Subscribe to Email Updates

Substation Vulnerability Simulation Demonstrates Key Cybersecurity Principles

Substation Vulnerability Simulation Demonstrates Key Cybersecurity Principles

Our firm recently partnered with the University of Southern Maine Department of Engineering faculty and students to develop and execute an interactive substation cybersecurity demonstration, during which participants experienced real-time attack scenarios. Throughout the semester, the dual testing/training lab environment was established to explore potential cyberattacks against power grid transmission systems.

Ultimately, several potential attack scenarios were developed and presented as part of a live demonstration that took place on April 26, 2018, at the Maine Cyber Security Cluster in Portland. The scenarios included real-world threat vectors, including watering hole, spear phishing and ransomware attacks. These scenarios were executed in real-time, with both the attacker and the target point of view being shown across multiple screens. Frequent breakouts were held to explain each scenario and to discuss ways to better guard against each step of the attack process.

This demonstration was intended to help compliance, physical/cybersecurity, IT professionals and project managers actively identify ways to improve their processes and environments through an attacker's perspective. During this presentation, attendees experienced real-time attack scenarios demonstrated in a secure development environment, and learned how their existing systems, methods and procedures may be vulnerable to attacks in ways they may not have previously considered.

Here are three key takeaways from the program to keep in mind when considering secure practices:

  1. Be careful what information you share, because things you might not even expect to be usable information on social media could facilitate an attack.
  2. In general, processes can be weaker during construction and commissioning phases, creating an opportunity for an attacker to exploit. Be diligent during these project phases.
  3. Be careful with email links or attachments, even from trusted sources, and always be cautious before opening them.

Leave a comment

John Biasi
Written by John Biasi
John Biasi is a cybersecurity specialist who has directed a broad range of IT and cybersecurity initiatives and participated in the planning, analysis and implementation of solutions in support of business objectives.

Related posts

Drones Elevate Efficiency for Building Owners
Drones Elevate Efficiency for Building Owners

As with most emerging technologies, it often takes time to identify and embrace the possibilities of how new tools will impact...

Data Mining at Mines Using UAVs
Data Mining at Mines Using UAVs

To the lay person, a picture is worth a thousand words. To mining industry leaders, UAV footage could be worth thousands of...