| Cyber security
in the energy sector and maintain persistent access to networks to lay foundations for future operations. Within the energy sector, key cyberthreats include ransomware, exploitation of remote access, supply- chain attacks, phishing, and malware. Impacts to energy entities from these adversarial techniques can range from loss of information, productivity, and revenue to sabotage of operational processes and damage to equipment or the environment. Although the dam sector faces cybersecurity threats
similar to those affecting the overall energy sector, those targeting dams seek impacts beyond power outages including flood, loss of navigation and water supplies, plus safety and economic impact to the facility and downstream communities. While the use of outdated equipment (often with hard-coded and default passwords), rural facility locations, smaller operators with few resources for cybersecurity, and the variability of hydropower facilities can cause unique challenges to cyber defence.
As a company that specialises in critical communications infrastructure, Ground Control says that the increased integration of Internet of Things (IoT) devices and sensors within the hydropower and dam sector has brought greater infrastructure complexity, creating more vulnerabilities for several reasons: Increasing number of attack surfaces: Every device connected to the network becomes a potential target for attackers. The more there are, the further the range for potential attacks is increased. Device security: The substantial volume and often remote location of IoT devices increases the difficulty of keeping firmware and software up-to-date. Moreover, their physical dispersion can expose them to theft and tampering. Lack of standardisation: Different manufacturers exercise varying levels of security and a lack of standardisation can make it challenging to implement consistent security practices across all devices.
Legacy systems: Many critical infrastructure systems still rely on older technology that may not
have been designed with modern cybersecurity standards in mind. Interoperability challenges: Ensuring that different IoT devices and systems work together can be challenging. This can lead to security compromises to enable connectivity, potentially weakening overall security.
Network visibility: Depending on the network’s connectivity and device location, a 360 view can be difficult to achieve and maintain, making it more difficult to detect and respond to cyber attacks. Data privacy: IoT devices often collect and transmit sensitive data. Inadequate data protection measures can lead to data breaches, compromising privacy and potentially providing valuable information to attackers.
Serious threats As Senator Ron Wyden said, the seriousness of cyber
threats to critical infrastructure has been clear for years in the US, but companies and agencies across federal government have been slow to respond to them. “As the Chairman of the subcommittee responsible
Above: Senator Ron Wyden recently chaired a hearing to examine the federal and non- federal role of assessing cyber threats and vulnerabilities of critical water infrastructure in the US energy sector Editorial credit: DCStockPhotography /
Shutterstock.com
The growing risk of Y2Q
The world witnessed large-scale global efforts to address the issue of Y2K (also known as the millennium bug) during the final decade of the last century. The problem stems back to the 1960s when computer programmers tried to save limited disk and memory space, which led to great uncertainty about how computers would handle the year 2000 which was represented as 00 in programmes. An estimated US$308 billion was spent on the problem worldwide but due to international coordination and effort, the Y2K problem was well handled. None of the Doomsday predictions affecting planes, utilities and power plants amongst others came true. The Y2Q problem relates to the algorithms that currently secure systems against cyberattacks. If malicious actors have access to such quantum computing power, they could break the security of government and enterprise systems, disturb or even damage public services and utility infrastructure, disrupt financial transactions and compromise personal data. Y2Q is a large-scale external threat with malevolent intent to cause damage or harm. There is complete uncertainty about timelines as it is not known when sufficiently powerful quantum computers that can break currently used cryptography algorithms will be available. Although in comparison Y2K was a huge problem it was simple and straightforward to solve. Y2Q is described as being a growing concern as quantum risk in cyberspace slowly emerges and there are multiple proposed solutions. What is certain however, is that action needs to be taken now. What you need to know about the Y2Q cybersecurity threat | World Economic Forum (
weforum.org)
www.waterpowermagazine.com | May 2024 | 63
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64 |
Page 65 |
Page 66 |
Page 67 |
Page 68 |
Page 69 |
Page 70 |
Page 71 |
Page 72 |
Page 73 |
Page 74 |
Page 75 |
Page 76 |
Page 77
