To view this page ensure that Adobe Flash Player version 11.1.0 or greater is installed.

BUSINESS / FINANCE / REGULATION Cyber security how vulnerable is your utility to an attack on your ICS systems? When you talk to someone about cyber security the first thought that springs to mind is the Hollywood picture of a spotty faced youth sitting in a darkened room, hacking his way into various government databases just to prove he can – or of high-tech criminal masterminds, stealing secret identities and exposing undercover operatives to the peril of the free world. The reality, however is both similar and somewhat more mundane – a combination of high-tech theft, espionage and big money, and the more day to day lapses in security and processes. Worldwide, utilities are experiencing an increase in outside cyber probes to identify and exploit weaknesses in utility networks. While traditional security focusses on internal corporate email and accounting networks, security risks are shifting to the electric grid itself, and we have introduced the threat ourselves – by adding more and more automation to a grid which was not initially designed to operate as an integrated whole. Cyber security isn’t just a power or utility sector problem – it is a challenge in any industry which has multiple connections within a system. It is applicable to any region of the world and the only real differentiator is the level of seriousness with which it is treated. The truth is that the risk of cyber attacks is becoming more pronounced as we become more connected. In industrial control processes, engineers are often lulled into a false sense of security by believing that SCADA and other ICS processes are not connected to the grid, and are therefore immune to cyber attack or infiltration. This is sadly not the case anymore. A recent search by Project SHINE (SHodan INtelligence Extraction) across the internet identified 1 000 000 SCADA or ICS controls that were identifiable over the net, with between 2 000 and 8 000 being identified daily. Case study: In one case study, attackers profiled an energy company employee who worked the 11pm to 7am shift monitoring Scada systems. Using social media and other publically available information, the attackers were able to determine that the target employee was married with four children. The attackers fired a single phishing email that appeared to come from the energy company’s HR department offering a discount health insurance plan for families with three or more children. The employee did not recognise the email was a phishing attack and clicked the link to download the application form, unwittingly downloading attack malware. Belani says: “It is important for companies to understand how well attackers do their homework to make sure phishing attacks are extremely credible.” And attacks can happen on the most secure networks – as witnessed by Televent Canada, a company which specialises in smart grid and cybernetwork software systems. The hacker stole files related to a project which allows for the integration of smart grid technology with older IT systems. within a utility to click on a link that downloads malware onto the utility’s network. In an email, Telvent told customers: “In order to be able to continue to provide remote support services to our customers in a secure According to Tofino Security, a company which provides industrial security solutions, “These devices include the traditional SCADA/ICS equipment, such as RTUs, PLCs, IEDs/sensor equipment, SCADA/HMI servers, and DCS. Non-traditional SCADA/ICS devices include: • medical devices • traffic management systems • automotive control • traffic light control (includes red-light and speeding cameras) • HVAC/environment control • power regulators/UPSs • security/access control (includes CCTV and webcams) • serial port servers (many of which include Allen-Bradley DF1 capable protocols) • data radios (point-to-point 2.4/5.8/7.8 GHz direct-connected radios)” However, even if your system is protected from outside attack, says Rohyt Belani, CEO of PhishMe, attacks can be launched by tricking an employee 46 METERING INTERNATIONAL ISSUE - 4 | 2013