Mitigating reconnaissance attacks on power grids


Power grids are a key part of Australia’s critical infrastructure that are increasingly coming under attack from malicious cyber threats. Both customers and regulators of energy and utilities firms demand a reliable, resilient service from power suppliers, which means utilities organisations must ensure they include cyber threats as part of risk mitigation – along with mitigating any cause of IT outages such as engineering challenges, bad weather and natural disasters.

There are concerns from both the industry itself as well as the government on the increased activity in cyber-attacks on Australian critical infrastructure. Most recently, Peter Dutton flagged “catastrophic” consequences of the rise in cyber attacks on critical infrastructure at The National Security Summit as a surge in reconnaissance attacks in recent years could be a potent warning of disruption to come.

Fortunately, there are key actions that utilities organisations can take to minimise the threat, starting with identifying risks at an early stage through advanced threat intelligence.

What are reconnaissance attacks?

Reconnaissance attacks are the first stages in what is known as an Advanced Persistent Threat (APT). A popular way to describe a typical APT attack methodology is the cyber kill chain. There are seven key stages of a cyber kill chain:

  1. Reconnaissance: Initial harvesting of information on the potential individual within a target organisation.
  2. Weaponisation: Combining an exploit with backdoor malware in a deliverable payload.
  3. Delivery: Ensuring the payload arrives in the target organisation’s network via email, USB or other means.
  4. Exploitation: Exploiting a vulnerability to run code on the target organisation’s system.
  5. Installation: Installing malware on a key asset.
  6. Command and control: Opening a communications channel to remotely control the malware.
  7. Actions and objectives: Accomplishing the original goals of the attack, such as a power grid hack.

Reconnaissance is, therefore, the first in a multi-stage attack aimed at gathering information on the target system’s weaknesses to ensure the best chance of success. The end goal could be anything from installing ransomware to stealing sensitive data or hijacking and sabotaging key assets. It’s the cyber equivalent of a burglar scoping out which properties to rob…Click here to download the magazine.