The race to shore up Europe’s power grids against cyberattacks and sabotage It was a sunny morning in late April when a massive power outage suddenly rippled across Spain, Portugal, and parts of southwestern France, leaving tens of millions of people without electricity for hours. Cities were plunged into darkness. Trains stopped and metro lines had to be evacuated. Flights were cancelled. Mobile …
> .. the Spanish power outage brings back unpleasant memories of the devastating cyberattack in 2015 that took down Ukraine's electric grid for six hours ..
You're forgetting The Northeast Blackout of 2003. Which a subsequent report found UNIX was to blame ;)
Apr 2004: Solving that mystery fell squarely on the corporate shoulders of GE Energy, makers of the XA/21 .. isn't based on Windows ..
Aug 2003: Slammer worm crashed Ohio nuke plant net
Most infrastructure is barely protected from incompetence, bean counters and accidents never mind terrorists and state actors - look at Baltimore Bay Bridge or Heathrow ‘overdue maintenance/replacement at the sub-station’.
Steal a petrol tanker and crash it into a substation, critical bridge, critical phone exchange (like London Linx), Channel Tunnel, Dover Port, Heathrow T2, Guard de Nord Station etc.
Woeful Strategic Resilience.
Same call out for mega Data Centres like Meta’s planned Prometheus or parts of Amazon US-East-1.
"Haan also advises his clients to renegotiate vendor contracts when they come up for renewal, to enable cybersecurity oversight on these proprietary systems."
The whole idea that the protection of Intellectual Property, aka, proprietary systems, trumps human lives and health somehow makes me puke.
Every supplier of life-and-death applications should be required by law to make them "repairable", be it in hardware or software. Actually, all hard and software should be repairable, by law.
Patent and copyright laws already protect the use and commercialization of soft and hardware. Neither of those needs secrecy about the products, and secrecy should certainly not be protected by the law.[1]
[1] I know, when users would be allowed how to repair products, they could prevent enshitification.
"More standards and regulations will help".... only if there's money to meet them. If the local utility company has to upgrade the HW, SW and comms for remote control and monitoring then someone's got to pay. What will probably happen in reality is that standards and regulations will be issued, the power company will calculate how many euros it will add to energy bills and then governments will balk at at and give them a deadline ten to twenty years hence to "phase in" the changes to meet the new regs.
Most people seem to be talking about logical sabotage by messing with the comms and data etc. of the control system. Yes, you can do a lot of damage that way, with various degrees of stealth (See Stuxnet).
Don't forget that the physical infrastructure is just as vulnerable to physical attacks. Just have a quick think about how you might fiddle with the bits of the grid that you can access! Most of us know which ethernet cable or power plug to remove to cause the maximum damage.,...same deal on the Grid, you just have to know which but to attack.
If you are really determined, hack the power company for distribution layout drawings,which are constantly changing and therefore widely distributed within the engineering arm after the organisation, and then coordinate physical attacks on the infrastructure exploiting redundancy info gleaned from the distribution drawings.
It doesn't take much to take out a transformer, you could do it noisily ( explosive) or quietly ( smash a low drain valve off with a sledge) massive loss of cooling oil would knock the unit out. The vast majority of distribution sites are unmanned so it's quite feasible to be in and out before the organisation can react.
The organisations involved are fully aware of this weakness which is far harder to defend against than locking up your control network.
smash a low drain valve off with a sledge
Anon ... well because
A relative worked for the local DNO for many years, and he said there are many, many more incidents than the public ever sees - they tend not to publicise them. Physical security at substations has been improving, but as suggested, if you want in then you can be in and out before anyone can respond to the security alarm. One example he cited was the security alarm went off, then a low oil alarm, and the engineer arrived just in time to see the last of the cooling oil running out of the stub where the drain valve used to be - with the valve presumably on it's way to being weighed in for scrap. These scrotes don't care a jot about the damage they cause, just what they can get to weigh in. As to damage, it can be serious - including causing house fires.
And of course, when someone breaks in, ignoring the warning signs, physically bypassing security measures (such as cutting locks off), and then sticks a finger where they shouldn't and gets zapped - well then apparently it was the DNO's fault for not keeping them out !
This is why we need to have diversity in the power solutions we all rely on.
Currently, the mix of household fuel sources including Gas, Electricity, Oil, LPG, Wood burners, coal, ground source heat pumps, etc. all work fine - with different definitions of fine and different side effects that they cause, including environmental impacts, costs for production, byproducts, safety, etc.
Similarly, with vehicles running on petrol, diesel, Electric, LPG and hopefully Hydrogen one day, then we have choices.
If there is an outage, for whatever reason - be that accidental or deliberate to any one of these energy types, then we can continue to survive as someone close by will be using an alternative source. However, if we all get forced to use just Electricity for everything, then its a huge self inflicted single point of failure and a very simple way to stop virtually everyone from being able to live - no heat, no cooking, no ability to charge the car and get around. We just all stop. There was a Plan A, but no Plan B.
Ok, so I'm a little long in the tooth but I remember reading numerous articles warning of this sort of thing in Scientific American & New Scientist 25 years ago (when they were Scientific & not Political as they appear to be today).
