How is the Electric Grid Vulnerable to Cyber Attacks?
The electric utility industry is a valuable target for adversaries seeking to exploit industrial control systems and operations technology for a variety of purposes.
Attacks on electric systems – like attacks on other critical infrastructure sectors – can further an adversary’s criminal, political, economic, or geopolitical goals. As adversaries and their sponsors invest more effort and money into obtaining effects-focused capabilities, the risk of a disruptive or destructive attack on the electric sector significantly increases.
A power disruption event from a cyberattack can occur from multiple components of an electric system including disruptions of the operational systems, targeting enterprise environments to achieve an enabling attack through interconnected and interdependent IT systems, or through a direct compromise of cyber digital assets.
According to a report by dragos.com, an Iranian-sponsored hacking group called Magnallium has been trying to get access to American electric utilities for at least a year. The hackers have been trying to guess passwords for hundreds of accounts linked to US electric utilities, plus oil and gas firms, a technique known as “password-spraying.” This chimes with findings from Microsoft, which revealed it had seen a similar campaign in November 2019.
No comments:
Post a Comment