Could power blackouts be caused by a Cyber Attack?

The short answer is yes.

And it has happened already – the first power grid provider to be affected by a cyber-attack caused outage was in the Ukraine in 2015, affecting 225,000 people.  It was blamed on Russian-based cybercriminals and is thought to be the first known successful cyber-attack aimed at utilities.

It is thought that the attack was multi-faceted and started with installing malware on the utility provider’s computer systems, giving the attackers remote access and enabling them to turn off the power.

The malware is believed to have been delivered by email using a spear phishing campaign, which dupes an employee into thinking it’s a legitimate email and encourages quick action.  Rather than sending a lot of phishing emails, this method is more sophisticated and requires thorough research, as well as carefully structuring messages to dupe the employee into acting, and thereby opening a potential weakness in the infrastructure.

The utility industry is vulnerable across the whole supply chain

From power generation through transmission and distribution, there are numerous vulnerabilities in the utilities supply chain, which could be targeted by cyber criminals and bad actors.,

There have been numerous software and malware attacks where criminals have damaged equipment at nuclear facilities, built plugins to invade industrial control systems (ICS) and destroyed data to disrupt operations.

In 2017 the safety systems of a petrochemical plant in Saudi Arabia were penetrated and the attack was designed to sabotage operations and trigger an explosion.

Bad actors are always looking to disrupt the services we receive and cause damage and disruption to their own gain and are becoming ever more sophisticated in their approach.

With more systems and networks being connected; one weak link can cause outages of utility supplies and therefore cause chaos.

Only as strong as its weakest link

All these attacks have had devastating effects on the utility providers affected.  Not only have hackers identified weaknesses within the utility systems, but hackers have been able to get in and damage data and systems.

The loss of trust that also goes along with such attacks is something that is difficult to regain and takes time and a lot of effort.  Plus, the extra work to ensure that systems get back to normal as quickly as possible and downtime is minimised.  When thousands of people are depending on the continual supply, the reputational damage is extremely costly.

The costs are not just down to fines and putting systems back on track, but also to identify how the breach happened and what needs to be put in place, so it doesn’t happen again.

What can you do to evade the hackers?

One of the primary ways to deal with the threat is to ensure that you have a strong authentication system in place which does not rely on passwords for entry to your systems and networks.   Ideally, you need to adopt a best practice method of strong authentication using crypto-backed identities. Public Key Infrastructure (PKI) and FIDO both offer high levels of security and present significant security and UX benefits over alternatives such as passwords and one-time passwords via SMS. To manage such identity systems organisations across workforces of 1,000 employees plus requires a credential management system (CMS) like MyID®.

MyID is a feature-rich CMS that enables organisations to deploy digital identities to a wide range of secure devices simply, securely and at scale.

MyID is built to integrate with infrastructure such as certificate authorities, directories, identity management solutions and mobile device management systems (MDMs), MyID minimises any impact on the existing environment reducing deployment times and operational costs.

Ideal for organisations who want an easy-to-use solution for IT to issue and lifecycle manage user credentials, from thousands to millions of end users and who need a system flexible enough to adapt to existing business processes and integrate with your existing infrastructure.

To find out more about MyID Credential Management System and how it can be easily integrated into your systems, request a demo today.

See how MyID can support secure authentication within the National Critical Infrastructure