Daily Bulletin


News

  • Written by Andrew Dowse, Director, Defence Research and Engagement, Edith Cowan University
Is Australia's electricity grid vulnerable to the kind of cyber attacks taking place between Russia and the US?

The New York Times reported earlier this month that the United States was increasing its cyber attacks on Russia’s power grid. The attacks are seen as a warning against Russian intrusions into US systems, but one that carries a risk of escalation.

The public reporting of previously covert cyber attacks earned a retort from US President Donald Trump, who accused the New York Times journalists of a “virtual act of treason”.

But the story has been useful in generating discussion about the reasons for – and potential consequences of – such actions. It also raises the question of how vulnerable Australia’s power grid is.

So let’s take a look at who is capable of carrying out these kinds of attacks, how they work, and whether Australia is doing enough to protect itself.

Read more: What's critical about critical infrastructure?

Are these attacks limited to the US and Russia?

Recent events may be newly reported, but the events themselves aren’t that new. Russian cyber attacks on US infrastructure may have been going on for years. According to the New York Times report, the US may have been undertaking similar intrusions in Russia since 2012.

While the story is limited to discussing cyber conflict between the US and Russia, there are many nation states with the ability to carry out such attacks.

To make things more complex, non-government actors can also launch cyber attacks. That includes individuals, organised crime groups, and proxies for nation states.

Why are we learning about this now?

When we talk about cyber security, and how to defend against threats from nation states, we’re usually talking about protecting confidential information. But when it comes to power grids, confidentiality isn’t particularly important. What is important is continuity of service, also called “availability”.

An adversary’s power availability would be a high-priority target during a conflict. Outside of conflict, the only logical rationale for a nation state to intrude on such systems would be to undertake reconnaissance and deploy malware that can remain dormant until needed.

In this regard, it doesn’t make sense that the US would intentionally leak its efforts, as appears to have been the case. It would prompt Russia to find the malware and, by disclosing intrusion techniques, it would “burn capabilities”.

Additionally, evidence of attacks could lead to an escalation of cyberwar between the US and Russia. Escalation is unlikely as long as responses to counter cyber attacks are undertaken in line with the principles of necessity and proportionality. But the uncertainty of attribution and consequences creates a potential for miscalculation in conducting cyber attacks.

The New York Times article was notable because it suggested the US president gave his commanders authorisation to undertake cyber attacks without his oversight. To avoid miscalculation, a balance is needed between a speedy response in cyber “active defence” and the kind of proper deliberation that will ensure the response is appropriate.

To date, there is no evidence that nation-state delivered attacks have resulted in power outages in the US or Russia. The apparent leak to the New York Times may not relate to a specific counterattack against the Russian power grid. Instead, it may be a form of diplomacy intended to signal US willingness and capability to counterattack.

Read more: Internet of Things: when objects threaten national security

How are such attacks possible?

Critical infrastructure is a term that refers to chemical production plants, power stations, oil platforms, and water pump stations. The technology that operates such infrastructure is called “operational technology” (OT). OT is a cyber-physical system that controls electricity generators and valves that mix chemicals in vats or transfer gas through pipelines.

To understand the threat, it helps to contrast OT with information technology (IT).

Confidentiality is a primary consideration for IT staff, who are focused on securing data from threats. They are well practised in patching vulnerable systems under their control. In an OT environment, availability is the primary driver, so keeping the plant working is considered more important than protecting against cyber threats.

Another difference between the IT and OT worlds is the lifetime of assets. OT system devices are built to last a long time before replacement. Using legacy OT technology that still works in itself is not a problem, as long as that technology is separated from other systems.

But the IT and OT worlds are converging to enable remote control and access to real-time plant operating data. Aside from the tension between priorities of confidentiality and availability, this convergence opens up OT vulnerabilities to attack.

When OT systems were developed decades ago, there was little thought of security, since most systems were only accessible on-site or through dedicated networks. With IT-OT convergence, keeping systems secure becomes a priority, but not at the expense of availability. Stopping a system, either for an update or due to a cyber attack, results in lost revenue and impact upon customers who could, for instance, lose power to their homes.

Have we seen successful attacks in the past?

Cyber attacks on Ukrainian power stations in 2015 and 2016 affected more than 200,000 customers, and provided lessons for the rest of us.

