Lately, we’ve seen important announcements in the news focused on shoring up our power grid against cyber threats. This is no surprise, as criminal ransomware and other targeted attack groups pummel critical infrastructure around the world, especially in the energy industry. In late August, the US Department of Energy announced $45 million in R&D investment specifically for new tools and technology that will keep electrons moving across the grid. The department plans to choose 15 projects worthy of funding, projects that show potential to reduce cyber risk in the energy delivery infrastructure.
North of the US border, Canadians have their Bill C26 in the works which, while not yet law, aims to designate certain services as “critical cyber systems”, vital to national security and to public safety. The bill will impose strict obligations on any organisation that owns and operates these systems. Both transmission systems that cross provincial or national borders and nuclear generators are on this designated list. This is a fair number of systems, as Canada has 34 bulk power tie lines to the USA and 33 transmission grid connections between provinces. Canada also has six operating nuclear power plants, including Bruce Power, the largest nuclear plant in the world.
So far this year, we’ve seen an increase in attacks with physical consequences around the globe. Many of those have hit the power industry. Take for example four European wind farms, Tobi Windenergie, Enercon, Nordex and Deutsche Windtechnik, whose operations were affected by ransomware. While still able to produce power, the network connections to individual turbines were disabled by the attack or deliberately turned off to prevent the spread of malware. This meant that entire wind farms were forced to run “blind”, without any centralized remote monitoring or control. Most recently in August, NATO allies Moldova, Montenegro, and Slovenia have been hit by sustained and extensive cyberattacks which have crippled government IT services, and in the case of Montenegro, forced their electrical utilities into manual operations.
So it’s no surprise that government agencies and politicians in North America and elsewhere are investing to ensure that their grids remain reliable and safe against cyberattack. Experts there have warned for some time that power grids are important strategic and economic targets.
But we don’t need to wait for governments to impose regulations or announce funding for future technology to stay one step ahead of threat actors. For over a decade, secure power utilities have been using Unidirectional Security Gateways to eliminate the risk of targeted attacks. The gateways were designed from the beginning to defeat the kind of remote control attacks that government authorities used to call out as “advanced persistent threat” actors in 2006-7. Today, the gateways defeat all remote control attacks, from targeted ransomware, to hacktivists, and even remote nation-state attacks.
Waterfall Security Solutions products and technologies protect power grids all over the world. To learn more about how your organization can be better protected from the widest range of modern attacks, please feel free to contact one of our experts today.
To learn more download the ebook
