In today’s increasingly interconnected world, reliance on digital technologies within the energy sector has grown exponentially. Power systems, such as the nuclear hydro and thermal power stations, transmission lines and distribution networks are the backbone of the functioning of modern society, and are now more vulnerable than ever to cyber threats. The convergence of operation and maintenance, communication and information technologies in power infrastructure has expanded the attack surface, presenting malicious actors with new opportunities to disrupt critical services, compromise sensitive data, and potentially cause widespread chaos.
As such, safeguarding power systems against cyber attacks has become a paramount concern for energy providers, government agencies, and cybersecurity professionals alike.
In our modern Indian power systems, SCADA (Supervisory Control And Data Acquisition) is a system of different hardware and software elements that together enable a plant or facility operator to supervise and control processes.
This was used from controlling power plants to controlling distribution transformers at the consumer premises via RMUs (ring main units). In the past, these SCADA associated works and the data centre associated contracts were given to hostile countries.
ENTSO-e, which represents 42 European transmission system operators in 35 countries, said on March 9, 2020 that it had “found evidence of a successful cyber intrusion into its office network”, and was introducing contingency plans to avoid further attacks.
According to French think-tank Institut Français des relations internationals (IFRI), the power sector has become a prime target for cyber criminals in the last decade, with cyber attacks surging by 380% between 2014 and 2015. Motives include geopolitics, sabotage and financial reasons. In September 2019, there was an attack on the Kudankulam plant .
The plant’s administrative network was breached, but the attack did not cause any critical damage. In the modern world, lot of cyber attacks are happening, especially in major infrastructures like power networks, which will affect a country’s economy.
How does it happen
By sending phishing emails to employees, attackers gain their credentials and later use them to gain access to the plants. Malware mails having malicious software such as viruses or trojans might also be introduced into the power plant’s network through infected emails, compromised websites, or USB drives.
Once inside the powerplant network, malware can spread rapidly and takeover or disrupt operations, steal data, or provide unauthorised remote access to attackers. Attackers may exploit the vulnerabilities in software systems used by the power plant, including operation and maintenance systems, distributed control systems (DCS), supervisory control and data acquisition (SCADA) systems, and other control software. These vulnerabilities could allow attackers to gain unauthorised access, or disrupt operations.
In a MitM (man-in-the-middle) attack, an attacker intercepts communication between two parties and modifies or manipulates the data exchanged. This could involve injecting malicious code, altering commands, or capturing credentials exchanged over the network.
What has to be done
Enforcing strict access control measures, including strong authentication mechanisms, role-based access controls, and regular access reviews will offer protection from attackers. Establishing robust patch management processes will ensure that software and firmware vulnerabilities are promptly identified and remediated to reduce the risk of exploitation by cyber attackers. Providing comprehensive cybersecurity training and awareness programs for all personnel, including operators, engineers, and administrative staff, will help them recognise and respond to potential security threats effectively. Vendor / contractor security is of hight importance. In the past, several vital contracts were given to even hostile countries. Though it is no longer done, the old installations must be rechecked.
Ensuring that third-party vendors and suppliers adhere to robust cybersecurity standards and practices, particularly if they have access to critical systems or data, is also vital.
Conduct of regular security audits and penetration testing exercises will identify and address vulnerabilities proactively, and effectiveness of existing security controls should also be validated often.
As of now CERT-In (Indian Computer Emergency Response Team) is the national nodal agency for responding to cybersecurity incidents. The agency must be strengthened, and more specific concentrations and actions must be carried out in the power sector.
Footnote is a weekly column that discusses issues relating to Tamil Nadu
E Natarajan is state general secretary, Bharathiya Electricity Engineers Association
‘A PRIME TARGET’
According to French think-tank Institut Français des relations internationals (IFRI), the power sector has become a prime target for cyber criminals in the last decade, with cyber attacks surging by 380% between 2014 and 2015.
E Natarajan is state general secretary. Bharatiya Electricity Engineers Association.