When your power goes out, you recognize just how many things you use every day rely on energy. From phones to WiFi to air conditioning and heat, our homes and offices almost entirely rest on this silo of critical infrastructure.
While we may not think of the energy sector as being a significant cyber vulnerability (we don’t read about a lot of breaches on this sector in the news media), it is not only of intrinsic importance to a functioning society but all other sectors that make up the nation’s critical infrastructure rely on electricity. According to the Council on Foreign Relations, the U.S power system has evolved into a highly complex enterprise with:
- 3,300 utilities that work together
- 200,000 miles of high-voltage transmission lines
- 55,000 substations
- 5 million miles of lines that bring power to millions of homes and businesses
There are not many documented cases of a successful power grid attack, but the first known instance occurred on December 23, 2015 in Ukraine. Hackers were able to compromise information systems of three energy distribution companies in Ukraine and temporarily disrupt electric supply to the end customers. A year later, Russian hackers targeted a transmission level substation, blacking out part of Kiev.
Although there may not be many examples of historical energy facility hacks, these kinds of attacks are no longer a theoretical concern. In 2014, Admiral Michael Rogers, director of the National Security Agency, testified before Congress that China and other countries likely had the capability to shut down the U.S. power grid. An adversary with the capability to exploit vulnerabilities within the electric utility silo may be motivated to carry out such an attack under a variety of circumstances, and it seems increasingly likely that the next war will be cyber.
Cyber Security Readiness for Electricity and Energy
So what can we do to prepare ourselves? Understanding that cyber security is the responsibility of everyone, not just CISOs or those in IT, helps ensure that everyone is participating in strengthening an organization’s cyber readiness.
Utilizing AI, persistent learning, and gamified training to upskill your team will ensure that you are prepared for any looming threat.
Electricity is of incredible importance to the country and the world, the remainder of our infrastructure would crumble without it. Building a culture of awareness and education around cyber security will help protect us from a domino effect of failing infrastructure. Continuously improving security posture is vital to defending ourselves against attacks that threaten our critical infrastructure.