Ulises Castillo

Hacking the Grid

Wed, 02/24/2016 - 16:34

A hijacker manages to gain control of 1 million smart meters and decides to fake consumption metrics. This would invariably create a mess in the whole country’s energy management. Even worse, the system could detect the need to deploy more energy or redirect it to other regions, overcharging the substations and transformers and causing them to blow up. While this scenario seems to be ripped out of a page from a popular Sci-Fi book, for Ulises Castillo, CEO of cybersecurity firm Scitum, the situation could very well become a reality.

Companies in the electricity market have embraced SCADA and industrial control systems (ICSs) and these now form part of IP networks and the famous Internet of Things (IoT). “Developers of these smart technologies are unaware of security issues, so they launch products and features to fulfill the market’s expectations. However, the IoT means a new world of vulnerabilities waiting to be exploited, even with basic attacks in some instances,” Castillo warns. Companies implementing smart grid technologies must be aware of the risks and avoid vulnerabilities in their codes. Raising awareness about cybersecurity is a monumental task for Scitum; nevertheless, it strives to offer a new set of products and services to protect SCADA systems, ICSs, and the IoT infrastructures, all of which are an inherent part of smart grids.

What are the current practices electricity companies take in regards to cybersecurity? This is a question Scitum sought to answer a few years ago. Castillo relates the experience, “Some time ago, one of the top executives in Mexico’s energy sector visited us to review some services we were providing at the time. His team asked us to hack some substations, which we did, and ultimately we showed how easy it was.” In this instance, Scitum was able to penetrate the systems controlling the substation by using basic tools. These were not even considered advanced attacks and the consequences could have been dire, “Once in the system, we had the ability to shut down the substations and cause a blackout in an entire region. This happened a few years ago, and now things are even worse,” Castillo adds.

Attacks are constantly evolving, and it is common that attack vectors use spear phishing, which differs from the typical phishing spam email. “This spear phishing is a customized type of phishing contextualized to the victim’s situation. Five years ago we began seeing specific malware focused on SCADA and ICSs, which are used to manage critical infrastructure in many countries.” The most efficient virus so far, which has been specifically created for SCADA, is Stuxnet. “It was first used to attack the SCADA systems used to enrich uranium for production of nuclear power in Iran,” Castillo recalls, adding that Stuxnet marked the beginning of a new era of malware focused on the SCADA system.

With IoT and smart grids, security is paramount, “Four years ago, security units found SCADA handbooks in the hands of Al Qaeda. In addition, experts have studied the work of Chinese hackers, and the results show many of them are evaluating the intricacies of SCADA systems around the world.” Even the director of NSA has stated that China has the ability to cause power cuts across an entire country. In the case of Mexico, there has been only one crowning utility in the electricity market and now that this is bound to change, in Castillo’s eyes, there will be more risks for the country. “We need to create more awareness on the risks and expand the number of projects to increase cybersecurity,” he insists.

It is through collaboration that companies in the cybersecurity milieu can keep track of the evolution of malware. “Scitum is actively collaborating on a daily basis with different Mexican and international organizations. We are now collaborating with Microsoft’s Digital Crime Unit in Seattle, which is disseminating materials and sharing its information with different countries.” The company has also started working with the Scientific Police in Mexico, and it has links with several cyber intelligence services. “Now we are receiving information for the Latin American region on issues such as possible cyber risks in the energy sector, new types of attacks, the attack vectors (the path attackers follow to penetrate a network), SCADA systems, databases, and so forth. Collaborating with specialists across the technology industry enables Scitum to help customers protect their infrastructure.” The services include not only the traditional IT services, but also identification of risks related to SCADA, ICSs, or smart grids. As Mexico strides towards technology and innovation, cybersecurity players will serve as its shield.