Subscribe to Email Updates

Substation Vulnerability Simulation Demonstrates Key Cybersecurity Principles

Substation Vulnerability Simulation Demonstrates Key Cybersecurity Principles

Our firm recently partnered with the University of Southern Maine Department of Engineering faculty and students to develop and execute an interactive substation cybersecurity demonstration, during which participants experienced real-time attack scenarios. Throughout the semester, the dual testing/training lab environment was established to explore potential cyberattacks against power grid transmission systems.

Ultimately, several potential attack scenarios were developed and presented as part of a live demonstration that took place on April 26, 2018, at the Maine Cyber Security Cluster in Portland. The scenarios included real-world threat vectors, including watering hole, spear phishing and ransomware attacks. These scenarios were executed in real-time, with both the attacker and the target point of view being shown across multiple screens. Frequent breakouts were held to explain each scenario and to discuss ways to better guard against each step of the attack process.

This demonstration was intended to help compliance, physical/cybersecurity, IT professionals and project managers actively identify ways to improve their processes and environments through an attacker's perspective. During this presentation, attendees experienced real-time attack scenarios demonstrated in a secure development environment, and learned how their existing systems, methods and procedures may be vulnerable to attacks in ways they may not have previously considered.

Here are three key takeaways from the program to keep in mind when considering secure practices:

  1. Be careful what information you share, because things you might not even expect to be usable information on social media could facilitate an attack.
  2. In general, processes can be weaker during construction and commissioning phases, creating an opportunity for an attacker to exploit. Be diligent during these project phases.
  3. Be careful with email links or attachments, even from trusted sources, and always be cautious before opening them.

Leave a comment

John Biasi
Written by John Biasi
John Biasi is a senior consultant in critical infrastructure cybersecurity, risk and reliability at 1898 & Co., part of Burns & McDonnell. He has extensive experience directing a broad range of IT security initiatives in planning, analysis and implementation of solutions in support of business objectives, and he has hands-on experience leading all aspects of network design on high-profile projects. John has a bachelor's degree in information technology and a Master of Business Administration in cybersecurity management from Excelsior College.

Related posts

Inspiring the Next Generation of Women in the Energy Industry
Inspiring the Next Generation of Women in the Energy Industry

From my early days delineating wetlands and designing mitigation sites to offset wetland impacts to my current role managing...

Pay It Forward: An Engineer’s Journey to a Better Tomorrow
Pay It Forward: An Engineer’s Journey to a Better Tomorrow

Throughout childhood, I was often found tinkering with the old radios and transmitters my grandfather had around the house....