Power firms ‘at risk from cyber attacks’

Power companies are increasingly at risk from cyber-attacks because their computer security is stuck in the last century, a British security firm claimed this week. The warning comes after the […]

Register now!

By Vicky Ellis

Power companies are increasingly at risk from cyber-attacks because their computer security is stuck in the last century, a British security firm claimed this week.

The warning comes after the US government told thousands of firms to boost the protection of computers which operate power plants and other utilities. This was prompted by a survey which found more than 500,000 potential targets for hackers in the sector.

Automated control systems called SCADAs (supervisory control and data acquisition systems) are used in the US industry to operate power systems.

One security firm believes the risk flagged up applies to the whole sector, including the UK.

Chris McIntosh, chief executive of security and communications company ViaSat UK said: “This highlights a great weakness in critical infrastructure both in the US and beyond: security is still firmly rooted in the 20th century. While this is fine for physical security the interconnectivity of the grid, and the trend toward distribution automation, have granted malicious attackers a multitude of ways to cause major disruptions.”

It isn’t just the obvious locations such as power stations which are vulnerable.

Mr McIntosh went on: “An attack on the energy grid needn’t assault hubs of power generation or sub-stations: communications lines, business networks and even smart meters can be viable points of entry.  Incidents could involve manipulating real-time electricity grid management equipment such as transformers and capacitors, resulting in anything up to blackouts of entire regions.”

Given how widespread viruses such as ‘malware’ is – which can lurk for months before detection – firms should treat their computers as if they have already been attacked, Mr McIntosh added.

This could include encrypting data which moves between locations and bringing in “rigorous authentication protocols”.

The questions remains whether this security risk could be multiplied with the rise of ‘smart meters’, electricity meters which send real-time information about a business or home’s energy use to a supplier.