Is Our Electrical Grid Safe from IoT Security Threats?

In the middle of June 2019, security analysts announced that the same hackers responsible for Triton malware are scanning US electrical grids for an entry point to launch an attack. This news is particularly troubling, as Triton was designed to disable the safety instrument systems at a Saudi Arabian oil refinery. While the hackers haven’t succeeded in penetrating the US electrical grid, questions continue to pop up about the grid’s safety.

The potential Triton hack is but one example of the threats to our electrical grid. Read on to learn about how safe the US electrical grid is and what can be done to better protect it.

What Threats Face the US Electrical Grid?

The problem of threats to the US electrical grid is sadly not new. In May 2017, the Pacific Northwest National Laboratory published a report about protecting the grid from IoT threats. The report explained that the problem of grid security has changed: the threat surface has significantly expanded because there are more devices with internal computing power that can interact with the grid.

For example, an app with embedded malware could access other apps that control networked devices (such as refrigerators, thermostats, home security systems, etc.). The infected app could tell those IoT devices to consume significantly higher amounts of electricity, which would lead to voltage fluctuations. In turn, smart inverters pull of the grid en masse, which trips protective systems.

The report’s author blames cheap, ubiquitous connectivity for the newest generation of threats to the electrical grid. Almost anyone can purchase an IoT device, and as a result, almost anyone has the potential to wreak havoc on one of our nation’s utilities.

What Are the Solutions to This Threat?

A threat to the US electrical grid is a matter of national security. Given the proliferation of IoT devices, how can this enormous threat be mitigated?

The answer is that we have to start thinking differently about securing our electrical grid. It’s no longer a matter of safeguarding grid devices. Now, threats are all around us, because anyone can access the grid.

The combination of physical security measures as well as digital measures has the best chance of protecting the US electrical grid. Researchers at Accenture recommend certificate-based, device-level authentication when feasible, network protocols that support encryption, application security, network segmentation, security monitoring, incident response, and extensive training to ensure that utility companies can manage threats quickly and effectively.

Additionally, we can’t neglect mobile security or threats to our supply chain, either. Mobile devices are a boon to the enterprise, but they represent a significant risk to the electrical grid as they can run apps for networked devices. The supply chain is vulnerable because malicious third parties can compromise hardware and software. Vigilance is crucial – everyone has a role to play in keeping our electrical grid safe, even if it seems that role is small.

Aquila is ready to help you secure your systems. Please contact us for more details on how we can help.

 

Rachel Levy Sarfin

Rachel Levy Sarfin is a Toronto-based freelance writer who has focused on B2B technologies (including digital security) since 2012.
Rachel Levy Sarfin