Page 40 - Cyber Defense eMagazine for September 2020
P. 40

These threats from cybercriminal groups, including Dragonfly, a.k.a. TEMP.Isotope or Energetic Bear,
            and Industroyer, are escalating and have prompted an executive order signed by President Trump in
            May 2020 declaring these types of threats to be a national emergency.

            In adhering to NERC’s mandated Critical Infrastructure Protection (CIP) protocols, power companies
            have continued to fortify their defenses for protecting electricity generation and transmission systems
            against cyberattacks. But because of a technical issue, the power grid remains vulnerable.



            The Power Grid’s Command and Control Operations Require Lightning-Fast Communication.


            The U.S. power grid today comprises roughly 3,300 utilities that work together to deliver power through
            200,000 miles of high-voltage transmission lines; 55,000 substations; and 5.5 million miles of distribution
            lines that bring power to hundreds of millions of homes and businesses.

            The ability to protect the grid is not possible with the existing encryption systems of today. The grid’s
            command and control systems in a lot of cases must communicate as close to real time as possible.
            Unfortunately,  encryption  systems  currently  on  the  market  take  over  50  milliseconds  to  encrypt  and
            transmit this data. The current use of overlaying firewalls, routers, and network switches can be defeated
            by hackers. Even physical separation of systems falls prey to human error.

            The grid’s command and control systems include:

               ●  Supervisory control and data acquisition (SCADA), for monitoring, gathering, and processing real-
                   time data through human-machine interface (HMI) software often at remote locations;
               ●  Distributed control systems (DCS) that improve reliability of control, process quality and power
                   plant efficiency;
               ●  Turbine generator control systems;
               ●  Substation and generator protection systems.

            The ability to protect and guard these systems requires never before seen speeds of data encryption and
            networking.



            Vulnerabilities Leave the Power Grid Wide Open to Cyberattacks.


            If the COVID-19 pandemic has taught us anything, the unthinkable can happen. In the United States,
            there currently are around 10,000 power plants producing greater than 1 megawatt. In addition, there are
            thousands  of  extra  power  plants.  If  a  hacker  gets  into  the  operational  technology  (OT)  system  and
            effectively controls system voltage or frequency, this could damage not only one plant, but dozens --
            upwards of 20 to 40 power plants in a region – thus possibly resulting in extended periods of loss of
            electricity.








            Cyber Defense eMagazine – September 2020 Edition                                                                                                                                                                                                         40
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.
   35   36   37   38   39   40   41   42   43   44   45