Putting critical systems online necessarily opens up new vectors for attack. Here’s what to watch out for when your grid goes smart.
Converting your power grid into a smart grid is pretty much a necessity in the coming years. It not only allows smarter balancing and letting users feed renewable energy back into the grid, but you gain access to massive data sets you can use to improve the grid and your business model even further. For this to work, however, you’re relying on open mobile communication to provide the requisite amount of interconnectedness. And sometimes that means malicious third parties connecting as well.
READ MORE: How can AddSecure help you establish a smart (and secure!) municipality?
Why would the grid get attacked?
A lot of businesses are worried about ransomware attacks, which means getting hijacked by malware that locks you out from your own devices. Typically, the attackers want a ransom in bitcoin, and will brick the devices if you don’t pay within the time limit. The first threat, then, is losing money, and a power company is naturally going to have a lot of it – something the hackers are probably keenly aware of.
What we’re seeing though, is that ransomware is not as lucrative as it’s commonly thought to be. This is partially because victims refuse to pay, but the money might also be a distraction from the real goal of causing havoc. The payments that do come in might just be funding further attacks, without even leading to a decryption key. This is of course quite devious, and could be both political or straight up destructive in nature. The quite heavily publicized Ukraine attack in 2015 is strongly suspected to be part of a Russian plot, so this falls under the political category.
That’s not to underestimate free agents though, who want to show off their hacking expertise – and the bigger target the better. There are already tons of malware scripts freely available online, so you don’t even need to be particularly knowledgeable.
READ MORE: The 5 biggest malware threats against your devices
Know your attack vectors
Luckily there are ways around the dangers of digital communication, and the most important one is to avoid open channels. Every device that sits unsecured is a possible way in – and that includes every smart meter currently being rolled out all across Europe. Closing off open ports and hiding your traffic behind Virtual Private Networks goes a long way, and it’s often just pure ignorance that keeps our smart devices so exposed. In the Netherlands, they simply deactivated the possibility of remotely shutting devices down – leaving the hackers unable to do so as well.
We can’t stress enough how important it is to involve security experts in your digitization projects. A combination of boundless technological optimism and the rush to hit the free market running means there’s a lot of unsecured technology out there. Securing it isn’t necessarily difficult – it just isn’t done, for one reason or another.