Speaking with the Guardian, Holliday - somewhat disregarding the situation in Ukraine as he sought to emphasise how serious the threat is viewed - said, “No other country in the world has an energy industry as worried about the risk from cyber-threats,” adding, “we are just off the scale on our energy system concerns on cyber.”
Holliday claimed that the threat was getting lots of attention as there is a shift from power stations which are moving away from being “well-protected and centralised”, towards “decentralised power, such as lots of small, flexible gas power plants and solar panels on homes.”
Another problem is the growth in Internet-of-Things devices used in such environments, said Holliday. There is a significant growth in companies wishing the centralise their control of plants from central locations, over the internet.
Commenting on the claims made by Holliday, a National Grid spokesperson told SC Media UK: “National Grid has robust monitoring systems in place that are aligned with industry best practice and assessed by Government and regulatory agencies. The IT systems we use to operate our gas and electricity networks are isolated from our everyday business systems to ensure our networks remain safe and reliable.”
A possible target for these cyber-attacks are the smart meters being installed across the UK's homes by the end of 2020 to provide more accurate meter readings. To ensure the data transported to and from these meters, the Capita-run DCC, the network setup the handle its transport, has been given critical national infrastructure status.
According to the report, speaking recently at an industry conference, Matt Roderick, CTO of the DCC said: “We don't hold personal information [on energy supplier customers], we don't see any form of sensitive data and we are not connected to the internet.” Speaking with SC earlier in January, commenting on claims made that Smart Meters could be blown up remotely thanks to weak security protocols, Claire Maugham, director of policy and communications at Smart Energy GB said: "Smart meters are very secure. They transmit meter readings from the home to an energy supplier, while consumption data is transmitted to a portable in-home display.”
Maugham added: “Smart meters and infrastructure in place to support the rollout across Great Britain has security at its heart, with encryption and other safeguards in place designed specifically by the government's security experts GCHQ."
Michael Shalyt, an Israeli expert renowned for protecting critical national infrastructure said in a statement: “A future attack that aims to cripple normal operations might be destructive in nature - and not only disruptive. A somewhat sophisticated attacker can cause physical damage to equipment and product - by giving commands to industrial equipment that puts the process in a damaging state and forging the reported physical state. Such an attack can shut down operations for months - not only days.”
In Ukraine there have already been power outages following the BlackEnergy/KillDisk attacks widely attributed to Russia - which have been described as part of Russia practising cyber-warfare to bring down physical infrastructure.