Cyber Security in Power GridJISHNU PRADEEP

The US Power Grid

An electrical grid is an interconnected network for delivering electricity from suppliers to consumers. The U.S. power transmission grid consists of about 300,000 km (186,411 mi) of lines operated by approximately 500 companies.American homes, industries, and businesses are deeply dependent on reliable electricity, so threats to the consistent delivery of electricity put modern life itself at risk.

Threats to the Power Grid

Protecting the nation’s electricity grid from attacks is a critical national security issue.

Cyber attacks on key energy infrastructure—and on the electricity system in particular—are increasing, both in frequency and sophistication. These trends are alarming because the potential consequences of a successful large-scale cyber attack.

Cyber attacks in Power Grids

Infecting industrial systems, such as power grids, with malware is so simple that there are 5-minute YouTube tutorials on how to do it. By overwhelming network links with traffic in a DDoS attack, Internet users or cyber-terrorists can and have removed the ability of utilities to communicate with their own electrical grids, effectively causing a blackout.

The estimated price for 24 hours of consistent DDoS attack is a mere $40, making such attacks available to pretty much anybody.

What makes this attacks worse? Difficult to spot, even when they are happening

Results in a ‘nightmare scenario’

Stores closed. Cell service fails. Broadband Internet is compromised. Hospitals are operating on generators, but rapidly running out of fuel. Water supply will be hit. Commerce would be brought to a standstill. Transport and Communication lines disrupted. Crimes will surge. The geopolitical fallout could be even worse.

RESULT: Complete Chaos!The scenario isn’t completely hypothetical.

Vulnerabilities

The power grid is controlled by more than just a panel of digital buttons.

Grid operation depends on control systems—called Supervisory Control And Data Acquisition (SCADA)—that monitor and control the physical infrastructure.

The U.S. electrical grid is decentralized network owned by numerous local operators.

Any smart meters connected to the internet can be easily exploited.

The U.S. power grid is full of seams that can be exploited by hackers.

Examples of Cyber Attacks on Energy Systems

Stuxnet (worm): It gained attention for the damage it caused at a nuclear facility in Iran.

Aurora: The planned cyber attack on a generator control system led to the destruction of the generator and a fire.

Slammer (SQL Server worm): The worm disabled a safety-monitoring system for several hours and led to a temporary failure of a nuclear power plant’s process computer.

Shamoon (virus): The national oil company of Saudi Arabia, Aramco, reported in 2012 that this was responsible for damaging about 30,000 computers in an effort to disrupt energy and oil production.

Attack on Ukrainian Power Grid

Took place on 23 December 2015 and is a considered to be the first known successful cyber attack on a power grid.

Hackers were able to successfully compromise information systems of three energy distribution companies in Ukraine and temporary disrupt electricity supply.

They took out 60 substations leaving 700,000 residents in the dark. This attack was relatively short-lived (7 hours) and benign. The next one might not be.

Steps involved:

Prior compromise of corporate networks using spear-fishing emails with BlackEnergy malware.

Seizing SCADA under control, remotely switching substations off. Disabling IT infrastructure components(UPS, Modem). Destruction of files stored on servers and workstations with the KillDisk

malware. Denial-of-service attack on call-center to deny consumers up-to-date

information on the blackout.

BlackEnergy3 and KillDisk Malwares

What is it? BlackEnergy is a Trojan malware designed to launch DDoS attacks, download custom spam, and banking information-stealer plugins.

Function: BlackEnergy malware was known to have been used to deliver KillDisk, a feature that could render systems unusable and could obliterate critical components on an infected system.

Who is responsible? The Ukraine attack has been attributed to Sandworm, a Russian cyber espionage group known to have been harassing Ukrainian officials.