The data security threats faced by energy, water, and other critical infrastructure providers’ data networks have been highlighted by recent blackouts affecting 200,000 western Ukraine’s energy customers.

 

What’s Important

  • SCADA infrastructure control networks are high profile targets for cyber-criminals.
  • The essential role of national infrastructure demands the best encryption security – i.e. high-assurance encryption.
  • There are more vulnerabilities in SCADA networks than meet the eye.

 

Caused by cyber-attacks on the energy providers’ SCADA networks (Supervisory Control And Data Acquisition), used to transmit to and link the provider’s control systems, this type of serious cyber-attack seems to be just the beginning.

Now that (solar user) customers are connecting to the ‘grid’, (including data transmission), energy providers face an exponential rise in the risks of successful cyber-attacks – through connected ‘insecure’ devices.

But cyber-attack risks are not limited to energy networks alone. All industrial and critical asset control systems used in a range of industries face similar threats.

It has always been vitally important for all SCADA control systems to be protected from cyber-attacks, simply due to the sheer scale of harm such attacks may cause.

In this case of control systems’ networks, data theft is not the primary risk. The threats of data input; rogue data; taking over control of the systems; as well as disruption, as experienced in western Ukraine, pose real risks of large-scale harm as well as serious damage.

The Age Article

Power networks on high alert amid cyber threats

By Angela Macdonald-Smith 8 May 2016

Electricity network companies face having to further beef up their defences against cyber attacks as the rise of small-scale renewable power generation increases the vulnerability of the grid to attack.

Network owners, which have already increased their cyber-security defences in recent years, have been shaken by the cyber-attack in western Ukraine late last year, which caused blackouts for more than 200,000 customers.

Now, as more households install rooftop solar systems and batteries, the number of connection points to the grid is increasing, potentially opening up more chances for breaches, said Energy Networks Association chief executive John Bradley.

“We can see in the future … with more people connecting more different kinds of devices to the grid and potentially a larger number of smaller generators and storage device … that there is a wider range of potential interface points with the network so cyber security has got to be a critical corporate capability for every network,” Mr Bradley said.

“It absolutely increases the need for a really robust approach to managing these potential hazards.”

Read the full article at The Age

Senetas High-Assurance Security Comments

Although industrial and critical national infrastructures’ control systems (SCADA) transmit relatively small amounts of data across the providers’ networks; the type of data itself is critically important.

Risks to stakeholders among state-owned critical infrastructure and privately owned commercial and industrial infrastructure alike go way beyond threats to privacy, industrial espionage and financial damage.

In the case of SCADA (and similar) systems; stakeholders such as: customers, shareholders, employees and service providers; demand these data networks are protected by high-assurance encryption security.

Anything less than high-assurance encryption cannot ensure the providers or their stakeholders that their SCADA networks have the essential protection of secure security devices; state-of-the-art client side encryption; and independent testing authority certifications as required by governments and defence forces around the world.

For the first time energy networks are exposed to security risks of customers’ own equipment being connected to the providers’ networks. Alternative energy sources have driven that requirement and its resulting data security risk. Any device connected to a data network poses potential risks of cyber-attack exposure.

Those who dismiss potential risks to data networks caused by connecting (vulnerable) devices to them only need to read the plethora of published data breach alerts. These alerts pointed specifically to data network devices (promised to be secure), only to have been discovered to have serious vulnerabilities to cyber-attacks.

The consequences of a successful cyber-attack on industrial assets and critical national infrastructure may be catastrophic. They range from: inconvenient outages and costly down-time, to life threatening and large scale physical damage.

Only by ensuring control systems’ networks are protected end-to-end by high-assurance encryption can the providers and their stakeholders be sure their control systems are safe.

Case Study

Senetas high-assurance encryptors have recently been chosen by a large European energy provider to protect its large-scale SCADA data networks.
The case study will be available soon.

To request a copy of the case study, email security@senetas.com