Heck, there was even an detailed article in Scientific American on a Guy in the late 1990's living on the beach in a large Caravan in the USA who had a denial of service hack attack on his Solaris system (perhaps a forewarning but a very interesting read).
Given that we have had 25+ years advance warning on this type of thing who the heck has been asleep at the wheel ? (and fire them if they haven't retired).
I came here to say the same thing. There has been more than enough notice and time to have put protection in place by now.
However, even basic security principles are often not followed - I know of systems where access codes are shared (because they have to be).
If the electricity grid controls have NO connection to the internet (airgap Airgap AIRGAP AIRGAP) then the attackers have no point of entry.
Unfortunately mismanaement insists on connecting everything to the internet.
Industrial control systems should NOT be connected to the internet.
I agree but ...
In order for the highly integrated system to be balanced (gas / coal / nuclear / wind / wave / solar) it's necessary for all the parts of the system to communicate with each other in no small part because the "renewables" grid input fluctuates continuously as does the load on the grid.
In an ideal world these systems would not need to use the internet, but in practice, it's the only practical way to make the balancing act that is modern power systems work, short of making a totally separate power intranet which is air gapped from the wider internet.
Part of the issue is that senior manager X wants to be able to log in to his/her power plant or network and see all the performance data whilst sitting on a beach in the Bahamas.
It should, in theory, be possible to simply pass data between locations but in practice, there is also the ability to take control of certain aspects of the system from a remote location either legitimately or else by "bad actors".
Surely you're joking Mr ComicalEngineer?
While I completely understand need for diff parts of the grid to be connected I cannot believe you're seriously suggesting it's being done over the public internet!
Over a private internet (which itself is entirely air-gapped from the public internet) is surely how it is being done - a good part of which I imagine will be over the fibre that 30 years ago was strung round the entire grid (anyone else remember Energis).
Unfortunately it IS being done over the public internet as it is cheaper and does not require the power companies to hire skilled network technicians.
Given the choice between insecure and cheap or secure and expensive mismanagement will always choose the cheap option.
> In an ideal world these systems would not need to use the internet, but in practice, it's the only practical way to make the balancing act that is modern power systems work, short of making a totally separate power intranet which is air gapped from the wider internet.
Then you need to have the critical equipment on it's own LAN or VLAN at the site than can only access the central control via a dedicated VPN link, yes it is still over the internet but the internet will just see an encrypted data stream
The hard part will be securing it and some lazy person rigging a way around it (like phone hotspot links!)
>it's the only practical way to make
I'm horrified that a private network isn't being used. Cost of a private network is miniscule compared to overall cost of generating and distributing electricity and would be even more miniscule if part or all of the grid was brought down by hacking from the public internet.
>will just see an encrypted data stream
I suggest seeing the data stream, encrypted or otherwise, between sites is not what matters. What matters is simply by being connected to the public internet sites are potentially hackable.
If diff bits of the grid really are using the public internet to communicate then it's just insane.
airgap Airgap AIRGAP AIRGAP
There is one simple response to that - Stuxnet. Airgaps are no protection to a determined and skilled adversary - simply because, for the systems to operate, there needs to be some form of interaction with "the rest of the world", even if that's only temporary.
Typical scenario. There you are, with a nicely airgapped SCADA system, and all smug that it's secure because ... AIRGAPPED. Then you need some maintenance - it could be plant maintenance, software updates, system changes to suit changed plant, or a number of other reasons. So the engineer comes along, connects his laptop to the system - and is careful to disconnect from the internet first to keep the airgap. But the engineer's laptop is compromised, and the malware on it immediately then downloads something to the SCADA system - where it sits, quietly, waiting for something, and then "boom" it does something to the plant. In hte case of Stuxnet, it deliberately messed with centrifuge speeds (while the variable speed drives reported normal speeds back to the SCADA) to physically destroy them.
The simple plan is to use the distribution network to send data, no need for a separate infrastructure, and modulate the data on the electric carrier signal.
It's been done before and could carry all the data requirements for grid management, self-contained within the grid infrastructure.
There is no need to connect it to the internet, but you can still use TCP/IP and the resilience built into the grid to make the data transfer reliable.
>modulate the data on the electric carrier signal
And if some or all of the grid goes down how do the sites communicate then?
I'm trying to understand why the fibre that was strung around the grid 30 years ago isn't being used. Energis sold use of it for a few years then went bust but surely the fibre is still there - yes/no, anyone?
A few things...
The powergrid cyber attacks in Ukraine were beyond next level for understandable reasons. The attackers knew the system as well or better than the operators, and combined all sorts of access, firmware wiping and whatnot. Most of the equipment attacked was the same as equipment in that other, larger and very peaceful country that is always minding its business and never, ever attacks its neighbors, never serves polonium laced tea and is in general a paragon of niceties.
The Industrial Control Systems security model is inherently different from the IT security one. ICS prioritizes availability and safety of the service(s) provided. IT security prioritizes the CIA triad (Confidentiality, Integrity, Availability), with C being primary.
As for how unsafe ships are - let's not panic yet. A read of the PenTestPartners blog is always a good read.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
