State-sponsored cyber-criminals are targeting power plants and grids, threatening to cause blackouts that send cities back to the Dark Ages.
October 8, 2019
Imagine a discovery that transforms the world beyond recognition, impacting almost every person on the planet across almost every facet of life. Over the course of a few short decades, all jobs come to revolve around it, all entertainment is soon broadcast using it, and yet no one gives it a second thought unless it’s gone.
That discovery, of course, was electricity. From the alarm clock that wakes you up in the morning to the lights you flip off before falling asleep, electric current defines civilization as we know it. Each one of us today wields the power of lightning — a force once reserved for Zeus himself — a fact we tend only to reflect on with annoyance when our gadgets run out of battery.
Yet the era of taking electricity for granted may be coming to a close. With international conflict rapidly migrating to the digital domain, nation states are now targeting their rivals’ energy grids, seeking to disrupt the technology that powers all others. Moreover, these critical systems have proven vulnerable to cyber-attack, since they are constituted by both legacy equipment running decades-old software and new IIoT devices designed without basic security controls. Defending energy grids requires accepting this vulnerability — advanced attackers will inevitably get in — and adopting AI tools that can adapt to fight back.
The initial spark
In December of 2015, a worker at the Prykarpattyaoblenergo power plant in Ukraine noticed his computer cursor flitting across the screen of its own accord. For the next several minutes, the cursor systematically clicked open one circuit breaker after another, plunging almost a quarter million Ukrainians into darkness. The worker could only watch as the cursor then logged him out of the control panel, changed his password, and shut down the backup generator at the plant itself.
The first documented power outage precipitated by a cyber-attack, its sophistication provoked experts to speculate that nation-state actors had been involved. Indeed, blackouts that turn entire cities dark are a devastating tactic in the geopolitical chess game. Unlike direct acts of war, online onslaughts are difficult to trace, shielding those responsible from backlash. And as countries race to invent the next transformative application of electricity, it stands to reason that adversaries would attempt to win that race by literally turning off the other’s lights.
Since the watershed Ukraine attack, the possibility of a similar strike has been a top-of-mind concern for governments around the globe. In March 2018, American and European utilities were hit by a large-scale attack that could have “shut power plants off at will”, but which instead appeared intended for reconnaissance and intimidation. Although such attacks originate in cyberspace, anything beyond mere warning shots could dramatically impact the physical world.
Compromised by complexity
Modern energy grids are sprawling, labyrinthine systems — vast arrays of substations, relays, control rooms, and smart meters. Such bespoke environments are ripe with attack vectors for criminals to exploit. And because conventional cyber defenses are designed only to spot known threats against traditional IT devices, they are blind to the never-before-seen threats confronting unique OT machines.
Among all of these machines, smart meters — which communicate electricity usage to the supplier — are notoriously vulnerable. And whereas most grids are designed to avoid this possibility, disabling individual smart meters could be sufficient to cause a systemwide blackout, even without breaching the central control system. Just a 1% change in electricity demand could prompt a grid to shut down to avoid damage, meaning that it might not take many compromised meters to reach the breaking point.
Shining light on the dark
Thwarting unpredictable threats against energy grids requires using AI technologies, which can learn how each grid normally functions by analyzing the activity of each device and user. Unlike the conventional approach of predefining what constitutes “normal,” such an understanding of every unique environment — comprised of millions of ever-changing connections — can shine a light on the subtle anomalies introduced by even completely novel cyber-attacks.
Indeed, the only way to safeguard such unusual environments is to avoid predefining anything, since guessing what future attacks will look like is simply beyond the scope of what human beings can do alone. Artificial intelligence, by contrast, is singularly capable of tackling the enormous complexity of the world’s electricity infrastructure, having already proven its ability to detect threats against outdated OT machines and new IIoT devices alike. And with power plants and energy grids fast becoming the next theater of cyber warfare, the switch to AI security cannot come soon enough.
Andrew Tsonchev is a technical expert on cyber security and advises Darktrace’s strategic customers on advanced threat defense, AI and autonomous response. He has a background in threat analysis and research, and holds a first-class degree in physics from Oxford University and a first-class degree in philosophy from King’s College London. His comments on cyber security and the threat to critical national infrastructure have been reported in international media, including CNBC and the BBC World.