Cybersecurity and cyber terrorism - in energy sector – a review

ABSTRACT The rapid rise in technological development in various areas in communication, supply chain management, integration of various power resources that are essential and part of critical infrastructure, has brought out new security challenges. This has resulted in securing critical consumer profile and data, operations. Security is not limited to the four walls of the production or generation environment but goes beyond it. As, electric power systems comprise of both IT and power, their interdependence has resulted in gaps in the security. Cyber threats can only be mitigated, reducing its impact but cannot be eliminated. The cyber threat mitigation results in huge expenditure, efforts, downtime, economic and psychological impacts on the industry that could result in damage to company’s performance and the national economies. The paper aims to highlight various security attacks on the energy infrastructure and its impacts. While discussing the impacts, the paper presents mechanism and emphasises the need for global security coordination be to mitigate threats. Abbreviation: IoT: Internet of Things; EI: Energy Infrastructure; DER: Distributed Energy Resources; SCADA: Supervisory Control and Data Acquisition; VPN’s: Virtual Private Networks; PKI: Public Key Infrastructure; IDS: Intrusion Detection Systems; EMP: Electromagnetic Pulse; MTU: Master Terminal Unit; RTU: Remote Terminal Unit; ICS: Industrial Control Systems; RAT: Remote Access Trojan

[1]  Rae Zimmerman,et al.  “Trends for Oil and Gas Terrorist Attacks,” I3P Report No. 2 , 2005 .

[2]  J. Daly Saudi Oil Facilities: Al Qaeda’s Next Target? , 2006 .

[3]  J. Giroux,et al.  Research Note on the Energy Infrastructure Attack Database (EIAD) , 2013 .

[4]  Nell Nelson,et al.  The Impact of Dragonfly Malware on Industrial Control Systems , 2020 .

[6]  Amar Singh Dr. Amar Singh Spectre of Cyberterrorism: A Potential Threat to India’s National Security , 2016 .

[7]  Stefan Savage,et al.  Inside the Slammer Worm , 2003, IEEE Secur. Priv..

[8]  Bryan Watkins The Impact of Cyber Attacks on the Private Sector , 2014 .

[9]  D. Sanger Obama Order Sped Up Wave of Cyberattacks Against Iran , 2012 .

[10]  Himanshu Khurana,et al.  Towards A Taxonomy Of Attacks Against Energy Control Systems , 2008, Critical Infrastructure Protection.

[11]  David Anderson,et al.  Is the Sky Falling? Energy Security and Transnational Terrorism , 2008 .

[12]  Ravi Samikannu,et al.  Economic Impacts of Cyber Security in Energy Sector: A Review , 2017 .

[13]  Levente Buttyán,et al.  Duqu: A Stuxnet-like malware found in the wild , 2011 .

[14]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[15]  D. Kushner,et al.  The real story of stuxnet , 2013, IEEE Spectrum.

[16]  O. Andreeva,et al.  INDUSTRIAL CONTROL SYSTEMS VULNERABILITIES STATISTICS , 2016 .

[17]  Levente Buttyán,et al.  The Cousins of Stuxnet: Duqu, Flame, and Gauss , 2012, Future Internet.

[18]  Marwan Albahar,et al.  Cyber Attacks and Terrorism: A Twenty-First Century Conundrum , 2019, Sci. Eng. Ethics.

[19]  Stefan Savage,et al.  The Spread of the Sapphire/Slammer Worm , 2003 .

[20]  Martin G. McGuinn Prioritizing Cyber Vulnerabilities: Final Report and Recommendations by the Council (October 12, 2004) , 2004 .

[21]  Tavish Vaidya 2001-2013: Survey and Analysis of Major Cyberattacks , 2015, ArXiv.

[22]  Benahmed Khelifa,et al.  Security concerns in smart grids: Threats, vulnerabilities and countermeasures , 2015, 2015 3rd International Renewable and Sustainable Energy Conference (IRSEC).

[23]  Ralph Langner,et al.  To Kill a Centrifuge A Technical Analysis of What Stuxnet ’ s Creators Tried to Achieve , 2013 .