More than 24 vulnerabilities identified in critical infrastructure
SUBNET Solutions Inc | Tuesday, October 22, 2013
Research is showing that the electric grid could be more susceptible to cyberattack than many might think.
Cybersecurity experts are focusing their efforts on the country's electricity network due to its important role in the American economy. In order to provide more efficiency and reliable electricity service to its customers, many utilities have invested in smart grid technology to improve their servers and automated electric substations. However, without proper cybersecurity measures, these upgrades could be rendered useless.
According to Wired Magazine, two industry professionals have identified more than 24 vulnerabilities to critical infrastructure systems that hackers could use to dismantle or take control of entire electricity grids.
Among the attacks that researchers Chris Sistrunk and Adam Crain were able to instigate was sending the master server of an electronic substation into an infinite loop, thereby preventing utility operators from being able to control its technologies.
These breaches occur in a couple of different ways. One is through physical access to the substation. Because there is relatively little security on these premises, an attacker can easily take advantage of these vulnerabilities through these means. Hackers can also gain access through the wireless communication network that many smart grid devices make use of.
"If someone tries to breach the control center through the internet, they have to bypass layers of firewalls," Crain told the news source. "But someone could go out to a remote substation that has very little physical security and get on the network and take out hundreds of substations potentially."
A growing problem
These issues are increasingly concerning for many utility executives, especially as news of critical infrastructure breaches has been making headlines recently. For example, in 2010, the Stuxnet malware program dismantled Iranian nuclear facilities without any form of physical attack. These instances reveal just how potent a cyberintrusion can be.
However, they do not need to be nearly this invasive to generate damage. GlobalSecurity.org examined a number of different studies on the state of cybersecurity amongst utilities, one of which came from McAfee. This report found that of the 200 industry executives that were surveyed, 80 percent faced large-scale denial-of-service attacks, while another 85 percent saw their networks infiltrated.
Around 66 percent identified malware in their networks that was designed to infiltrate their system and with the growing frequency of these attacks, utilities need to be able to employ effective solutions to protect their infrastructures.
SUBNET employs software solutions for companies that can secure field substation automation equipment such as intelligent electronic devices. This way, companies can continue to use their smart grid technology while defending against attacks.
Substation Cyber Security