By Dave Cullen
Electric grids are key critical infrastructure components. To protect them against continually evolving threats, generators, transmitters, and distributors cannot afford to be asleep at the wheel. Texans remember how the State’s 2021 winter electric outage was much more than an inconvenience as it impacted health, safety, the economy, and industrial supply chains. They also remember how the May 2021 Colonial pipeline ransomware attack affected communities, businesses, and supply chains.
This is why power plant operators must be vigilant by proactively reducing OT security risks to electrical grids; otherwise, reactive responses to attacks will be too late. This means safeguarding industrial control systems (ICS) which are the key technology components in industrial power plants, and industrial OT, IT, and IIoT systems that nation-states and cyber criminals consistently target.
Not only consumers and businesses are impacted by cyber attacks against critical infrastructure. Emergency responders, health and transportation systems, schools, as well as a host of government agencies are significantly affected by electric grid outages. A RAND Corporation report cautioned that “most of the electricity consumed by military installations in the continental United States comes from the commercial grid which is largely outside of DoD control, and increasingly vulnerable to both natural hazards and deliberate attacks, including cyberattacks”
All critical infrastructure organizations can be harmed by electrical grid outages. This includes water treatment plants, nuclear, natural gas, hydro, solar, and wind power operators. Their converged OT-IT-IIoT networks face a ‘perfect cyber storm’ that demands they remain proactive and vigilant 24/7 to help thwart and reduce their risk of digital attacks.
Now more than ever, particularly with Russia’s war against Ukraine, safeguarding electric power plants, transmission, and distribution systems is a top priority. On May 9, 2022, the U.S., Canada, UK, Australia, and New Zealand (a/k/a the ‘Five Eyes Alliance) announced their concern in a joint Cybersecurity Advisory about global threats to critical infrastructure and the electrical grid. “The intent of th[e] joint CSA is to warn organizations that Russia’s invasion of Ukraine could expose organizations both within, and beyond the region to increased malicious cyber activity,” their statement said.
The Five Eyes Alliance cautioned that intelligence indicated “the Russian government is exploring options for potential cyberattacks” against critical infrastructure operators. They alleged that although financially motivated, private “Russian-aligned cyber criminal groups” publicly pledged their support for Russia, and that this ”may include targeting government and critical infrastructure organizations.”
Power plants on the electrical grid are frequent ransomware targets. It is no longer a question of ‘if’ attempts to hack into and take control of power plants will happen, but rather ‘when.’
The growing list of U.S. sanctions against Russia greatly complicates ransomware attacks and payment demands. Even if critical infrastructure companies decided to pay ransomware either to nation-states or financially-motivated criminal groups acting on their behalf, doing so now will likely result in governmental legal action and penalties against the victims themselves.
Industry groups and government agencies hold organized digital attack simulations. Every two years, the North American Electric Reliability Corp. (NERC) conducts simulated cyber attack drills, and the Pentagon’s DARPA research unit has simulated electric grid attacks five times over a recent three-year period. By themselves, however, such exercises are not an effective cyber defense.
That is why power plants and companies supporting the electrical grid cannot rely on government agencies and industry groups for ongoing protection against cyber threats. They require continuous 24/7 risk assessment, monitoring, and management to proactively minimize and mitigate their OT security risks.
OTORIO’s RAM2 does just that. As a non-intrusive Breach and Attack Simulation engine, the OT security platform enables critical infrastructure organizations to quickly understand their security posture and proactively address vulnerabilities and exposures before they become breaches.