Spain reconsiders possibility of hackers causing blackouts
Spain is demanding answers from power suppliers about their cyber security in the wake of a day-long power outage, despite previous assessments suggesting hacking wasn’t to blame.
At the end of April, the Iberian peninsula was hit by widespread power outages. Most of the areas hit in Spain and Portugal returned to normal after ten hours, though it took a full 23 hours for Spain’s electricity grid to be fully online.
The possibility of the blackouts being caused by a cyberattack was immediately considered, though the grid operators in Spain and Portugal both said at the time there was no evidence of hacking, a point that was echoed by authorities and politicians.
Now, reports suggest Spanish authorities are investigating whether smaller power generators were a weak link that was exploited by cyber criminals to target the electricity grid, according to the Financial Times.
Hacking investigation
The incident sparked debate around Spain’s use of renewable energy, which includes a series of smaller providers. The investigation suggests a possibility where the fault lies with a wider multitude of smaller partners weakening the security of the network, rather than the issue being the reliability of renewable sources themselves.
According to the newspaper report, smaller renewable power plants have received questions from Spain’s National Cybersecurity Institute about whether any “anomalies” were spotted before 28 April, if they had installed security patches or updates recently, and whether it was possible to remotely control plants.
The new investigation follows an inquiry ordered by a high court judge into whether the outage was caused by a cyberattack.
What happened?
Security company Specops Software said in a blog post analyzing the outage that the sudden shutdowns mirrored previous hack-caused grid events, including the attacks in Ukraine in 2015 and 2016, but acknowledged that the grid operators ruled out a malicious intrusion after looking at their own telemetry, logs, and firewall records.
However, the new investigation appears to be centered on external power providers, rather than those centralized grids.
Barracuda regional sales director Miguel López told the FT that “a cyber attack doesn’t seem to be the most plausible hypothesis” because if hackers had managed to break systems, it would have taken longer to restore the grid.
The grid outage comes amid wider threats to critical national infrastructure (CNI) from hackers, including politically motivated attackers, with American and British authorities warning that pro-Russian hacktivists have been targeting industrial control systems across the US and Europe. Previous attacks include a ransomware incident targeting on Colonial Pipeline and data breach at a water treatment plant in Florida.
Recent research suggests almost all – a whopping 95% – of CNI organizations have suffered a data breach in the last year, highlighting the need for increased security vigilance.
Source link
