Smart Energy International Issue 4 2019


In July this year, researchers announced that spear-phishing emails had been sent to three US utilities with the intention of embedding malware into the utility computer systems. According to researchers the emails impersonated communication from the US National Council of Examiners for Engineering and Surveying, claiming that the victim company had failed an exam.

Eliciting panic is a common technique used in phishing emails and is used in fake bank withdrawal emails, tax demands, and student loan complaints. The belief, and the result, is that if a target is frightened, they may be more likely to follow a phishing email’s instructions without thinking things through.

The email contained an attachment which used macros to introduce malicious code into the organisation’s system.

Japanese companies have already been targeted by the same malware and it would appear that US firms are next on the horizon. Perhaps the most concerning part is that there is evidence in the macros that the work is state-sponsored.

“We believe this may be the work of a state-sponsored APT actor based on overlaps with historical campaigns and macros utilised,” the researchers said. “The utilisation of this distinct delivery methodology coupled with unique … malware highlights the continuing threats posed by sophisticated adversaries to utilities systems and critical infrastructure providers.”

Why is this story part of my editor’s note? Because it is something that utilities and other critical infrastructure organisations are increasingly going to be faced with. How many of our readers have been the victim of some sort of cybercrime? I have – multiple times – in fact, as I write this I have just come back from my bank after having reported unauthorised purchases on my credit card. And not for the first time either! I consider myself fairly careful when it comes to access to my credit cards and most of the time, don’t even carry them with me. But I do shop online and the reality is that cyber criminals are smarter and far more numerous than any of us realise.

This is a long-winded route to introducing our special report on cybersecurity [pg 50] in which we consider some of the challenges faced by utilities – both big and small – when it comes to this topic. Specifically, we ask: Why are utilities lagging behind when it comes to cybersecurity?

Something for everybody

We also hear from utilities within the US that are harnessing smart metering technology to provide better, more detailed services and information to their customers [pgs 34-39]; and consider the dual roles of gas within the utility sector – from both perspectives as a metered service [pg 21] and as a generation fuel source [pg 67]. The state of the water sector in the US is the basis of our article on page 46, along with insights from smartEn, a Europeanbased association which promotes the digitally enabled interaction of demand and supply as an integral part of an increasingly decentralised, decarbonised energy system [pg 64]. Finally, our cover story focuses on mitigating the impacts of natural disasters by leveraging grid modernisation and industrial IoT [pg 6].

I trust you will find something among the numerous articles in this edition to enlighten and educate – and that you will keep your credit card somewhere very, very safe! Until next time!