The electrical power grid is the backbone on which everything else depends on. A cyber criminal could debilitate a major city by a single targeted attack on the energy grid and compromise anything from the lights and appliances in homes, to heart monitors in hospitals, to air defence systems.
The most prevalent cyber threat reported by the global energy sector is extortion. Criminals gain access to a utility's system, demonstrate that they are capable of doing damage, and demand a ransom. Additional threats include espionage and sabotage all with the goal of financial gain, data theft and shutting down facilities.
How did we wind up with a system of energy production and distribution so vulnerable to attack? The answer lies in well-intentioned efforts to modernize energy distribution and make it safer, cleaner, more efficient, less costly, and open to more alternative forms of production. What makes the smart grid vulnerable?
Outdated systems: An estimated 70% of the existing energy grid is more than 30 years old. In the effort to update it and integrate it with more modern installations, connecting aging systems to the internet without the benefit of encryption, security has largely been an afterthought.
Automation: Moving systems from a manual process to one that is internet connected gave energy grid operators real-time info and allowed administrators to telecommute and field workers to re-programme systems from remote locations through their smartphones, however, this also opened all their systems to the outside world.
Interconnection of embedded systems: The third and perhaps most alarming cause of vulnerability is the proliferation and increasing interconnection of embedded software and devices directing the flow of energy. While each of these built-in computers is typically single-function with a very specific task, more and more are being built with off-the-shelf rather than proprietary software, making them increasingly generic -- and therefore vulnerable. As such, they are the prime targets of intruders seeking to gain control of or disrupt the delivery of energy.