Cybersecurity refers to a series of strategies, technologies and solutions used to defend computers, software, data, information systems and networks against threats such as viruses, malware, spyware and unauthorised access. Cybersecurity forms the backbone for productivity and innovation in today’s society.
Critical energy infrastructure security is of great concern. These interdependent sectors range from fuel delivery to electricity production.
1. Cyberattacks
Critical infrastructure industries historically paid little attention to cyber security; until the Stuxnet attack on Iran’s nuclear centrifuges in 2010, the risk of an attack was considered either nonexistent or negligibly low.
Since that incident, however, the threat landscape has changed drastically. Attacks have become an increasing source of worry among energy industry officials; 56% of utilities reported at least one cyberattack resulting in data loss or operational shutdown over the last year.
Attackers have become more sophisticated over time, targeting both operational technology and IT systems rather than simply data. Furthermore, as power grids expand to accommodate renewable sources of energy and electric vehicles, more potential attack points will emerge as attack surfaces expand.
Administrators of critical infrastructure assets must carefully weigh the threat posed by attacks against their need to remain operational at all times, in order to minimize attacks against these critical assets. Market pressure may induce owners to shift responsibility for improved protection onto society as a whole.
2. Natural Disasters
Natural disasters that strike power plants or manufacturing facilities can severely disrupt business and cause loss of lives and property, but a cyberattack against critical infrastructure like utilities, chemical manufacturers or hospitals could compound those losses exponentially.
Hackers have increasingly targeted industrial control systems (ICS), the physical devices that support operational technology in critical infrastructure and manufacturing facilities. According to Edry, such an attack would disrupt entire industries.
As with the power grid, an issue in one area could cascade across it all and lead to outages lasting weeks or months, prompting governments to increase backup power plants for power plants, strengthen security of certain types of transformers and improve disaster response training programs as a priority. Other potential policies approaches may involve stockpiling essential materials, improving communications channels or teaming up with experts in disaster preparedness training – all essential strategies when confronting such complex issues as these.
3. Terrorist Attacks
Cyberattacks on energy systems pose particular threats, with attackers potentially targeting transmission lines, substations that lower transmission voltage for distribution to consumers, or over 5.5 million miles of power lines as potential targets. A successful attack would cause power outages lasting days or weeks and may hinder national security interests and economic growth.
Terrorists are unlikely to undertake such an ambitious project, however. They lack the organizational intelligence, coordination and manpower required for such an assault on critical infrastructure. Attackers would likely gain initial access to utility business networks via spearphishing attacks before working their way up through those systems to reach control systems targeted – an endeavor which may take months or years to accomplish successfully. Raising and enforcing cybersecurity standards such as those set forth by North American Electric Reliability Council could help deter terrorist attacks by encouraging utilities to invest in defenses against attacks by encouraging investment from utilities on defense investments from other utilities.
4. Cybercrime
Cyberattacks pose a grave threat to critical infrastructure. According to the World Economic Forum, attacks are increasing both in frequency and sophistication, often targeting operational technology like SCADA systems used to manage power grids or utilities such as water treatment plants – disrupting these could affect millions of people at once if taken down due to cyberattack.
Power grids have become more reliant on Internet connectivity for monitoring and control, leaving them susceptible to cyberattacks that may disrupt other sectors as well. If even one power grid is compromised, this could trigger other infrastructure to go offline as a result of domino effects.
The federal government has an interest in safeguarding its power grid from cyberattacks. Private sector businesses that own and operate energy infrastructure also have a duty to employ best practices and allocate sufficient resources in order to secure it against attacks – this may involve performing tabletop security exercises, creating incident response and recovery plans, mandating patch management programs or developing and enforcing cybersecurity standards.
