Electrical grids worldwide have become more susceptible to cyber attacks due to the use of industrial control systems, according to market analysts ABI Research.
Spending on cybersecurity to protect infrastructure will total $2.9 billion by the end of 2013, the analyst claims.
“The restructuring of the power sector and the emergence of the smart grid has largely ignored the issue of cyber security,” ABI Research claims in a report this week, which described electrical firms as “woefully” prepared for attacks. “Industrial control systems have poor methods of authentication, little encryption, and are not often capable of detecting intrusions. By failing to address cyber security, and focusing on the cost-savings and gained efficiencies of a market-oriented model, the susceptibility to cyber attacks has grown.”
This week the Wall Street Journal reported that hackers had penetrated systems belonging to energy companies in the U.S. Quoting unnamed sources, the WSJ claims that Iranian hackers proceeded “far enough to worry people.”
“Cyber-attacks that can cause serious damage to electrical grids are a reality. Operators need to view cyber security as a core, integrated requirement of their offering and not as a secondary add-on,” says Michela Menting, ABI Research’s senior analyst for cyber security.
Menting says that government efforts to tackle vulnerabilities are raising awareness of the issue, and that companies such as Alliander, Enel, and E.On Nordic have already “made significant efforts at implementing a cybersecurity culture”.
A Congressional survey of electrical utilities this week found that companies faced up to 10,000 attacks per month. Out of 53 companies surveyed, more than a dozen described attacks on their systems as “daily” or “constant”. One company complained of being under a “constant state of ‘attack’ from malware and entities seeking to gain access to internal systems.”
This April, a spear-phishing attack which targeted an American electrical company was documented in this month’s Monitor report from the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).