Electrical power grids prime targets for cyber attack, says McAfee

Legacy electrical power grids are a prime target for cyber attack and security needs to be built into these critical systems, a study has found

Legacy smart electrical power grids are a prime target for cyber attack and security needs to be built into these critical systems, a study has found.

The most prevalent cyber threat reported by the global energy sector is extortion, according to a report detailing the views of industry leaders on energy security compiled by security firm McAfee.

Typically, criminals gain access to a utility’s computer systems, demonstrate they are capable of doing damage and demand a ransom.

Additional threats include espionage and sabotage with the goal of financial gain, data theft and shutting down facilities, the report said.

The concern is that a cyber criminal could debilitate a major city by a single targeted attack on the energy grid and compromise anything from the lights and appliances in homes, to heart monitors in hospitals, to air defence systems.

The McAfee report blames the vulnerability on "well-intentioned efforts" to modernise energy distribution and make it safer, cleaner, more efficient, less costly, and open to more alternative forms of production.

This has resulted in high levels of automation and a proliferation of increasingly interconnected software and devices directing the flow of energy.

Automating systems in an electronic internet-connected environment gave energy grid operators real-time info and allowed administrators to telecommute and field workers to re-programme systems from remote locations, but it also opened all their systems to the outside world.

The trend of building systems using off-the-shelf software rather than proprietary code is making them increasingly generic and consequently more vulnerable, the report said, making them prime targets for attackers seeking to gain control of, or disrupt the delivery of energy.

Another common problem in the energy sector is outdated systems. According to the report, an estimated 70% of the existing energy grid is more than 30 years old, but in the effort to update it and integrate it with more modern installations, aging systems have been connected to the internet without the benefit of encryption.

Security has largely been an afterthought, said the report.  

“Security needs to be built into grid components at the planning and design phase,” said Tom Moore, vice-president of Embedded Security at McAfee.

“Because the grid relies heavily on embedded systems it makes them ripe targets for intruders. Thus it is imperative to integrate security solutions natively in these devices," he said.

Moore said McAfee is working with partners in industry and government to make progress on the technical front to mitigate the threats to critical systems.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Let us not forget the effect of physical sabotage on the vulnerable areas of the grid. The damage of the attack on Pearl Harbor was caused by bombs. Many of the highly sensitive parts of the grid are "protected" by small yellow no trespassing signs. "Security" is often assigned to the local police departments who will only be able to arrive after the fact and put up yellow crime scene tape...

Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close