This post is also available in: heעברית (Hebrew)

The electric utility industry is a valuable target for adversaries seeking to exploit industrial control systems and operations technology for a variety of purposes. 

Attacks on electric systems – like attacks on other critical infrastructure sectors – can further an adversary’s criminal, political, economic, or geopolitical goals. As adversaries and their sponsors invest more effort and money into obtaining effects-focused capabilities, the risk of a disruptive or destructive attack on the electric sector significantly increases.

A power disruption event from a cyberattack can occur from multiple components of an electric system including disruptions of the operational systems, targeting enterprise environments to achieve an enabling attack through interconnected and interdependent IT systems, or through a direct compromise of cyber digital assets.

According to a report by dragos.com, an Iranian-sponsored hacking group called Magnallium has been trying to get access to American electric utilities for at least a year. The hackers have been trying to guess passwords for hundreds of accounts linked to US electric utilities, plus oil and gas firms, a technique known as “password-spraying.” This chimes with findings from Microsoft, which revealed it had seen a similar campaign in November 2019.

According to technologyreview.com, it is still unknown whether the group’s efforts have been successful, but accessing the more specialized software that controls the physical equipment in infrastructure facilities would require far more sophisticated techniques. 

It’s unlikely the hackers currently have the ability to cause blackouts in the US, but they could potentially still disrupt a power station’s computer network. 

In March 2019, hackers did use firewall vulnerabilities to cause periodic “blind spots” for grid operators in the western US for about 10 hours. It was the first known time a cyberattack has caused that kind of disruption — which, did not affect the actual flow of electricity — at a US power grid company. 

The report is a reminder that infrastructure owners need to be constantly vigilant about cybersecurity and make sure their employees are following basic security advice, such as using strong, unique passwords, as well as adopting more sophisticated protection.

Interested in learning more about cybersecurity technologies for critical infrastructures? Attend i-HLS’s InnoTech Expo in Tel Aviv – Israel’s largest innovation, HLS, and cyber technologies expo – on November 18-19, 2020 at Expo Tel Aviv, Pavilion 2.

For details and registration visit InnoTech website.