The data security threats faced by energy, water, and other critical infrastructure providers’ data networks have been highlighted by recent blackouts affecting 200,000 western Ukraine’s energy customers.
What’s Important
- SCADA infrastructure control networks are high profile targets for cyber-criminals.
- The essential role of national infrastructure demands the best encryption security.
- There are more vulnerabilities in SCADA networks than meet the eye.
The blackouts were caused by attacks on the energy providers’ SCADA networks (Supervisory Control And Data Acquisition), and highlight the risks associated with an increasingly ‘connected’ critical national infrastructure.
SmartGrid technology and the rapidly expanding IoT mean energy providers are exposed to an increasingly diverse range of threats. Every connected device represents a potential point of access to the network, highlighting the importance of edge security. Of course, these threats are not limited to energy networks alone. All industrial and critical asset control systems, used across a range of industries, face similar threats.
It has always been important for SCADA control systems to be protected from cyber-attacks. For critical infrastructure systems the risk is magnified, because of the significant potential for harm.
In the case of control systems’ networks, data theft is not the primary risk. The threat posed by the injection of rogue data, or an attempt to seize control of the network, is many times greater. The least an organisation could expect is business disruption. The potential for wide-spread impact, including financial and physical harm, is significant.
The Age Article
Power networks on high alert amid cyber threats
By Angela Macdonald-Smith 8 May 2016
Electricity network companies face having to further beef up their defences against cyber attacks as the rise of small-scale renewable power generation increases the vulnerability of the grid to attack.
Network owners, which have already increased their cyber-security defences in recent years, have been shaken by the cyber-attack in western Ukraine late last year, which caused blackouts for more than 200,000 customers.
Now, as more households install rooftop solar systems and batteries, the number of connection points to the grid is increasing, potentially opening up more chances for breaches, said Energy Networks Association chief executive John Bradley.
“We can see in the future … with more people connecting more different kinds of devices to the grid and potentially a larger number of smaller generators and storage device … that there is a wider range of potential interface points with the network so cyber security has got to be a critical corporate capability for every network,” Mr Bradley said.
“It absolutely increases the need for a really robust approach to managing these potential hazards.”
Read the full article at The Age
Senetas High-Assurance Security Comments
Although industrial and critical national infrastructures’ control systems (SCADA) transmit relatively small amounts of data across the providers’ networks; the type of data itself is critically important.
Risks to stakeholders among state-owned critical infrastructure and privately owned commercial and industrial infrastructure alike go way beyond threats to privacy, industrial espionage and financial damage.
In the case of SCADA (and similar) systems; stakeholders such as customers, shareholders, employees and service providers demand these data networks are protected by high-assurance encryption security.
Anything less than high-assurance encryption cannot ensure the providers or their stakeholders that their SCADA networks have the essential protection of secure security devices; state-of-the-art client side encryption; and independent testing authority certifications as required by governments and defence forces around the world.
For the first time energy networks are exposed to security risks of customers’ own equipment being connected to the providers’ networks. Alternative energy sources have driven that requirement and its resulting data security risk. Any device connected to a data network poses potential risks of cyber-attack exposure.
Those who dismiss potential risks to data networks caused by connecting (vulnerable) devices to them only need to read the plethora of published data breach alerts. These alerts pointed specifically to data network devices (promised to be secure), only to have been discovered to have serious vulnerabilities to cyber-attacks.
The consequences of a successful cyber-attack on industrial assets and critical national infrastructure may be catastrophic. They range from: inconvenient outages and costly down-time, to life threatening and large scale physical damage.
Only by ensuring control systems’ networks are protected end-to-end by high-assurance encryption can the providers and their stakeholders be sure their control systems are safe.
Case Study
Senetas high-assurance encryptors have recently been chosen by a large European energy provider to protect its large-scale SCADA data networks.
The case study will be available soon.
To request a copy of the case study, email security@senetas.com
