A cyberattack on a power company can have catastrophic consequences. One malicious email, infected assets, or a compromised supply chain partner can lead to loss of power across entire regions. While it’s acknowledged that their distributed infrastructure, increased digitalization, and reliance on supply chain partners puts power companies at an increased risk of financially motivated attacks like ransomware, a new and disturbing trend is emerging. Nation-state hacking groups, sponsored by governments across the globe, are increasingly targeting power facilities. Between 2017 and 2020, there was a 100% rise in ‘significant’ nation-state threats around the world, with almost half of these attacks targeting both physical and digital assets.
Why do nation-state hackers target power companies?
Nation-state attackers target energy companies because of the political and societal damage they can cause. Bringing any form of critical infrastructure to a standstill can have huge financial implications. And downtime and industry shortages can weaken a country’s power supply. State-sponsored groups may also be looking to establish a foothold in a specific network in anticipation of future geopolitical tensions.
While physical destruction or information system Denial-of-Service (DoS) is a frequent motivation, there are other reasons why nation-states employ hackers to target the power industry. One such motive is espionage, whereby hackers capture information to steal trade secrets or to exploit in further attacks. Recent attempts to steal IP data on vaccines have demonstrated the lengths to which nation-state attackers are willing to go.
Despite being highly sophisticated, state-sponsored attacks use many of the traditional techniques that hackers employ. These include data exfiltration, distributed denial-of-service (DDoS), supply chain compromises, and public-facing application attacks. But nation-state attackers are better equipped than your average hacking group, with government-backed financial support and access to their country’s most powerful resources.
Global nation-state attacks that have impacted the power sector
Some of the first notable, successful nation-state attacks were those targeting Ukraine’s power grid in 2015 and 2016. In the winter of 2015, a first-of-its-kind cyberattack led to an interruption of electricity and water supplies for 230,000 people in western Ukraine, with hackers also sabotaging physical equipment to delay restoration attempts. The first confirmed sabotage of a power grid, this attack was attributed to the Russian hacking group “Sandworm”.
Ukraine experienced another similar breach just a year later, this time targeting the SCADA systems of power supplier Ukrenergo and causing a blackout in northern Kyiv. Saudi Aramco became a target in 2017 when hackers damaged a power plant’s safety controllers and prompted a site shutdown. More recently in the US, the 2020 supply chain attack on software company SolarWinds compromised around 25% of the country’s power utilities.
Despite many different countries launching nation-state attacks, a 2021 report found that 58% of these incidents originate from Russia, with the top three target countries being the US, Ukraine, and the UK. In light of this, the White House issued a warning in March 2022, urging critical infrastructure companies to “harden […] cyber defenses immediately.”
Shielding against state-sponsored cyberattacks
While nation-state attacks can cause huge damage, the methods used to prevent them are the same as for any other type of attack. The best way for power grids and utilities firms to secure their networks is to improve their visibility of cyber threats. And the best way to achieve this is through cyber threat intelligence.
Centripetal’s CleanINTERNET is a centralized, simplified service that aggregates over 3,500 cyber threat feeds. CleanINTERNET automatically shields high-risk threats and delivers actionable reports on incoming cyber risks relevant to your business, becoming an extension of your team. This secures power companies from incoming and outgoing threats, even from trusted partners along the supply chain, creating a Zero Trust network environment. CleanINTERNET gives power companies enhanced threat visibility at a fraction of the cost of multiple, disparate threat feeds.
Find out more about CleanINTERNET’s use in the power sector and how we detect and prevent nation-state attacks by getting in contact with our team.