Core Energy Infrastructure needs Critical Cybersecurity Upgrades (and fast)

by Matt Klassen on June 29, 2016

Over the last year we’ve discussed at length the inherent dangers posed by cyber-criminals in our increasingly connected world, from postulating the problems that could be created when your connected car is hacked and catastrophes that could occur when hackers take control of a network connected airplane, to the potential headaches (and mess) that could come from attacks on your connected refrigerator, or worse yet, toilet.

But there exists a far greater threat to our increased digitized way of life than any other single point attack we can likely conceive of, the hacking of our core utilities infrastructure, more specifically, the vulnerability of the critical energy systems that we depend on to provide us with the very power that allows us to do, well, everything.

In an article regarding the cybersecurity of our electrical grid in the October issue of The Electricity Journal, Carol Hawk and Akhlesh Kaushiv write, “In today’s highly connected world, with an increasingly sophisticated cyber-threat, it is unrealistic to assume energy delivery systems are isolated or immune from compromise.” Simply put, the more connected our infrastructure becomes the more vulnerable it becomes, and that could result in a world-altering disaster.

For the last several years cybersecurity analysts have been warning of the threat posed to our utilities, as it’s not just fear-mongers and the paranoid now who can picture the results of hackers gaining control of our water or power infrastructure, and the widespread damage that it could potentially cause. In fact, it seems the U.S. government is finally taking notice, as the Department of Energy recently announced the investment of $34 million (yes, only $34 million) in two projects designed to improve cybersecurity technologies in an effort to create a more secure power grid going forward.

But the truly scary thing is the vulnerability of many of our key power generating sites, most notably nuclear power plants. In a recent, analysts argued that increasing digitization, combined with the deployment of off-the-shelf software (and with BYOD, likely hardware as well), mixed with a general level of executive ignorance has created the perfect storm for a serious cyber attack, one that many consider to be imminent.

The report also listed several disconcerting findings as well, most notable of which is that “conventional belief that all nuclear facilities are ‘air gapped’ (isolated from the public internet) is a myth. The commercial benefits of internet connectivity mean that a number of nuclear facilities now have VPN connections installed, which facility operators are sometimes unaware of.” Not only that, but with advanced strategies cyber-criminals are now able to reach so-call air-gapped systems without the need for immediate physical proximity.

The simple fact is that it’s hard for many of us to comprehend just how easy it is for hackers to gain access to network connected systems, as such technology offers a plethora of entry points. Sure you might be able to block one or two or even the majority, but there are always more. Add to that ignorance and apathy among employees of our critical energy systems regarding cybersecruity, and that means “that nuclear plant personnel may not realize the full extent of their cyber vulnerability and are thus inadequately prepared to deal with potential attacks.”

All that to say, while we run around worried about cyber attacks on networks and hacks to our favourite online services, perhaps we should be more worried about the cyber attacks to that could have truly devastating results, the ones that would target the very foundation of our entire digital existence.

Did you like this post ? publishes daily news, editorial, thoughts, and controversial opinion – you can subscribe by: RSS (click here), or email (click here).

Written by: Matt Klassen. Follow by: RSS, Twitter, Facebook, or YouTube.

Comments on this entry are closed.

Previous post:

Next post: