Author: – Comune di Benetutti –
Prevention is better than cure. This is the philosophy with which the Benetutti Electricity company participates as pilot in the CyberSEAS project.
Starting from this concept, we began a process of defining a set of cybersecurity scenarios and simulating attacks on electrical infrastructure with the aim of identifying critical issues that could allow malicious actors to violate both data and infrastructure and cause damage, even significant, to the Distribution System Operator.
Read more for discovering cybersecurity threats and attacks facing EPES.
It is universally known that numerous IT&OT devices are installed within the aforementioned electricity infrastructures which, if attacked, can determine the interruption of the distribution service and all the consequences that such event can cause (e.g. interruption of critical services such as hospitals, transportation, etc.). It should be notice that these devices can be attacked both through physical (intrusion, sabotage, etc.) and cyber (DOS, malware, etc.) vectors.
Indeed, such threats clearly impact citizens and the whole community (let’s think about the entire public lighting system, traffic light systems and so on). Besides service continuity, many scenarios can deal also with data protection and privacy. In fact, malicious attackers can also execute the fraudulent collection of “sensitive” data related to citizens. Such data can be stolen, modified, exploited for further attacks or used for asking a ransom. At the same time, unavailability of data is a problem for the DSO which cannot exploit them for routine operations (network balancing, monitoring, billing, etc.).
EPES operators are indeed asked to operate on two different fronts:
- On the physical side, through strengthening and monitoring of the site and of the area immediately surrounding the Cabin. In this case, since cabin are most of the time unsupervised, the control system should be able to alert operators in case of anomalies for prompt intervention and implementation of further countermeasures.
- On the cyber side, through continuous monitoring of the IT infrastructure present inside the Cabin and along network backbone (as well as the concentrators, disconnectors, circuit breakers, etc.). In this case IT infrastructure should be secured and resilient by design, providing redundancy in controls and strict procedures. While human in the loop (e.g. operators) should be properly trained to recognize tentative attacks (e.g. phishing).
Both layers should be addressed in a holistic approach that concerns: security and cybersecurity by design, continuous risk management following Plan-Do-Check-Act paradigm, legal compliance assessment, drafting of mitigation and response plan, creation of an emergency system that includes clear organization, tasks, roles, procedures, tools and communication with external entities (including national authorities and citizens).
It is also fundamental that all the prevention systems adopted are aimed at preventing the hijacking of remote management and remote control of the electricity grid through an intrusion into the computer system. Indeed, it is extremely important to design such kind of remote systems to enable remote functionality for authorized operators while avoiding intrusion and privilege escalation.
It is therefore necessary to acquire the awareness that when any network infrastructure is brought from an analog level to a digital/IT level, the need arises to prepare all the necessary countermeasures. And this is one the missions of the CyberSEAS project as well as the objective of Benetutti Electricity Company digital transformation!