The cybersecurity of critical infrastructure such as the electric grid, has become imperative for the safety and security of the production, distribution, transmission, and storage of energy. Let us take a look at the latest attacks suffered by the energy sector.
- Last week, K-Electric, a Pakistan-based electricity provider, was hit by a Netwalker ransomware attack that disrupted its billing and online services.
- In May, Elexon, a British company that facilitates transactions on the country's electricity market, suffered a cyberattack that affected its internal systems.
What are the trends?
- Threat actors have moved on to targeting industrial control systems (ICS) and third-parties to infiltrate their primary targets.
- The energy sector is a lucrative target for APT groups since threat actors can gain access to power grids and compromise vital systems.
- Utilities are facing new attacks as a huge number of communication-enabled devices are connected to the grid. Grid-connected devices serve as an entry point for hackers.
- Hackers could also use IoT botnets to manipulate energy markets and cause electricity price fluctuations.
The DHS' CISA is working to build defenses against electromagnetic pulse attacks, in cooperation with the Science and Technology Directorate, and the Federal Emergency Management Agency (FEMA).
What do we do now?
- The foremost step would be to secure the grid to make it resilient against cyberattacks.
- With complex supply chains comes the threat of downstream attacks that can knock down entire organizations. Thus, it is essential to establish accountability and ownership to alleviate supply chain risks.
- Engagement with government agencies and industry peers helps in the development of effective industry standards, and promoting collaboration through innovative processes.
- On a tactical level, cyber vulnerabilities can be minimized by analyzing and the intricate asset environment that comprises ICS, IoT, mobile assets, and other systems.
The bottom line
Energy infrastructure is an indispensable part of the modern society. Successful attacks against the energy sector can impact a nation's economy, quality of life, and also lead to disastrous consequences. With that said, the energy sector needs to step up to the security challenges of the modern cyberspace by adopting a proactive, integrated approach to security operations.