Digital attackers are increasingly targeting energy organizations including those that support national electric grids. As reported by Morning Consult, security researchers found that utilities worldwide had suffered a recorded 1,780 distributed denial-of-service (DDoS) attacks between June 15 and August 21, 2020. That’s a 595% year-over-year increase.
Brandon Robinson, a partner at Balch & Bingham LLP, said that these research findings highlight how malicious actors of varying motivations continue to prey upon utilities entities.
“Whether one’s motivation is to do financial, economic, national security or industry harm, critical infrastructure such as the electric grid can be a natural target for such cyberattackers,” he said, as quoted by Morning Consult.
The Cyber Threat Situation in Canada
The Canadian Centre for Cyber Security (the Cyber Centre) recognizes how the information systems responsible for upholding Canada’s national electric infrastructure are subject to the above-mentioned threats. That explains why the Cyber Centre released its “Cyber Threat Bulletin: The Cyber Threat to Canada’s Electricity Sector.” This publication yields four key insights into the state of digital security for Canada’s energy sector.
Insight #1: Fraud and Ransomware Abound
According to the Cyber Centre, most of the observed digital threat attempts against Canada’s electrical organizations have involved ransomware and fraud. The latter attack category has included stealing sensitive information pertaining to a victim organization’s business operations as well as to its customers.
Looking ahead, the Cyber Centre expect that these types of threat activities will continue. Part of the reason for this prediction is the Cyber Centre’s assessment that ransomware actors are continuing to hone their creations’ abilities to spread across IT networks and infiltrate Industrial Control Systems (ICS). Acknowledging that development, the government program forecasted that digital criminals would be capable of targeting Canadian electrical ICS for extortion within the next three years.
Insight #2: Interdependencies with U.S. Grid Amplifies Risks
Evidence suggests that state-sponsored actors have been targeting the Canadian electricity sector since at least 2012 for the purpose of collecting information. Such information empowers those malicious actors to craft additional capabilities that would allow them to disrupt organizations within Canada’s electricity sector.
The Cyber Centre doesn’t think it’s necessarily likely that nefarious individuals would seek to intentionally disrupt Canada’s electricity sector in the absence of international hostilities. However, Canadian electricity organizations still face the threat of a digital attack because of the way in which the U.S. and Canadian grids are interconnected. Indeed, the Cyber Centre explained that there are more than 35 transmission line connections running across provinces that border the United States. Malicious actors could subsequently focus on those connections—and Canada more generally—as an intermediate target through which they could affect the availability of the U.S. electrical grid.
Insight #3: Supply Chains and MSPs Constitute Enticing Initial Targets
Electric organizations rely on supply chains and managed service providers (MSPs) in order to perform maintenance, modernize their equipment and develop new grid capacities. Malicious actors know this, which is why the Cyber Centre assesses that high-sophistication actors will continue to target supply chain organizations and MSPs serving the Canadian electricity sector for the next few years.
When it comes to attacks against electricity sector supply chains, the Cyber Centre explains that malicious actors have two motivations in mind: obtaining intellectual property and other data about the victim’s ICS as well as indirectly gaining access to an electric utility’s network. Nefarious individuals can leverage attacks against electricity sector MSPs for the same purposes as well as for scaling their malicious activities.
Insight #4: The IT-OT Convergence Is Making ICS More Vulnerable
Years ago, Information Technology (IT) and Operational Technology (OT) were separate, with teams operating in distinct silos. That’s changed with organizations’ digital transformations. In an effort to increase their visibility over and thereby maximize their industrial processes, organizations are connecting their ICS and other OT assets to web-connected IT devices such as sensors. The problem is that many of those OT assets are legacy devices that were designed without today’s IT threats in mind. This IT-OT convergence thereby makes these industrial assets vulnerable to digital threats.
Subsequently, the Cyber Centre assesses that digital criminals are likely adapting their activities to capitalize on the IT-OT convergence. It forecasts that these malicious actors will specifically aim to exploit new smart grid technology, as those solutions tend to suffer from even greater digital risks because of their complex supply chains and interconnectedness with other entities.
How Canadian Electricity Sector Organizations Can Defend Themselves
Organizations in the Canadian electricity sector can defend themselves against some of the threats discussed above by hardening their digital security. They can specifically do this by investing in a solution that lets them gain visibility over their industrial environments, monitors the network for potential problems, detects misconfigurations and uses vulnerability assessments to gauge their systems’ security on an ongoing basis. Learn how Tripwire can help.
Achieving Resilience with NERC CIP
Explore the critical role of cybersecurity in protecting national Bulk Electric Systems. Tripwire's NERC CIP Solution Suite offers advanced tools for continuous monitoring and automation solutions, ensuring compliance with evolving standards and enhancing overall security resilience.