are highly vulnerable to cyber attacks

World Review | Analysis and insights from experts on global affairs - covering issues in economics, politics, defence and security, and energy.

Analysis and insights from experts on world affairs - reliable and unbiased

  • Log in
    Log in with Xing
    OR LOG IN using our form
    Not a member?
    Register Here
  • Register
    Register with World Review to create your personal profile, where you can receive recommended content, follow our experts and collect your favourite reports.
    • English
    • Deutsch
Latest Updates

Electricity supplies are highly vulnerable to cyber attacks

Electricity supplies are highly vulnerable to cyber attacks
Cyber attackers are extorting millions from energy companies (photo:dpa)

ENERGY companies are becoming more security conscious over cyber attacks. But the defence capabilities of the industry have not kept pace with the sophistication of embedded cyber technologies nor of the capabilities of sophisticated cyber attackers.

There is also a gap between the level of cyber security expertise of those who operate traditional electricity grids and those who run secure modern cyber grids.

Disruption of energy supplies, manipulations and theft of data and technical failures of the electricity grid can have serious and potentially catastrophic impacts on businesses, organisations and private households.

Dependence on computer systems increases vulnerability to attack. Risks are increasing with the development of cloud, virtualisation and mobile computing.

Individuals, organisations and business circles have been slow to recognise the risks.

Back-up systems for working locally after an attack are rare, non-existent or ineffective in response to a disaster.

All public and private services, including public finance, town halls, hospitals, public transport and others, could potentially be disrupted or shut down.

Energy networks are also becoming more connected with big data businesses to drive decision-making, to cut support costs and to help companies keep customers.

Extortion has become a more prevalent cyber threat than espionage and sabotage to the global energy sector as criminals gain access to the systems of utility companies and demand ransoms to avoid causing damage.

The amount of ransom has climbed to hundreds of millions of dollars. Extortion attempts account for 80 per cent of all cyber attacks in Mexico and 60 per cent in India.

Increasingly automated energy systems and electricity grids could become an invitation to disaster. SCADA (Supervisory Control and Data Acquisition) networks are considered the most important, but also the most unprotected networks of all.

Energy control centres are particularly sensitive and reliant on SCADA systems for monitoring and controlling energy supplies, utilities and transportation, logistical, manufacturing and pharmaceutical operations.

SCADA systems route millions of parcels and people a day in logistics and transportation. In other industrial sectors they operate behind the scenes, mediating access to buildings, controlling heating and ventilation, elevators, data centre cooling or industrial manufacturing processes.

In most organisations, process control engineers manage the daily process control networks, while the IT department runs the other networks. Both groups have separate mandates and priorities.

Experts have warned that the failure of most cyber security efforts to date has been caused by treating cyber security as a purely IT task and applying traditional cyber security counter-measures, such as firewalls and anti-virus software.

If SCADA networks are to be protected, a broad range of comprehensive management and embedded protection solutions in new security models will need to address the specific challenges of industrial control systems.

Other major cyber risks are the introduction of a wide range of new smart grid and smart meter technologies.

The EU says in its Third Energy Package, adopted in 2009, that by 2020 around 80 per cent of European consumers should have a smart meter to manage electric grids.

They improve energy efficiency and conservation, reduce energy consumption, integrate new appliances, such as electric cars, and adjust demand-to-supply patterns by a continuing two-way flow of data in real-time between smart meters at home and the industry and energy providers.

Advanced smart metering infrastructure and a meter data management system are the basic components of the smart grid power system.

Deploying more robust cyber security to protect physical operations and the data associated with its operations, based on a complete security reassessment, is one of the most challenging aspects of deploying smart grid and smart metering technologies.

The entire electricity and energy infrastructure is highly vulnerable because the first generation of smart grid and smart meters were designed without security in mind.

The industry could be ‘overwhelmed by a large attack’, a US study has warned.

The vulnerability of the entire electricity system is also the result of outdated systems, lack of automation and the proliferation of interconnected embedded systems.

Around 70 per cent of the existing worldwide energy grid - including in the US and Europe - is more than 30 years old.

The massive introduction of smart grid and smart meters in Europe in the coming years will impact every part of an organisation. Industrialised countries have become extremely vulnerable with their increasing reliance on stable electricity supplies.

Dr Frank Umbach

Dr Frank Umbach is a Senior Associate and Head of the Programme 'International Energy Security' at the Centre for European Security Strategies (CESS) GmbH, Munich-Berlin and Associate Direct ...

close Item successfully added to list Add Description
Add a new playlist
If you choose to set your list as "public", it will be featured in the website's right sidebar for a while, allowing other community members to access it. Setting it as "private" would keep it for your own reference. In both cases, your lists are always accessible via the "My World Review" page.