The Internet and new forms of technology have changed the world we live in and the way we interact with each other. The concept isn’t a new one, but the implementation and widespread use of new IoT technologies has increased in recent years, pushing the functional boundaries of technology. This growth in automation and the fact that it makes routine tasks in the energy sector much simpler requires responsibility to be exercised and safety measures put in place in order to ensure the availability, integrity and confidentiality of devices and data.
Moreover, the possibilities offered by the IoT, as well as other technologies that enable data analytics, such as big data, cloud computing and 5G networks, allow more efficient solutions to be used for the digital transformation our environments. We’re seeing the introduction of IoT devices and smart meters, alongside traditional systems such as ICS and SCADA, across the entire electrical system. This is what is now known as the ‘smart grid’.
The introduction of smart devices means attacking a network is now much easier, from causing outages and manipulating the electrical supply on a mass scale to attacking end users, a recent example being the vulnerability found in the communication protocol of Philips smart light bulbs, meaning they could be hacked to spread spyware and infiltrate our home network (CVE-2020-6007).
Another even more serious case occurred towards the end of 2015, when a cyberattack on Ukraine’s power grid plunged 70% of the country’s capital into complete darkness. This was caused by sophisticated malware known as BlackEnergy and involved a denial-of-service attack on the SCADA systems, causing widespread disruption to the company’s energy distribution companies.
In Spain, the energy industry is protected by the so-called Critical Infrastructure Protection Law (abbreviated to ‘PIC’ in Spanish). Critical infrastructure refers to assets which are essential for the functioning of a country, and for which there are no alternatives. If such infrastructure is attacked or destroyed, this inevitably has serious consequences for society.
As well as the Critical Infrastructure Protection Law, there are other international standards, such as the IEC-62443 series of standards, which lay out the main cybersecurity framework for industrial systems. So, are we safe in our homes?
The answer to this important question is very complex. Nevertheless, below we have identified certain ways your home’s network and electricity supply could be compromised.
- IoT devices being hacked: hackers may use these devices as a gateway to our entire home network, something which could have numerous consequences. These include controlling devices (changing how they work or turning them on/off) and exploiting the vulnerabilities of other devices in our home.
What’s more, a thief could easily find out about your daily routine and decide on the best time to burgle you.
- Neighbours stealing your electricity: this situation is surprisingly common and often poses a fire hazard. However, thanks to new technology and data study and analysis, illegal connections can now be detected, these resulting in fines and electricity to the offender being cut off indefinitely.
Other initiatives, such as the SDN-microSENSE project, seek a holistic and centralized approach that provides a high and effective level of resilience. To this end, in the event of an attack or modification of the electrical network, it uses disruptive solutions such as self-healing algorithms through a controller (Openflow protocols). This is undoubtedly one of the most secure and interesting options for the near future.
In order to keep your home safe, we recommend you regularly update all devices which connect to the Internet.
Moreover, if you detect any changes or anything out of the ordinary on your home’s smart meter (don’t forget to check its seal), we recommend you get in touch with your energy supplier straight away.