Subscribe to Email Updates

Substation Vulnerability Simulation Demonstrates Key Cybersecurity Principles

Substation Vulnerability Simulation Demonstrates Key Cybersecurity Principles

Our firm recently partnered with the University of Southern Maine Department of Engineering faculty and students to develop and execute an interactive substation cybersecurity demonstration, during which participants experienced real-time attack scenarios. Throughout the semester, the dual testing/training lab environment was established to explore potential cyberattacks against power grid transmission systems.

Ultimately, several potential attack scenarios were developed and presented as part of a live demonstration that took place on April 26, 2018, at the Maine Cyber Security Cluster in Portland. The scenarios included real-world threat vectors, including watering hole, spear phishing and ransomware attacks. These scenarios were executed in real-time, with both the attacker and the target point of view being shown across multiple screens. Frequent breakouts were held to explain each scenario and to discuss ways to better guard against each step of the attack process.

This demonstration was intended to help compliance, physical/cybersecurity, IT professionals and project managers actively identify ways to improve their processes and environments through an attacker's perspective. During this presentation, attendees experienced real-time attack scenarios demonstrated in a secure development environment, and learned how their existing systems, methods and procedures may be vulnerable to attacks in ways they may not have previously considered.

Here are three key takeaways from the program to keep in mind when considering secure practices:

  1. Be careful what information you share, because things you might not even expect to be usable information on social media could facilitate an attack.
  2. In general, processes can be weaker during construction and commissioning phases, creating an opportunity for an attacker to exploit. Be diligent during these project phases.
  3. Be careful with email links or attachments, even from trusted sources, and always be cautious before opening them.

Leave a comment

John Biasi
Written by John Biasi
John Biasi is a senior cybersecurity specialist at Burns & McDonnell. He has directed a broad range of IT and cybersecurity initiatives and participated in the planning, analysis and implementation of solutions in support business objectives.

Related posts

Avian-Friendly Approaches to Power Lines
Avian-Friendly Approaches to Power Lines

Birds on a wire have fascinated song writers and artists alike since the first power lines were constructed in the early...

Protecting Wildlife With a Habitat Conservation Plan
Protecting Wildlife With a Habitat Conservation Plan

Habitat Conservation Plans (HCPs) are valuable collaborative conservation tools that provide a balance between development and...