Half of DSOs in the OSGP Alliance’s 2021 cybersecurity survey highlighted outages caused by cyber attacks as their top smart grid security concern.
Next, cited by over a quarter is tampering of data or systems, followed by the theft of customer information and exposure to ransom.
Energy infrastructure is a critical resource and denial of access to energy, even for a few hours, can have significant consequence, the OSGP Alliance notes in its survey report. It is not just about convenience but also about the health and safety and efficiency of businesses relying on the energy supply.
This, in addition to the reputational damage suffered by a DSO due to outages, is cause for concern.
Tampering of data or systems has multiple impacts. Tampering with operational and service quality information damages the efficiency in energy supply and can result in increased wastage, the survey report points out. If the billing information is subverted the DSO’s ability to bill is damaged, which can result in increased costs for all customers.
The survey report notes the surprisingly low exposure to ransom, as it is the typical outcome of an attack by organised crime and that there has been a significant up-surge in attacks motivated by financial gain through ransom demands.
Recent threat reports include the Netwalker ransomware attack on Pakistan’s largest power supplier K-Electric, which disrupted online billing services with a $3.85 million ransom demand and if not paid within seven days doubling to $7.7 million.
K-Electric refused to pay the ransom and although the company denied any data was stolen, the attackers subsequently released files that were alleged to come from it.
The recent Colonial Pipeline attack in the US which halted all pipeline operations for 48 hours and impacted almost half of the east coast’s fuel supply was ransomware-based. In this case Colonial Pipeline paid some $4.4 million in ransom but earlier in June it was announced that most of this sum had been recovered by the FBI and Department of Justice.
The case was the first operation of a newly formed Ransomware and Digital Extortion Task Force, which was established to investigate, disrupt and prosecute ransomware and digital extortion activity.
Cybersecurity research company Cybersecurity Ventures in its review of ransomware in 2020 estimates that such attacks were hitting businesses every 11 seconds and that the damage costs are expected to hit $20 billion during 2021.
By industry, utilities recorded the lowest number of ransomware attacks during 2020 at a level of about one quarter of those to manufacturing and governments. Similarly in 2021 utilities along with the finance sector have received the lowest number of ransomware attacks to date.
However, there is no room for complacency. In addition to the up-surge in the first months of the year another trend of 2021 is a shift away from the US to attacks in other countries.
Join the conversation on the future of data
Visit Enlit Europe 365 for webinars, podcasts, interviews, marketplace, projects. And more…