Tech firms vie to secure energy sector against cyberattacks

Jan 22, 2014

To hear cybersecurity companies tell it, the U.S. energy industry is a ticking time bomb.

Smart electric meters on the sides of houses can be entryways for cyberterrorists to shut off a city's power grid. Remote-controlled valves in oil refineries can be manipulated to cause costly spills.

As reports of hacking perpetuate around the globe, security and technology firms are rushing to introduce high-tech products and services to protect power plants, pipelines and oil companies from cyberattack.

The emerging business could soon be worth billions of dollars a year as agencies including the Federal Energy Regulatory Commission and the Nuclear Regulatory Commission order companies to better protect the infrastructure.

"It's huge," said Greg Bell, a partner with the consulting firm KPMG who works in its cybersecurity division. "Almost every device we put in a power plant or an oil refinery is computer-controlled. They all have to be secured. Cybersecurity is a growth area across all the different industries, but especially oil and gas and (power) transmission."

The U.S. Department of Homeland Security maintains a cybersecurity team that responds to hacking attacks in the country's private sector. Of the almost 200 cases it handled last year, more than 40 percent were in the energy sector, according to an agency report.

Would-be attackers include anti-capitalist groups, criminal organizations, rival companies and those employed by foreign nations, Bell said.

So far, as a official acknowledged in a recent conversation, there has not been a successful large-scale cyberattack on the U.S. energy industry. No grids have lost power; no pipelines have been tricked into shutting down.

The most publicized incident came three years ago, when the FBI put out an alert that a criminal group in Puerto Rico had compromised a local utility's smart meters. The meters were rigged to underreport customers' electricity use, resulting in losses of up to $400 million, the agency said.

Now, companies such as Maxim Integrated, a semiconductor company with a large operation in North Dallas, are offering chips designed to protect against hacking and alert utilities when a smart meter is tampered with.

"It used to be if you wanted to take down the grid, you had to break into a control room or blow up a substation," said Kristopher Ardis, executive director of Maxim's energy solutions division. "Now all it takes is someone in the supply chain to load in some rogue code."

Verizon is also getting into the smart meter business. Last month, the wireless communications company released a cloud-based platform to protect smart meters, among other wireless devices, against hacking.

Asked about the suite of new products hitting the market, Chris Schein, a spokesman for the transmission company Oncor, said the company has long taken steps to protect smart meters and is confident in its security.

"We've been dealing with meter fraud for years," he said.

The degree of vulnerability within the electrical sector is up for debate.

The industry is one of the most proactive when it comes to cybersecurity, said Jonathan Shapiro, a former telecommunications entrepreneur who works for the University of Texas-Dallas on cybersecurity projects. Tampering with a grid might sound dramatic. But the financial incentive for criminals is modest when compared with what they can make stealing credit card numbers from banks.

"Here in Texas, everyone communicates and does scenarios. The Texas electric industry is ahead of other parts of the United States," he said. "With utilities, you don't attack to get rich. You need another reason. And in that case you're really talking about nation states."

Power companies generally keep the networks that control the grid disconnected from the Internet to deter hackers. But that policy is not always followed to the letter, and there has been evidence of hackers probing networks looking for an entryway, Shapiro said.

For the oil and gas industry, cybersecurity is an increasing concern. For the past eight years, the American Petroleum Institute has hosted a expo in Houston for industry consultants and executives.

Still fresh on the industry's mind is a series of attacks beginning in 2009 in which hackers believed to be working in China infiltrated the computers of executives at oil and petrochemical companies around the globe.

According to a report by the California computer security firm McAfee, the attack was nicknamed "night dragon." Using tools widely available on underground Chinese websites, the hackers were able to walk away with emails and other documents.

Ed Goings, who leads investigations of cyberattacks for KPMG, said no security system is foolproof. All companies can do is make sure their systems are more secure than their competitors'.

"My father always used to say locks are for honest people," he said. "If a criminal wants in, they will find another way in. I can put enough locks on to make myself feel comfortable and safe. But always be aware there still may be a break-in. And (learn) how to minimize the damage if and when it does occur."

Explore further: Wireless networks exposed as electricity grid weakest link

not rated yet
add to favorites email to friend print save as pdf

Related Stories

Report: 'Smart' meters have security holes

Mar 26, 2010

(AP) -- Computer-security researchers say new "smart" meters that are designed to help deliver electricity more efficiently also have flaws that could let hackers tamper with the power grid in previously ...

Cybersecurity: Plugging smart grid weaknesses

Jun 05, 2013

Power companies are increasingly upgrading to smart grids—national or state-based intelligent computer systems that collect information from consumers and suppliers in order to automatically improve the ...

Recommended for you

N Korea-linked Sony hack may be costliest ever

20 minutes ago

A U.S. official says North Korea is linked to the unprecedented hack of Sony Pictures which exposed a trove of sensitive documents and escalated to threats of terrorism, driving the studio to cancel release ...

US probe links NKorea to Sony hacking

9 hours ago

A U.S. official says federal investigators have now connected the Sony Pictures Entertainment Inc. hacking to North Korea and are expected to make an announcement in the near future.

Sites stumble on to malware path with plugin exploit

Dec 16, 2014

The numbers were not pretty. Over 100,000 WordPress websites may have been infected with malware, once again proving that where there is widespread popularity, whether in operating systems or platforms or ...

Norway probes spy equipment found in central Oslo

Dec 15, 2014

Norwegian police said Sunday they have warned politicians about possible eavesdropping of cellphone calls after several listening devices were reportedly found in central Oslo, including near government buildings and Parliament.

Identity theft victims face months of hassle

Dec 14, 2014

As soon as Mark Kim found out his personal information was compromised in a data breach at Target last year, the 36-year-old tech worker signed up for the retailer's free credit monitoring offer so he would ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.