The electricity sector is a critical infrastructure in any economy. The electrical grid throughout North America is considered as the world’s largest machine. It has been growing and evolving since the late 1800s and serves as a crucial element to our society. Not only does it affect the economy, but it literally powers every aspect of our lives. Schools, Hospitals, Homes, these all rely heavily on the electrical grid. Any intentionally caused interruption is a large concern to national security, public safety and the economy. A power outage in August 2003 that lasted less than a week in northeastern North America caused an estimated $2.3 billion CAD loss to the economy of Ontario, contributed to a 0.7% decrease in Canada’s GDP in August, and very likely led to loss of life.
Over the past ten years, the cyber threats to critical infrastructure has been on the rise, including to the electrical grid. To date, cyber threat activity against Canada’s electricity sector has consisted of fraud and ransomware attempts by cybercriminals, as well as espionage and pre-positioning by state-sponsored actors, all of which we expect will very likely continue. Cyber threat activity targets local distribution and bulk power system organizations, but threat actors intent on disrupting electricity or extracting a more lucrative ransom are more likely to target organizations involved in the bulk power system.
Supply Chain Attacks
Any large operation will operate with the use of a variety of subcontractors throughout the entire supply chain. Threat actors are smart. While it may be difficult to access exploits in the end target, a threat actor can target a subcontractor that exists earlier in the supply chain to get access to the data they want. High-sophistication cyber threat actors target the supply chain service providers for two purposes: to obtain intellectual property and information about the ICS (Industrial Control System) of a utility; and, as an indirect route to access the networks of electricity utilities.
Industrial Control System Vulnerability
The technology used in many ICS was designed before the modern internet. It was designed for safety and reliability. These are two important factors when dealing with such a critical component of the country. Over the last decade, legacy systems have been connected to the internet for convenience of monitoring and logging data. An unintended consequence of this convergence is an increase in the exposure and vulnerability of these systems to cyber threats delivered via the Internet.
The Canadian Centre for Cyber Security outlines more on this topic in their Cyber Threat Bulletin, which can be found here.