GridElectrical grids in state of “chaos,” report finds

Published 21 November 2011

A recent report warned that the world’s electrical grid is in a “state of near chaos,” leaving it vulnerable to a devastating cyberattack; the report, released by Pike Research, found that a simple $60 smart phone app could enable an attack on smart grids due to an aging infrastructure, a lack of standards, and inadequate spending

A recent report warned that the world’s electrical grid is in a “state of near chaos,” leaving it vulnerable to a devastating cyberattack.

The report, released by Pike Research, found that a simple $60 smart phone app could enable an attack on smart grids due to an aging infrastructure, a lack of standards, and inadequate spending.

“The attackers clearly have the upper hand,” the report, titled “Utility Cyber Security,” concluded.

According to the report, securing smart grids is a global problem, but there is no single global electrical infrastructure. Instead each region has a unique system of infrastructure to deliver electricity making threats and vulnerabilities different for every region.

In particular, the report warns that industrial control systems are vulnerable especially in light of the discovery of Stuxnet, which infected the control software at Iran’s Bushehr nuclear facility and caused physical damage.

“Stuxnet was a mission and not simply a piece of malicious code,” the report says. “It was not detected until after it had accomplished its purpose and, most likely, evaded detection for more than a year after its release. Few utilities, vendors or analysts are willing to discuss that even more sophisticated attacks may now be in process, which, so far, have completely evaded detection.”

To illustrate the weaknesses of these systems, the report pointed to a $60 smart-phone app that could reach a Wi-Fi-enabled supervisory control and data acquisition (SCADA) system and potentially give a hacker control over parts of the system.

Securing industrial control systems will likely prove to be challenging as they are often old, expensive, and designed to last for decades making replacing or updating them difficult.

SCADA networks must support a mix of old and new, possibly for another 30 years until all the old devices’ service lives have run their course,” the report explained.

So far the majority of cybersecurity measures for electrical grids have focused on securing end-point technology like smart meters which enable two-way communication between distributors and consumers.

The report predicts that security fears, spurred by Stuxnet, will likely lead to growth in security spending. In North America, annual spending to secure industrial control systems is projected to increase from a few million dollars in 2011 to roughly $750 million by 2018.

In the meantime, the report noted that without a strong set of enforceable guidelines with penalties, U.S. electoral grid operators would not spend the funds needed to properly secure their networks.

“This lack of enforceable requirements leads to a scene of mass chaos in utility cybersecurity,” the report says. “Many utilities – as with large companies in any industry – will only invest in cybersecurity when financial punishment for not investing is threatened, similar to failing an audit and being fined.”