Cyber attacks on utilities expected to soar


Mustaque Ahamad,
Director, GTISC
Atlanta, GA, U.S.A. — (METERING.COM) — October 11, 2010 – Cyber attacks on physical systems such as electricity grids are likely to increase in number and sophistication over the coming year, according to a new report from Georgia Tech Information Security Center.

The report, Emerging Cyber Threats Report for 2011, says the growing sophistication of botnets, pervasive devices and social networking, and threats to physical systems will demand increased vigilance in 2011.

When it comes to botnets, targeted attacks are on the rise, including attacks launched on the U.S. Federal government, the report says. Botnets are collections of software agents that run automatically to compromise large numbers of machines for malicious activity including spreading spam, stealing log-in credentials and personal information or distributing malware to others. Trends include the release of large-scale botnet attacks to hide more targeted malware, and the compromise of legitimate sites or the use of information stolen from them.

Moreover, the first six months of 2010 was the most active half-year ever for total malware production, and security researchers are now uncovering close to 100,000 new malware samples a day.

The report continues that once botnets and other types of malware wreak havoc on computers, there is a rising concern that the damage done could also cause the destruction and malfunction of physical systems in areas including critical infrastructure and even information technologies deployed in the healthcare sector. While there are differing opinions in terms of how real this threat to physical systems is, according to Mustaque Ahamad of GTISC, “It is known that there are vulnerabilities that would allow cyber criminals to reach into physical systems, and we are aware of the sophistication of today’s attackers, so to think that physical systems are not at risk is really having your head in the sand.”

The report highlights smart grid security and privacy issues and quoting Stephen Chasko, principal security architect at Landis+Gyr, says there is an active community out there that Landis+Gyr and others have seen trying to attack power systems.

One main threat to the electric grid is cyber terrorism, includ¬ing the disconnection of power for a large population and the disabling of devices, requiring a physical visit to every device to reconnect power. There is also an economic threat in the form of power theft when it comes to utilities’ increasing connection to the internet. As with botnets, power theft criminals will deliberately fly under the radar, making comprehensive security extremely important for combating this threat.

Further, while the electric grid has been a main focus for both attackers and the utilities industry, there is also a concern that other areas of critical infrastructure including gas and water systems can be compromised as they too leverage advancements such as smart meters and advanced metering infrastructure (AMI).

In addition to compromise from externally launched malware, a major concern for the utilities industry is the insider threat, whereby employees utilize cyber tactics to defraud utilities or perhaps, disgruntled, cause power outages. Another interesting concern is the new intersection between utilities networks and home area networks as a result of smart metering, as criminals could leverage the utilities network to break into home networks or vice versa.
To combat these various attack vectors, utilities must focus on end-to-end security from plant generation to the point of consumption, the report says, quoting Landis+Gyr CTO Heath Thompson. Basic internal security governance around the use of these systems is also critical. The ability to assess the maturity of existing assets will be a key focus area for the future. Having mechanisms to assess the security maturity of already-deployed technologies is the next area of uncharted waters for utilities and vendors, according to Thompson and Chasko.