Power stations and power grids are under constant threat from new risks. When an outage happens, the repercussions can reach the Clouds.
Power grids, water utilities and hospitals are among the vital facilities our society relies on, and are classed as critical infrastructure accordingly. The fact they are so important means they need special protection. Now, however, as IT services are increasingly being relocated into the Cloud, the data centres that look after them are growing to be just as important, as became clear in early September.
That was when a lightning strike during a hurricane in Texas forced the shutdown of a central Microsoft data centre, which hosted a number of the company’s Azure Cloud services. This local problem had global consequences: Microsoft customers around the world had no access to central Azure services, in some cases for several days, and many could no longer log in to Office365 because the Acive Directory login service was also affected.
Breakdowns of this nature make it even more important for every major data centre to have a redundant and fail-safe structure in place for essential supplies like electricity and water. First, however, reliable protection must be assured for power generators and water utilities. Attacks on these key components of critical infrastructure have been popular for a long time, and are often politically motivated, as the devastating outage at a power station in Ukraine in late 2015 made clear.
The energy supply system is the Achilles heel of IT: without electricity, nothing is possible. That is why new attack scenarios are of major interest. At the Usenix Security Conference in August, a team of security researchers from Princeton University showed that dangers can also come from unexpected sources. Instead of aiming directly at a power station, the experts simulated attacks on high-wattage devices, in other words those that consume a lot of power. They focused on state-of-the-art air-conditioning units, heaters and ventilation systems, since the power rating of such devices tends to run to thousands of watts. These devices are increasingly networked, and are thus potentially open to attack via the Internet. The researchers showed that security loopholes and hacks could make these devices part of a botnet, similar to the Mirai botnet of two years ago. But instead of misusing the hijacked devices for DDOS attacks, as happened in that case, the perpetrators can use these devices to launch an overload attack on the power grid.
If a botnet is big enough – in other words, if enough devices are hacked – it would be possible to switch on a large number of these devices simultaneously in a limited geographical area and run them at full load, thus drawing large volumes of electricity. The consequence would be a local overload on the power grid, which could lead to further outages. In the worst case, this could trigger a chain reaction of malfunctions. A sizeable regional blackout could be the result, as the security experts demonstrated. Even if the risk currently appears relatively small, the more widespread use of Smart Home devices in the coming years could raise the level of risk appreciably.
We look at the management aspect of attacks in a further article .
You will also find news about all aspects of it-sa and the IT security environment in the it-sa Security Newsletter.