2020 Predictions on Electric Grid Cyber-Attacks

From a threat perspective
, researchers[1] expect cyber-attacks to continue into 2020, as it is getting easier for hackers to attack these systems because they are more exposed to the public Internet.  Not just nation state hackers, but criminal hackers who are financially motivated will be luring in the surface, deep and dark Internet.  Looking back at 2018, there were more high-profile attacks that year, than in 2019.  Some cyber experts claim they have observed no more than 12 “high profile” attacks in 2019.  The number of attacks is declining compared to the Stuxnet worm in 2010, and the 2015 cyber-attacks on the Ukraine power grid.  Security is improving and hackers have better things to do than target power grids.  They want money.  But…

Nation states are being more selective and becoming better at covering their cyber tracks.  What we see in media reports, is just the tip of iceberg and is not necessarily revealing of current hacking trends, because it is a small sample size.  Governments can only gather a limited about of information in cyber-attack because many organizations are privately monitored, and the companies monitoring them are not at liberty to discuss what they observe on their networks, thus negative cyber reporting is low.   As end user companies start to adopt basic monitoring solutions for operational technology (OT), there is going to be more malicious activity. The greatest threats are likely already operating undetected in enterprise and critical infrastructure networks right now!  Nation states will only make their presence known on a network depending on geopolitical tensions and if necessary, can use cyber as an attack tool. 

Geopolitical. Iran will escalate its aggression in cyber space and likely target US critical infrastructure, this in the event of devolving geopolitical tensions.  Nations with low-level traditional arsenals will likely turn to asymmetric cyber capabilities as a way of responding to physical force.  An example of this tactic was earlier this year when the US “allegedly” conducted a cyber-attack on Iran in retaliation for Iran shooting down a US drone.  The US could have easily used physical force in retaliation, yet “allegedly” used cyber as a weapon. 

The ’I’ in CISO will start to disappear for companies with big industrial footprints.  As IT and OT begin to be viewed as one, enterprises need to govern and secure them accordingly.  Unless your company is a financial institution, the position of CISO will fall off organizational charts.  The CISO is gaining more and more responsibility for OT and as a result, the role will be more than taking responsibility for securing all information and additionally all the OT security responsibility.  Wherever there is technology, it needs to be secured.

No downtime. Last year’s predication by David Weinstein, CSO said there would be no hours of electrical downtime as a result of a cyber-attack in any country.  Based on open sources reporting this was true and Weinstein predicts that the same will be true again for 2020.  The electric sector is at enormous risk due to its vulnerable nature, and will continue to be targeted throughout 2020, however no customers will lose power for any period as a result of a cyber-attack.  As an example, a utility in Salt Lake City UT experienced a cyber-attack earlier this year, the first official attack on a utility company in the US, and no customer lost power.

OT targeted ransomware. Researchers will see an increase in ransomware spilling over from the IT network into the OT environment.  This should be a concern to a CISO at a manufacturing facility. 

If IT and OT networks are unsegmented, then an attack on IT could also easily spill into the OT environment.  Implications could be worse for OT than IT, because the OT network cannot restore a production line in the same way as IT can restore to the last backup.  All businesses need to consider how much downtime they are willing to take to avoid paying a ransom.  Always back-up your data.

5G. More things will be connected because of G5 technology.  This will create a larger attack surface.  As an example, “smart cities and buildings” are increasing in number. 5G connectivity will expose legacy systems in many cities, enabling connections to new threats as well as an increase in new connected buildings and factories running off the same infrastructure.  5G is going to expand the scope of OT security in the same way as IT/OT convergence exposed manufacturing plants and factories to threats.  5G opens the gap to common everyday use cases that affect the public at large.

3778124184?profile=RESIZE_710xCloud. With the industry rush to the “cloud,” expect to see an increase in the ability to pool customer OT data and identify emerging threats quicker, and not being reliant on manual updates to be protected against known threats.

Public and private utilities need to continue to be vigilant in the protection of a nation’s Electric Grids.  Looking back at the two blackouts of the Ukrainian electric systems by Russia during the takeover of the Crimea, and caused catastrophic results, shows nations and their critical infrastructure electric systems the need to identify, block and protect the flow of electricity – the life blood of any nation.    


Our Red Sky Alliance ‘RedXray’ tool is an early warning tool for companies to utilize to identify potential threats outside their networks and poised to attack their networks.  Once identified with RedXray, cyber blocks can been set in place to guard against cyber-attacks.  Remember to always backup your data daily, set defenses, train your employees safe cyber prevention, constantly audit your network and re-train as often as you can.     

Red Sky Alliance is in New Boston, NH.  We are a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments or assistance, please contact the Alliance directly at 1-844-492-7225, or feedback@wapacklabs.com  

[1] David J. Weinstein is a US cybersecurity executive and the former Chief Technology Officer for the State of New Jersey.  He previously served at US Cyber Command.  In 2018 he joined the cybersecurity company Claroty