Imagine a coastline dotted with 5,800 wind turbines, all made defunct by disrupting satellite communications that remotely monitored and controlled them.
That is exactly what happened across Europe in February when suspected Russian hackers targeted wind energy converters maintained by ENERCON Service. It took two months for the majority of the wind farms to be back online, the company said.
“Communication services provided via the satellite went down at almost exactly the same time that Russian troops invaded Ukraine,” the company said in April.
“Around 30,000 satellite terminals used by companies and organizations from various sectors were affected across Europe. Among them are 5,800 ENERCON WECs in central Europe with a total installed power of more than 10 gigawatts.”
As renewable energy continues gaining traction, the energy sector becomes increasingly exposed to cyber threats. The interconnected nature of green energy systems creates vulnerabilities that hackers quickly exploit.
During conflict or heightened tensions, the reliance on these systems for power generation and distribution makes them attractive targets for hackers, who launch wide-scale cyber attacks on the energy sector.
“The interconnected nature of green energy systems, which encompasses power grids, energy storage facilities, and smart technologies, positions vulnerabilities, and misconfigurations that are enticing for malicious actors to exploit”, said a report by Cyble.
While cyber attacks pose risks to various sectors, electric power, and gas companies are particularly vulnerable. However, there are ways to significantly reduce the associated risks that come with cyber attacks on the energy sector.
Understanding the landscape of cyber attacks on the energy sector
McKinsey & Company shared three broad characteristics that make the sector especially vulnerable to modern cyber threats.
Firstly, there are increasing threats and actors targeting utilities, including nation-state actors seeking security and economic dislocation, cybercriminals recognizing the economic value in the sector, and hacktivists opposing utilities’ projects or broader agendas.
Secondly, utilities have expansive and complex attack surfaces due to their geographic and organizational complexities, often with decentralized cybersecurity leadership.
Lastly, the interdependencies between physical and cyber infrastructure in the electric-power and gas sector make companies susceptible to exploitation, such as billing fraud, operational-technology (OT) system takeovers, and even physical destruction.
Exploring the vulnerabilities of Photovoltaic monitoring and diagnostic solutions
As per Cyble, photovoltaic (PV) monitoring and diagnostic solutions are critical in monitoring and managing renewable energy systems. These systems provide information on real-time performance of solar installation, data efficiency, fault detection and more.
PV monitoring and diagnostic solutions are important in grid integration, power flow optimization, and grid stability. However, the fact that PV diagnostic and monitoring systems are now being exposed to the internet can be daunting because it brings potential risk to these intricate technologies.
Research indicates that over 130,000 such systems are exposed to the internet, providing threat actors with a large attack surface. This exposure makes these systems vulnerable to cyberattacks, potentially leading to reduced energy production, system instability, physical damage, and other cybersecurity challenges.
Securing PV monitoring and measuring solutions requires addressing vulnerabilities and challenges. Outdated firmware, misconfigurations, and compromised endpoints contribute to the risks.
Exploiting these systems becomes more accessible if they use outdated firmware or have misconfigurations like unsecured communication, lack of updates, improper network segmentation, or poor access control.
Compromised endpoints where access credentials are stolen and sold on the dark web pose a significant threat to the security of these systems. Attacks on PV monitoring solutions have far-reaching impacts beyond the energy sector.
The expanding threat landscape and cyber attacks on the energy sector
Over the years, many hackers have claimed attacks on the energy sector — even those that have nothing to do with the geo-political setup of the nation. However, it has been seen that nation-state actors and other hacker groups are more willing to launch cyber attacks on the energy sector.
Cybercriminals also target utilities and critical infrastructure for profit. A notable example is the ransomware attack on Baltimore City computers, which caused extensive damages exceeding the demanded ransom.
“Common misconfigurations, such as using factory default passwords, unsecured communication, lack of updates, improper network segmentation, poor access control, etc., can provide intruders with an easier approach to data manipulation of these devices,” said the Cyble report.
The majority of Hacktivist groups rely on misconfigurations to gain access to assets related to the ICS environment.
Attacks are no longer limited to IT networks alone, as evidenced by the deployment of ransomware to disrupt a gas company’s pipeline operations, leading to productivity and revenue losses.
Hacktivists pose threats that may be less sophisticated but still have the potential to disrupt electric power and gas operations.
They often utilize publicly available attacks like distributed denial of service (DDoS). Hacktivists have also stolen personal data from climate leaders, which can be used to carry out cybersecurity attacks against industry leaders.
While most utilities know the cybersecurity risks, inconsistencies exist in their ability to secure funding for OT and IT cybersecurity controls.
Regulators often need more talent to review cybersecurity budgets, resulting in limited investments in cyber capabilities. Municipalities offering independent energy services may also need more resources to deploy sufficient cybersecurity controls, increasing the risk.
Cyber attacks on the energy sector: Major challenges
“I am not sure I want to comment on how often we find holes in our system. But what I can say is that we have found holes in our system,” Henriette Borgund, a hacker commissioned by Norsk Hydro, told Reuters.
The visibility and maintenance of IT and OT systems are challenging. Since COVID-19, big sectors have diversified their work, and remote working options have also opened new and unique ways threat actors can infiltrate networks.
Moreover, consumer electronics, and its vulnerabilities are also a big reason why the energy sector can be a prime target for hackers. Wireless smart meters, for instance, have been targeted for tampering — eventually ending in losses in revenue for companies.
The emergence of new technologies like electric-vehicle charging stations further increases the stakes, as coordinated attacks against these stations could bring down an entire power grid.
Organizational complexity within utilities, with multiple business units responsible for different aspects of energy generation and distribution, needs to be improved to ensure overall network security. Separate OT and IT policy regimes, including untested IoT technology, can introduce vulnerabilities.
This complexity is compounded by the number of employees, contractors, and vendors requiring access to utility systems, increasing the potential attack surface.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