These events showed that an attack was more than just theoretical in the domain of energy systems. Engineers needed to physically visit each substation to return systems to operation.

As similar technology is used worldwide, the power grids of other nations are potentially vulnerable. Additionally, the malware used to command and control attacks is increasingly available for hire as cyber crime moves to a service-based model. And more sophisticated tools mean attackers require less skill to locate and attack internet connected devices.

Read more: Why we should be wary of expanding powers of the Australian Signals Directorate

How vulnerable is Australia’s power grid?

In 2016, Australia’s Chief Scientist Alan Finkel released a review into the future security of the national electricity market. Following advice that the cyber threat to the national energy market was increasing, Finkel recommended stronger security measures be put in place.

By 2017, some action had been initiated to mitigate threats in the energy sector. Subsequently the Security of Critical Infrastructure Act 2018 was passed. The Act contains elements to help the government better appreciate the risk and to make certain directions to service providers to increase security.

The government is reportedly considering a proposal to enable the Australian Signals Directorate (ASD) to access the networks of companies operating critical infrastructure to defend them against cyber attacks.

In 2018, the Australian Energy Market Operator (AEMO) released the first annual report into the cyber preparedness of the market, identifying that current provisions are inadequate. AEMO has established a framework for operators to assess their security maturity, and strengthen measures.

Notwithstanding these efforts, recent reports suggest the number of attacks on critical infrastructure is growing. Meanwhile, the ability to prevent, detect or respond to these attacks remains low.

For many critical infrastructure systems, OT is a sunk investment that would be expensive to replace. Implementing substantial security improvements to upgrade the legacy energy environment will also be expensive, and it’s likely that costs will be passed onto customers. But there are cost-effective ways of improving security, including threat/vulnerability system monitoring. Some companies in Australia are doing this.

Cyber warfare is a reality. We should expect that cyber criminals and nation states adversaries could have some impact our lives in future by attacking critical infrastructure, such as the electricity grid.

Securing our infrastructure is a priority for the government and increasingly recognised as such by the market participants. The cost and need for security mitigations may seem unpalatable to many, but steps need to be taken to prevent a return to the dark ages.

Authors: Andrew Dowse, Director, Defence Research and Engagement, Edith Cowan University

Read more http://theconversation.com/is-australias-electricity-grid-vulnerable-to-the-kind-of-cyber-attacks-taking-place-between-russia-and-the-us-119157

Writers Wanted

We vibrated earthworms to learn about safely connecting human brains to computers

arrow_forward

The 2020 NZ election saw record vote volatility — what does that mean for the next Labour government?

arrow_forward

Melburnians will soon be able to have 2 visitors per day. It's far riskier than an exclusive bubble

arrow_forward

The Conversation
INTERWEBS DIGITAL AGENCY

Politics

Prime Minister Interview with Kieran Gilbert, Sky News

KIERAN GILBERT: Kieran Gilbert here with you and the Prime Minister joins me. Prime Minister, thanks so much for your time.  PRIME MINISTER: G'day Kieran.  GILBERT: An assumption a vaccine is ...

Daily Bulletin - avatar Daily Bulletin

Did BLM Really Change the US Police Work?

The Black Lives Matter (BLM) movement has proven that the power of the state rests in the hands of the people it governs. Following the death of 46-year-old black American George Floyd in a case of ...

a Guest Writer - avatar a Guest Writer

Scott Morrison: the right man at the right time

Australia is not at war with another nation or ideology in August 2020 but the nation is in conflict. There are serious threats from China and there are many challenges flowing from the pandemic tha...

Greg Rogers - avatar Greg Rogers

Business News

Important Instagram marketing tips

Instagram marketing is one of the most important approaches for digital advertisers. If you want to promote products online, then Instagram along with Facebook is the perfect option. After Faceboo...

News Co - avatar News Co

Top 3 Accident Law Firms of Riverside County, CA

Do you live in Riverside County and faced an accident and now looking for a trusted Law firm to present your case? If yes, then you have come to the right place. The purpose of the article is to...

News Co - avatar News Co

3 Ways to Keep Your Business Safe with Roller Shutters

If you operate your business in a neighbourhood or city that is not known for being a safe environment, it is not surprising if you often worry about the safety of your business establishments o...

News Co - avatar News Co



News Co Media Group

Content & Technology Connecting Global Audiences

More Information - Less Opinion