Rising interconnectivity of power plants’ operating system with web-based monitoring and dispatch is posing greater risks in terms of cyber-security. “Internet Connection Sharing (ICS) machines are now open to the same attack vectors that the corporate environment has been dealing with for years,” security experts warn.
As more and more machinery within modern gas power plants is connected to each other and also to the wider internet; stand-alone software stacks for power plant control systems are a thing of the past as cloud-based solutions spread. Small-scale plants are also closer to populations as distributed power and CHP technology grows. These trends open up numerous ways for hacker attacks, security firm Darktrace’s technology lead told Gas to Power Journal.
Attackers seen to play 'the long game'
“As ICS devices are inherently less secure than their corporate counterparts, this is a worrying development, putting human lives at risk, as well as seriously jeopardising the business financially and from a reputation perspective,” he said.
“More and more, we are seeing attackers apparently playing a longer game, by lying low within a network and slowly building up knowledge and understanding of how the systems operate without obviously damaging or stealing data, straight away.
“These reconnaissance missions are not always evident to the company either, because of the inadequacy of traditional defences in detecting their movements, which are often subtle and inconspicuous,” he explained.
Machine learns to spot threats
Cyber-security tools, such as Darktrace’s Industrial Immune System aims to defend against threats on a pro-active basis. Named the ‘Enterprise Immune System,’ Darktrace technology applies the biological principles of the human immune system to the challenge of defending organisations against dynamic cyber-threats.
Drax, one of Britain’s leading utilities is using Darktrace and stated the technology “has already identified treats with the potential to disrupt our networks.”
Powered by machine learning and mathematics developed at the University of Cambridge, the system “learns what is normal behaviour is for an organization or network. Spotting deviations from this ‘norm’ the system can detect suspicious behaviours in real time, while there is still time to act.”
The Darktrace system is critically supported by a 3D Treat Visualisation Interface, which is powered by topological network projection technology. Regardless of where the attacker might originate or how long they have been around inside a SCADA system or ICS device, the Darktrace is confident that the firm’s system “can detect the subtle changes of behaviour that might indicate a threat and alert the organisation in real time.”