Given what has been happening in the US in recent months, it is almost impossible to click on a professional site without some discussion of supply chain vulnerability and its specificities affecting critical infrastructure, with a focus on the electricity system and pipelines. While we are beginning to learn that, despite their best intentions and – in theory – best efforts, suppliers can still carry risks, there is another new ‘lesson’ to be learned, to extend our attention to the risks that suppliers (!) can pose!
The good news is that this extended – one might even call it holistic – way of thinking is slowly but surely gaining ground. The best example of this is the existence of SeConSys and through it the creation of the Cybersecurity Handbook for Industrial Monitoring Systems in Electricity. The bad news is that not enough attention is still being paid to all the system elements and components necessary for secure operation.
One such ICS component that needs more attention than at present is the (uninterruptible) power supply. While the interdependency diagram of critical infrastructures is well known, it does not reflect the awareness that there are also interdependencies between individual ICS components. Among these, the dependency on (uninterruptible) power supply is the most critical! It is useless, for example, to have “carbon-protected” substation protection and control technology if, for example, an attacker can “strike the small machine” by penetrating via the “loosely” managed remote monitoring of the auxiliary power supply. In other words
the power supply should not only not be weakly protected, but should be protected to the highest degree!
Moreover, it cannot be said that the hackers “didn’t tell”.
Already in December 2015 in Ukraine – a first against an electricity system! – was one of the targets of the uninterruptible power supply. At Kyivoblenergo, it triggered a timed shutdown of UPSs supplying computers, penetrating through the network interface of their remote control. In at least one Oblenergo, the UPS reconfigured the UPS via its remote network interface, further exacerbating the situation during the blackout. In the Prykarpattyaoblenergo, the UPS supplying the server for the internal telephone network was similarly shut down.
The logical consequence of a holistic approach would be to draw lessons from the incidents that occurred and then take effective action. The technical papers do not reflect that this change in approach has taken place. Recent publications are rare that, based on what has happened in Ukraine, for example, would reflect the author’s holistic approach to all ICS components, with the above in mind.
And to add a “twist” to the matter: no ICS power system is monolithic. In critical locations, power is supplied on three legs: the default case is mains supply, the most critical devices and systems are fed uninterruptibly, while a diesel generator comes into operation in the event of a longer outage. But these also usually consist of several functional units, each with its own control and monitoring system. For example, today’s modern battery installations include sophisticated monitoring systems, also available with remote control. On the one hand, this is good because it significantly reduces the chance of a supply disruption due to a battery failure, but on the other hand, it can also be a chance for an attacker in case of inadequate protection.
What do you think how widespread is the holistic vision in this country?
How much awareness is there of the key role of power supply in the availability of ICSs?
We welcome messages either agreeing or disagreeing with the above. For example, by responding to them in a new post, a substantive professional exchange of views could be initiated.
Translated by DeepL