One of the most feared attack surfaces is a nation’s power grid, and for good reason. If cyberwar erupts and a nation’s power grid is hacked, everything that keeps a society afloat could essentially crumble. Over the years, the U.S. Department of Homeland Security has conducted several tests that prove that real cyber-attacks on the grid are very possible, and can cause very real physical damage if not prevented. To further the concern, researchers have discovered that 2014 brought a six-fold increase in detected cyber incidents.
A common belief in the energy industry is that most organizations rely much too heavily on risk-based calculations borrowed from the business side of things – ones that don’t necessarily match up with the level of protection needed by a critical infrastructure. Hence the need for energy IT professionals to look deeper into the processes in place to ensure they have the most custom plan of attack appropriate to their industry. For example, although a majority of these incidents are still caused by employees internally, researchers have seen a 40% increase in incidents attributed to hacktivists, which requires a different set of tools or policies than an industry with only employee-caused incidents.
Now there is an urgent need for more stringent standards–especially in the area of cyber security–to protect the Bulk Electric System (BES) of the North American power grid from the dramatic rise in cyber threats in recent years. This has led to the development of CIP Version 5 (CIP V5).