Can we secure the cyber-physical domain?
Today’s modern societies rely on highly complex networks of critical infrastructure to provide supplies and services.
These include information technology, telecommunication, transport and healthcare – all fuelled by electricity.
Powered by digitalization
What makes these technologies increasingly efficient is their increased interoperability – powered by digitalization. And we are just at the early stage of this today. As outlined in my earlier article, Utility was yesterday. Tomorrow is Internet of Electricity, sophisticated machine learning processes and artificial intelligence will take control to optimize ecosystems on an entire system level, for the best possible outcome. Our interaction with these systems will become increasingly intuitive – or even just guided by our behaviour, without any need for direct input.
Vulnerability
These great levels of optimization and comfort come potentially with a high price: vulnerability. If one critical pillar of this highly-sophisticated system fails, this can lead to a chain reaction potentially impossible to control. One of the weakest links is electricity networks – from generation and transmission to distribution and loads. The electricity networks are – in the majority – overaged and consist of a whole zoo of technologies as potential entry points and hence provide an excellent surface for cyber attacks. The increase of new connected devices, such as smart meters installed in every home, electric vehicles and the Internet of Things (IoT), is expanding this attack surface dramatically. In an increasingly digitized world, where anything and everything relies on the availability of electricity, this poses a significant risk to society at large.
Large scale blackout
The German government has tasked the Office of Technology Assessment at the German Bundestag to assess the risk of the impact on modern societies of a large scale blackout. The summary is: Life becomes uncomfortable within very few hours, and life-threatening in less than a day. Beyond that point, society sequentially collapses - under dreadful conditions. If you are interested in a fictional vision of that matter, listen to Marc Elsberg’s audiobook Blackout – Tomorrow Will Be Too Late.
While the title of this book sounds like a Hollywood movie plot, unfortunately it’s a possible scenario. The potential impact is massive. Today’s electricity grids are designed towards the requirement of maintaining the balance between loads and generation. If multiple utility-scale generators are targeted and compromised, it could potentially break up the power system and lead to a complete blackout. Hence power plants are a prime potential target for cyber threats.
Sophisticated capabilities on information technology
To stay ahead of the invaders it becomes critically important that cyber security measures are not only focusing on the attack vectors on the information technology side, but that deep and detailed subject matter expertise on the operational technology is combined with sophisticated capabilities on information technology. To safeguard life, property and the environment in the cyber-physical domain requires industry experts that are on the forefront of digital and the latest cyber security threats, combined with a heritage of deep industry insights that cover the decades during which current technology was deployed. A real-life event supporting this statement is the 2017 attack on a power plant in Saudi Arabia: Hackers halt plant operations in watershed cyber attack.
Further readings:
The seven phases of a cyber attack
When hackers hack, fight back - with these six steps
Author:
Mathias Steck, Regional Manager, Digital Consulting & Smart Cities, Asia
DNV - Digital Solutions