By Scott Taylor, VP at Corero Network Security
The Internet of Things represents a new reality for the energy sector, improving how we manage our power distribution and consumption, and enabling a more flexible and efficient energy grid. This has introduced a range of benefits, including a greater flexibility to accommodate new energy sources, better management of assets as well as greater reliability of services. But as operating systems have become increasingly connected to the Internet, it has also increased the potential for damaging cyber attacks such as Distributed Denial of Service (DDoS).
Modern DDoS attacks represent a serious security and availability challenge for infrastructure operators because even a short amount of downtime or latency can significantly impact the delivery of essential services. As a result, protecting our critical infrastructure from cyber attacks has become a top priority for governments around the world.
A sustained failure of the electricity grid could cause potentially devastating consequences. From transport, to health services, to food security, virtually every element of critical infrastructure is dependent on the grid. Yet according to a recent international Accenture report , almost two-thirds (63 per cent) of utility executives believe their country faces at least a moderate risk of electricity supply interruption from a cyberattack on electricity distribution grids in the next five years. And in July, leaked reports from the UK’s National Cyber Security Centre suggested that hackers may have already compromised Britain’s energy grid as part of a concerted series of attacks on the country’s energy sector.
The cyber threat for energy systems is becoming more apparent because of the trend away from well-protected, centralised power stations and towards decentralised power, such as lots of smaller, flexible gas power plants and a growing trend for the use of solar panels on homes. In August, Dutch researchers found that hackers could potentially target the electricity grid by exploiting vulnerabilities in solar panel equipment. These tests showed that it might be possible for an attacker to remotely control solar panel inverters – which convert electricity produced by the panels so that it can be used on the grid – and interrupt the flow of power on the grid.
Another serious concern is the growing number of web-connected devices being used in energy technology. Distribution utilities are increasingly exposed by the growth of Internet of Things (IoT) domestic devices, such as connected home hubs and smart appliances. Smart meters are due to be installed in every home by the end of 2020, in order to automate meter readings. As these systems become increasingly connected to the Internet, it also increases the potential attack surface for damaging cyber attacks such as Distributed Denial of Service (DDoS).
Of course, energy isn’t the only sector experiencing an increased threat of cyber attacks. Across all parts of national critical infrastructure, we are seeing a greater number of sophisticated and damaging cyber threats which are often believed to be the work of foreign governments seeking to cause political upheaval or a tactical advantage in the growing theatre of cyberwar. DDoS attacks against the transport network in Sweden recently caused train delays and disrupted travel services, while the WannaCry ransomware attacks in May demonstrated the capacity for cyber attacks to impact people’s access to essential services.
In this light, the UK government’s plans to issue fines of up to £17 million to providers of infrastructure services that fail to protect against cyber attacks on their networks is an important step. To investigate the risks involved, we carried out a Freedom of Information study earlier this year which found that over a third (39 per cent) of UK critical infrastructure operators have not completed basic cyber security standards issued by the UK government. Alarmingly, the requests also found that 51 per cent of critical infrastructure organisations are potentially vulnerable to stealth DDoS attacks – those of short duration and low volume – due to failures to deploy technology which can detect or mitigate such attacks.
Many people mistakenly associate DDoS attacks with the simple, volumetric tactic that gave the technique its name. But DDoS threats are constantly evolving, and many hackers now use them as a pre-cursor to launching a more sophisticated attack. The vast majority of DDoS attempts against our customers are less than 10 Gbps in volume, and less than 10 minutes in duration. Due to their small size, these stealth DDoS attacks usually go undetected by IT security staff, but are just disruptive enough to knock a firewall or intrusion prevention system (IPS) offline, so that hackers can target, map and infiltrate a network to install malware or engage in data exfiltration activity. Given that most companies now take more than 191 days to detect a data breach on their networks, this can give attackers a significant head-start on security teams when they plan to launch more serious attacks.
The risks are real and the threats are increasing each day. But fortunately the energy sector is well placed to improve its cyber defences. Due to the health and safety considerations within energy systems, most people in the industry are well-versed in terms of risk management, and the term ‘situational awareness’ is commonly accepted and understood. It’s a relatively short cultural leap to expand this consciousness to include ‘cyber situational awareness’ and to take the necessary steps to protect energy networks from potential attacks.
To keep up with the growing sophistication and organization of well-equipped and well-funded threat actors, it’s essential that organisations maintain a comprehensive visibility across their networks to spot and resolve any potential incursions as they arise. Within energy organisations, the responsibility for mitigating DDoS attacks has often fallen to networks teams, rather than IT teams. But due to the trend for DDoS attacks to be launched in combination with other sophisticated attack methods, like ransomware or APTs, it’s vital that the utility network and IT teams work together to stay ahead of any potential threats. A strong security posture involves having a single pane of glass over the problem where different teams can work together by correlating the DDoS activity with any other threats they are seeing.
It is only by deploying an in-line DDoS mitigation system that is always-on, and can detect and mitigate all DDoS attacks as they occur, that security teams can protect themselves from hackers fully understanding all possible vulnerabilities in their networks.