The possibility of Malta’s power grid being hit by a disruptive cyber attack is not remote. In October 2019, Siemens and Ponemon published the findings of a worldwide joint survey carried out on a sample of 1,700 utility professionals responsible for cybersecurity within their companies (1). The results were astounding. A staggering 56 percent of respondents reported their organizations suffered one or more shutdowns or loss of operational data per year. A quarter of respondents were targeted by hostile actions originating from nation-states, and more than half expect a new attack to happen in the next 12 months. Several countries (such as North Korea and Russia) own the technology and expertise necessary to launch such operations, and many of them have massively invested in securing their national IT infrastructures (2).
China’s eight cyber pillars
The People’s Republic of China first started recognizing the importance of cyber defence in the early 1990s. In 2015 a Chinese Ministry of Defence Paper entitled “China’s Military Strategy” defined cyberspace as “a new pillar of economic and social development, and a new domain of national security.” As a consequence, China is building its cyber strategy around defending the top internet companies in its domestic supply chain. Apple, Cisco, Google, IBM, Intel, Microsoft, Oracle, and Qualcomm form an integral part of the national internet infrastructure (3).
Unplugging the grid from the internet
Even an energy giant like the US struggles to safeguard the integrity of its power grid. In March 2019, hackers breached a utility that serves areas of California, Utah, and Wyoming and disabled the control system for more than 500 megawatts of wind and solar power, during a 10-hour attack. Amanda Joyce, director of the Argonne National Laboratory, a US Department of Energy multidisciplinary science and engineering research center, voiced her concerns about the nation’s energy infrastructure "becoming increasingly reliant on digital controls and communications." Even the US Government Accountability Office, found that industrial control systems and the rise of distributed resources are weak points in a grid which "is becoming more vulnerable to cyber attacks." How to mitigate the risks of an attack then? The US government has made a surprise move. Instead of introducing new technologies, they have decided to unplug the grid’s most critical control systems from the internet and switch back to analog and manual technology. This, according to the government, should limit the consequences of a massive attack (4).
What about Malta?
Cybersecurity awareness in Malta is still in its infancy stages, and both government agencies and the private sector are facing a steep learning curve. Detecting and defeating attacks to Malta’s IT infrastructure will become even more critical in the years to come, as the government plans to introduce Artificial Intelligence in both the public and private sectors. IT teams, however, need professional training and guidance to meet the challenges ahead.
Grant Thornton offers cybersecurity consultancy to both public and private entities. Our experts can carry out a full vulnerability audit, providing the client with resilient solutions and an incident response plan to ensure that both corporate and customer data are adequately protected against external threats. Get in touch now with one of our specialists to find out how we can help you secure your IT infrastructure.
(Article by Fabio Giangolini)