International Standards are our best line of defence against the growing menace of cyber attacks targeting critical infrastructure.
Power companies around the world have been boosting their security as fears heighten over cyber attacks that could cut off electricity to hospitals, homes, schools and factories. Such is our reliance on electricity that a prolonged blackout would also jeopardize transport systems, fresh water supply, communications and banking.
A May 2017 report by the FBI and the Department of Homeland Security warns that hackers are penetrating the computer networks of nuclear power stations and other energy facilities in the US and around the world. The FBI claims that that cyber attacks are eclipsing terrorism as the primary threat facing the United States.
Cyber attacks on nuclear power plants could have devastating consequences, affecting not only the entire power grid, but potentially also triggering an environmental catastrophe. In the US alone, Homeland Security’s cyber emergency response team responded to 290 cyber incidents in 2016, including 59 targeting the energy sector.
In 2015, Ukraine experienced an unprecedented cyber attack on its electricity grid that led to widespread power outages. It left nearly a quarter of a million people without electricity for hours, after substations were shut down as a result of implanted malware.
Internationally, costs related to “malicious cyber activities” are forecast to reach USD 2 000 billion by 2019. This comes at a time when utilities are under huge pressure to update infrastructure while also reducing costs and increasing profitability.
The problem demands an international solution. The IEC has been closely involved in the development of Standards relevant to cyber security for years, including the ISO/IEC 27000 family of Standards on information security management systems.
Other series of IEC Standards are relevant to the protection of communication networks, control systems and power installations against cyber threats. They include:
- IEC 62443: Industrial communication networks — Network and system security
- IEC 61850: Communication networks and systems for power utility automation
- IEC 60870: Telecontrol equipment and systems
- IEC 62351: Power systems management and associated information exchange
- IEC 62645: Nuclear power plants — Instrumentation and control [I&C] systems — Requirements for security programmes for computer-based systems
- IEC 62859: Nuclear power plants — Instrumentation and control systems — Requirements for coordinating safety and cyber security
Download ‘Preventing a blackout’, a selection of long-form stories on cyber security from our ‘e-tech’ magazine, to find out more about the IEC’s work and how International Standards are ensuring the resilience of critical infrastructure. You can also read ‘Preventing a blackout’ below.
[embeddoc url=”https://basecamp.iec.ch/download/brochure-e-tech-articles-preventing-a-blackout/?wpdmdl=1476&refresh=5abb48ce20b521522223310&open=1″ height=”100%” download=”all”]