It sounds like something out of a movie. Public transport grinds to a halt. Networks go dark. Lights go out. And an entire city is paralysed and shutdown as critical infrastructure is targeted- all with the press of a button.
Unfortunately, this isn’t a theoretical scenario, and it has already started happening around the world. Hackers are targeting power and energy networks, hoping to hold entire countries to ransom.
In both 2015 and 2016, Ukraine’s power grid was shut down by cyber attacks. In 2015, just two days before Christmas, the grid went down for six hours, leaving approximately 700,000 without power in the Ivano-Frankivsk region. A virus was used to disconnect substations from the grid.
Ukraine’s electricity transmission facilities were also attacked a year later. This attack also shut down electricity service, although only for around an hour in a smaller area. It’s widely reported that hackers from the Russian government were responsible for the attacks.
The success of these incidents sent shockwaves around the world. How did cybercriminals carry out this attack? Could something similar happen in the United States, Western Europe, or Australia?
In the EY Risk Pulse Survey, power and utility companies were asked about their number one most important overall risk. 80% said that business interruption from catastrophic events, storms, and cyber attacks were their biggest concerns. This isn’t surprising when you consider global ransomware attacks on targets like the telecommunications network in Span and the NHS in the UK.
In April, EirGrid- the electricity and transmission control system in Ireland was hacked. While no systems were shut down, the breach was only discovered more than two months after it was hacked. It’s not yet known if EirGrid had malicious software inserted into its control systems.
In May, hackers began penetrating computer networks of the companies operating nuclear power stations and energy facilities, along with manufacturing plants in the US and other countries. Trump has since signed an executive order to strengthen the critical infrastructure network in the United States.
In 2015, the Australian Bureau of Meteorology faced a malware attack, originating from a foreign intelligence service. The bureau is a critical national resource, and its scientific research and intellectual property are highly valuable.
Between the 1st of January 2015 and the 30th of June 2016, the Australian Cyber Security Centre responded to 1,095 cybersecurity incidents directed at government systems and considered to be serious enough that an operational response was warranted.
We would be naive to think that Australia is immune to attacks from cybercriminals. In April, a $230 million cybersecurity strategy was launched. Attorney General George Brandis is leading the strategy, which has been focused on critical infrastructure such as Australia’s water and power networks. According to Mr Brandis, increased foreign involvement, such as supply chain arrangements, outsourcing, offshoring, and ownership has made the country’s critical infrastructure more exposed than ever before when it comes to coercion, espionage, and sabotage.
Realistically, an attack on the power grid is almost inevitable. Whether that attack will be successful will depend on Australia’s ability to outsmart hackers and defend the grid. For the telecommunications industry, this is one more reason why moving to off-grid power solutions is a smart idea. In the event of an attack, off-grid power will allow telco networks to remain online.
Thinking about switching to an off-grid or hybrid solution? Get in touch today to learn how we can help. Get in touch today.