News of security breaches has become quite common over the recent few years. While theft of credit card or personal information might be unsettling, a breach in an energy system infrastructure can be far more unsettling on the national level and have far-reaching effects. Besides, recovery from such attacks can take weeks to months.
In 2008, an alleged cyberattack shut down an oil pipeline in Turkey for three weeks. A malicious computer worm Stuxnet destroyed hundreds of Iranian centrifuges in 2009, resulting in disruption of its nuclear fuel enrichment program. In 2015, another cyberattack took down a section of the Ukranian power grid. As a result, grid substations had to be operated manually for several months.
The factors motivating attackers to launch cyberattacks are capability, motivation, and opportunity. According to Stuard Madnick, founding director of the Cybersecurity at MIT Sloan consortium, the United States hasn’t experienced major cyberattacks only due to lack of motivation. This scenario might soon change with a boost in motivation, encouraging attackers to disable the flow of natural gas throughout the country or bring down power grids. While emergency facilities and supplies could continue to run uninterruptedly for a few days, it might take a lot longer to repair the systems entirely.
The impact of such an attack will have long-lasting effects – those that people do not usually envisage.
The Underlying Problem
Since a lot of industrial facilities rely on software for plant control these days, it is imperative that energy systems ensure cybersecurity. For example, maintaining water-level in a boiler, or how much energy storage be able to store and release over a certain period of time. All such devices can be operated remotely or on-site. If a cyberattacker gains access to the software, he/she can easily disrupt the system.
Modern control systems are software-intrinsic and made of highly coupled components. The overall system does not exhibit behaviors that single components do. This makes it hard to single out the behavior of each component in isolation and identify cyber-vulnerabilities.
To combat this challenge, researchers developed an analytical method known as ‘Cybersafety’ that is designed to analyze cybersecurity of complex industrial control systems. Though it may be impossible to design a system that can guarantee 100% safety against security breaches, Cybersafety comes forward as a system that is highly resilient against cyberattacks.