Enhance cybersecurity awareness and survivability for DoD, industry partners, and academia in the face of the ever-increasing threat of cyber attacks. Cybersecurity (CS) includes managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes, including analog and physical form. CS includes information availability, identification and authentication, confidentiality, integrity, and non-repudiation as well as the economic considerations with respect to selection of CS techniques, CS processes, and industry trends.
In the cyber-physical domain Cyber Security requires to consider both – OT and I
Today’s modern societies rely on highly complex networks of ‘critical infrastructure’ to provide supplies and services. These include (but are not limited to) information technology, telecommunication, transport and healthcare – all fuelled by electricity. What makes these technologies increasingly efficient is their increased interoperability – powered by digitalization. And we are just at the early stage of this today. Sophisticated machine learning processes and artificial intelligence will take control to optimize ecosystems on an entire system level, for the best possible outcome. Our interaction with these systems will become increasingly intuitive – or even just guided by our behaviour, without any need for direct input.
These great levels of optimization and comfort come potentially with a high price: vulnerability. If one critical pillar of this highly-sophisticated system fails, this can lead to a chain reaction potentially impossible to control. One of the weakest links are electricity networks – from generation and transmission to distribution and loads. The electricity networks are – in the majority – overaged and consist of a whole zoo of technologies as potential entry points and hence provide an excellent surface for cyber-attacks. The increase of new connected devices, such as Smart Meters finally installed in every single home, Electrical Vehicles and the Internet of Things (IoT), is expanding this attack surface dramatically. In an increasingly digitized world, where anything and everything rely on the availability of electricity, this poses a significant risk to the society at large.
The German government has tasked the “Office of Technology Assessment at the German Bundestag” (‘TAB’) to assess the risk of the impact on modern societies of a large-scale blackout . The summary is: Life becomes uncomfortable within a very few couples of hours and life-threatening (for some) in less than a day. Beyond that point, the society is sequentially collapsing – under dreadful conditions. If you are interested in a fictional vision of that matter, listen to Marc Elsberg’s audiobook ‘Blackout – Tomorrow Will Be Too Late’, which is based on the findings outlined in .
If multiple utility-scale generators are targeted and compromised, it could potentially break up the power system.
While this sounds like a plot for a Hollywood movie, unfortunately, it’s a possible scenario – and it is built on attack vectors, hackers advance on (see referenced article below) since the potential impact is massive. Today’s electricity grids are designed towards the requirement of maintaining the balance between loads and generation. If multiple utility-scale generators are targeted and compromised, it could potentially break up the power system and lead to a complete blackout. Hence Power plants are a prime potential target for cyber threats.
To stay ahead of the invaders it becomes critically important that Cyber Security measures are not only focusing on the attack vectors on the information technology side, but that deep and detailed subject matter expertise on the operational technology is combined with sophisticated capabilities on information technology. To safeguard life, property and the environment in the cyber-physical domain requires industry experts that are on the forefront of digital and the latest cyber security threats, combined with a heritage of deep industry insights that cover the decades during which current technology was deployed. A real-life event supporting this statement is the attack on a Power Plant in Saudi Arabia in late 2017: ‘Hackers halt plant operations in watershed cyber attack’ (article).
 ‘Was bei einem Blackout geschieht. Folgen eines langandauernden und großräumigen Stromausfalls’, Studien des Büros für Technikfolgen-Abschätzung beim Deutschen Bundestag, ISBN 978-3-8360-8133-7, 2011 by edition sigma, Berlin
You must be logged in to reply to this topic.