Robert Walton reports: as the Internet of Things merges with grid edge technology, experts say the power sector is both more vulnerable and more secure. Two evolutions are taking place around the power sector today, which could make it more difficult to defend from a growing cyber threat.
Hackers are becoming increasingly sophisticated in their attempts to disrupt electric grids. Attacks are more targeted, including spear phishing efforts aimed at individuals, and are shifting from corporate networks to include industrial control systems.
At the same time, the grid is becoming increasingly distributed and connected. Older power plants have been spared cyber attacks because they were not connected to the internet (which may not have existed when they were built). New resources are connected — though they are also being constructed with security in mind. And in this growing Internet of Things world, just about every device imaginable can create a potential vulnerability.
This creates something of a double-edged sword, say security experts. On the one hand, it distributes risk and the consequences of a successful breach. But it also creates a broader "attack surface" with more vulnerabilities and opportunities for attackers to gain access.
"Modern grid technologies expose existing security vulnerabilities in new ways, as well as introduce new benefits," Advanced Energy Economy Institute concluded in an assessment of cybersecurity challenges on a distributed grid, published earlier this year.
The report also found the energy industry is "learning important lessons from the high profile, and high impact, attacks that have affected a large number of users in the United States during the past two years." AEE Institute noted that several attacks have used internet-connected devices "such as baby monitors, webcams, and other smart home devices..."