The electricity grid is one of the most complex and critical systems in existence. It transmits power from public utility companies to the end-user, the customer, to warm their homes and keep the lights on in schools. Its importance makes it a service that millions of people need nonstop, making it and municipal utilities tempting targets for cyber attackers. Cyber attackers looking to breach the power grid know that they can cause extraordinary damage to the energy sector by targeting smaller, more vulnerable electricity providers.
The world saw firsthand the damage cyberattacks can inflict on the utility sector in 2019 with the “LookBack” malware attack. Sending fraudulent emails that appeared to come from the National Council of Examiners, cyber attackers were able to deploy and execute the attack via emails that contained malicious macros. A potentially more damaging cyberattack on America’s electric utilities was by threat actor “Xenotime,” which carried out the infamous 2017 Trisis/Triton malware attack in Saudi Arabia; it was thwarted before it could be carried out after an SIS triggered a shutdown of some industrial systems, which experts believe hackers caused by accident.
And, of course, it’s hard to forget the recent debilitating ransomware attack on America’s Colonial Pipeline Company, which shuttered pipeline system operations. The 5,500-mile-long pipeline system that carries three million barrels of fuel each day between Texas and New York was forced to shut down for several days. It was such a significant event that President Biden declared a state of emergency after it was deemed a national security threat. In the end, the company paid DarkSide hackers to get the decryption key, which enabled their IT team to regain control of their systems.
These were not the first cyberattack plots against America’s power sector, and certainly will not be the last. So, how can smaller municipalities and public utility companies protect themselves from threats that can shutter operations and cause disruptions to millions of citizens? By leveraging advanced tech solutions. Essentially, fighting technology with technology.
The worst thing public utility companies can do is try to enhance cybersecurity protocols with antiquated, ineffective technology. To protect themselves and the grid from increasingly sophisticated attacks, utilities must have a cohesive solution in place to safeguard the critical infrastructure that collectively provides energy to millions each day. The nightmare scenario for municipal utilities is a significant cyberattack that shutters or at least disrupts operations and leaves countless customers without access to efficient power and clean water.
Many cannot comprehend the devastating impacts a shutdown of public utilities and the power grid generates. Earlier this year, 20 million Texans learned firsthand the debilitating consequences when Winter Storm Uri left the majority of the state without power and water for nearly a week, cost the state’s economy $80 billion to $130 billion, and left nearly 200 dead. At the peak of the crisis, there were 4.3 million reports of power outages across the state as the power grid operated by the Electric Reliability Council of Texas (ERCOT) essentially failed.