Why are power plants the new targets of cyber attacks?

Hacking incidents rose from 1,179 to 7,391.

When electric utilies in Ukraine were hacked in December 2015, the industry was shaken. Two large power distribution companies were the targets of the cyber attack and the power of more than 80,000 people were cut. Even operation workstations were sabotaged by the hackers, making it harder to restore electricity to customers. It took hours to recuperate the grid, and workers even travelled to substations to manually close breakers the hackers had remotely opened.

"The energy industry has become one of the most highly targeted industries when it comes to cyber attacks," says Dieter Klein, managing director of KEYMILE Asia.

According to Aon’s Global State of Information Security Survey, the number of cyber incidents reported globally in power & utilities industries increased from 1,179 in 2013 to 7,391 in 2014. A recent survey of 625 IT executives in the U.S., U.K., France, and Germany also revealed that 48 percent think it is likely that there will be a cyber attack on critical infrastructure in the next three years. "These alarming statistics highlight the urgent need to ensure our utility operations are well secured," Klein adds.

The sector has become a vulnerable victim despite energy suppliers and utilities being well-protected against cyber attacks. This is because of one simple reason: cyber attacks could cause large damages. The consequences of cyber attacks in the power sector range from the disruption of public and industrial power provision to business disruptions, information loss, revenue loss or damage to assets.

"Sophisticated attackers have the skills to manipulate equipment, destroy important data, and steal sensitive information from networks, plants and infrastructure. It can even cause the failure of plants and consecutive physical damage. The critical networks within the power sector are of national interest and attacks can have an effect on a country’s prosperity, public safety and national defence," Klein says.

He adds that the infrastructure of energy suppliers has been secure and enclosed on the outside. Yet, the integration of new applications and the development and decentralization of networks is making the infrastructure more susceptible. New packet-based devices in the networks for remote monitoring are more vulnerable for cyber attacks because they are connected through the internet. "These IP-based applications are selectable through their IP addresses and are potentially unsecured at a point of attack. Attackers can hack the packet-based data transmission between the applications and steal and manipulate data," Klein explains.