Endpoint Security to Keep Energy Grids Running

Cybersecurity firms are warning that a new malware can be a threat to energy grids around the world. The malware, which has been dubbed both Crash Override and Industroyer, can cause power outages for up to a few days if it manages to infect a nation’s grid. Luckily, the Crash Override malware isn’t capable of leaving entire countries without power.

An analysis has shown that Crash Override was the malware behind the attack in Ukraine last year. In December 2016, cybercriminals managed to strike an electric transmission station near Kiev, Ukraine. The attack left some residents in the capital city without power for an hour. Researchers believe Crash Override is the same malware from 2016 because it had an activation time stamp of December 17th, which was the day of the widespread power outage. Officials in Ukraine and other security experts suspect that Russia backed the attacks on Ukraine’s energy grid, but Russia denies responsibility. The same Russian group that targeted Ukrainian systems in 2016 also tried to manually bring down the grid in 2015. The group, dubbed both Sandworm and Electrum by researchers, also targeted American industrial control systems in 2014.

The Crash Override malware can be detected if companies monitor the traffic on their networks. Network monitoring can help IT teams figure out if the Crash Override malware is sending messages to switch breakers or looking for the location of substations. Crash Override works by using the same technical protocols that grid systems use to communicate with each other. In the attack in Ukraine, the malware instructed devices to de-energize and re-energize substation lines.

Pieces of the Crash Override malware that weren’t turned on in the December 2016 attack have the potential to cause power outages that can last for a week, researchers believe. The malware can automate power outages, and has components that can be switched out so it can be adapted to utilities like water and gas. However, these capabilities haven’t yet been demonstrated. Crash Override can also erase the software that controls circuit breakers, which means the grid operator will have to revert to manual operations.

As geopolitical relationships become more complex, companies in the energy sector should find ways to protect their networks from malware. Below are a few tips for utility companies to use to avoid a power outage caused by a cyber-attack:

  1. Monitor networks for unusual traffic: Companies should monitor their networks for unusual traffic, which can help them uncover the Crash Override malware. Network monitoring can let companies quickly recognize if Crash Override is trying to de-energize substation lines. Through continuous network monitoring, companies can also immediately remediate any security gaps that are uncovered.
  2. Partition data: Companies in the energy sector should try to keep sensitive data separate from more standard information. Companies can also add an extra layer of security by keeping sensitive data offline or encrypting it.
  3. Limit user access: By limiting who has access to confidential data, companies can reduce the information a hacker has access to if they manage to break into a lower-level employee’s account. Companies can also require two-factor authentication for users who are logging into their accounts, which will reduce the chances of their accounts being compromised.
  4. Invest in cybersecurity: The energy sector as a whole needs to invest in strong cybersecurity protections to keep cybercriminals from compromising energy grids. By making sure a strong cybersecurity software is in place to detect malware and other cyber threats, the energy sector can prevent power grids from going down.

For the energy sector, cyber threat detection is the key to keeping citizens safe from power outages caused by malware. By using cybersecurity software to monitor for threats and limit user access, utility companies can help prevent a cyber-attack that can cause widespread damage.