Utilities and IoT under attack

Next story
Olivia Storey

The risk of cyber-attacks which can interrupt electricity supply to electric distribution grids is a global concern. 

A survey of more than 100 utilities employees from over 20 countries showed that cyber security of electric distribution grids is a high concern, with two-thirds of these utilities believing their country faces the risk of a cyber-attack causing interruption to services. 

Electricity Supply Control Systems have increased connectivity by enabling smart grids, which can significantly improve benefits like safety, productivity, improved quality of service and operational efficiency. 

Although beneficial, distribution utilities will be increasingly exposed and at risk with the introduction of smart systems as well as the growth of IoT devices in the home, such as connected home hubs and smart appliances. 

These bring a new risk to distribution companies, so we ask Mark James, ESET IT Security Specialist, what homes can do to protect themselves against being compromised via IoT devices.

“In a world where we want to connect everything everywhere, the concerns for cyber-attacks will increase massively. 

“When you then take those concerns and overlay them over industries that typically use older hardware and indeed bespoke software, then that stretches it even further. 

“As these networks expand it gets increasingly harder to control, as systems are replaced or modified the potential for opening up attack vectors thought closed or even not present recently increase to scary levels. 

“If we then look at how costs can be cut or budgets stretched then it’s easy to see how the bad guys can utilise those shortfalls for their own advantage, and of course technology is getting cheaper, therefore being accessible and affordable by more people or organisations. 

“At one time having “Smart” devices in every home was a luxury, but as components get cheaper and smaller those lofty ideas soon become realities, but of course the more we connect the more we in theory expose. 

“The main entry points will be locked down and secure of course, but it’s not always those that are breached. 

“It’s the seemingly less critical areas that are compromised; using zero day vulnerabilities that no one thought was a concern, or the satellite office that has an unsuspecting employee fall for a well created targeted phishing attack, one that is capable of compromising an entire network that has access to other seemingly secure areas.

“Security needs to be by design, it should be one of the first things thought of when systems go online, not something that is added because ‘it’s a concern nowadays’.

That’s when it fails

“One of the biggest problems is many of these systems cannot be manned all the time. 

“They have to be automated as it’s an unfriendly environment for humans, but segregation of access and data needs to be factored into the very foundation of the security being used.” 

How many IoT devices do you own? Let us know on Twitter @ESETUK. 

Join the ESET UK LinkedIn Group and stay up to date with the blog. If you are interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.