Protecting IT systems from attack is an increasing priority for utility providers around the world as operations become more data driven, industry experts said.
While digitalisation can result in more efficient operations, from reducing costs to having a direct approach to customer needs, it can also be a breeding ground for cyberattacks.
Security becomes a larger problem, particularly for electricity providers, said Kip Gering, the vice president of management and marketing at Networked Energy Services (NES).
“This new technology that you hear a buzz about, Internet of Things [IoT], well, security is a problem,” he said at the Smart Grid Security Summit in Dubai on Monday. “The importance of electricity in people’s everyday lives, and the protection to deliver that electricity, is very important.”
The US-based company provides smart grid solutions to power utilities in the United States and Europe. However, Mr Gering said the company was looking at the Arabian Gulf markets with the rise in smart-metering systems.
In Dubai, a rollout of smart grids is underway as the emirate looks to install more than 1 million smart meters by 2020. And every smart meter can be a point of entry for a hacker.
The emergence of ransomware, such as the recent global WannaCry attacks, has renewed fears over system vulnerabilities. The cyber security firm Symantec said US$5 million is extorted each year through ransomware, which the company claimed was a conservative estimate.
Sharjah Electricity and Water Authority (Sewa) has allocated 15 per cent of its budget to security annually for the past three years, said Rashid Alleem, the Sewa chairman.
“Security is a concern and all of the UAE utilities have their own strong IT departments to make sure there is no penetration,” he said.
Sewa has global companies come in periodically to test its system to ensure security, but the utility is looking to increase its investment in cyber security. “When we had this WannaCry virus, like anything, everyone began thinking that we need to go back and revisit our budget now,” Mr Alleem said. “That is the reality. It wasn’t expected at all to do that much damage.”
Muhammed Khan, a security infrastructure specialist at the Health Authority – Abu Dhabi, said that IoT devices will hit the 20 billion mark by 2020, which means a surge in an entire illicit network. “The criminal network has begun offering ransomware as a service, enabling anyone to extort their favourite targets,” Mr Khan said.
But a breech at a power utility is a national security issue as it can involve overriding commands for a nuclear power plant, or shutting off the power supply, which can hurt the economy.
Emil Gurevitch, an NES security software engineer, spends his time trying to hack systems to repair their weaknesses. In one four-month approach in Denmark – attacking power grids is not a quick hit – he was able to study his own smart meter to become familiar with the technology. He contacted the meter vendor expressing an interest in the product to glean more insight.
An internet search revealed a user manual, and that led him to begin creating tools to break into the meter. He was able to reach up to 35 meters in Copenhagen. “In a population of a million meters that may not sound like much, but once you compromise a meter, you can use it as a stepping stone to reach the next 35 and so on,” Mr Gurevitch said.
“You find a weakness and then you ‘virtually’ move through the neighbourhood.
“It’s a high-cost attack, but it’s interesting because it starts in a living room.”
lgraves@thenational.ae
Follow The National's Business section on Twitter
