Power Outage Likelihood of Cyber Attack

In order to analyze the possibility of a cyberattack—one of the potential explanations for the nationwide power outage that affected all of Turkey on March 31, 2015—it is useful to examine the global situation. In 2014, certain cyber-physical systems were intentionally manipulated by attackers. For example, citing a report from Germany’s BSI, it was reported that a steel plant named Stahlwerks in Germany suffered major damage to some critical equipment due to cyberattacks.

Today, as with all modern systems, factories, dams, power grids, telecom networks, and other critical infrastructure are becoming “smart.” In other words, they are now managed through computers and over networks. While previously these types of structures used industrial communication protocols specific to industries such as process automation, automotive, industrial control, and building automation, the networks connecting sensors in these systems are increasingly being based on the IP protocol, which forms the foundation of the internet. As these sensors and other components such as remote terminal units (RTUs) begin to “speak IP,” the concept of the Internet of Things (IoT) is gaining strength, with projections estimating 50 billion network-connected devices by 2020.

Intelligent control units and automation systems (SCADA), which manage machines and systems, apply commands received over the network and transmit statistical and status data back to SCADA systems. As a result, within the network that manages a system, we find sensors and SCADA software components.

However, both the sensors and SCADA software are typically developed by electrical, electronics, and automation companies—outside of the IT and security community. Worldwide, many sensor and SCADA designs are created without prioritizing security, which makes these components vulnerable.

In our Cybersecurity Predictions Report published earlier in the year, we predicted that in 2015 and beyond, major threats would emerge globally in both critical infrastructures and cyber-physical systems such as smart factories.

Even if the incident we experienced on March 31, 2015 was not caused by a deliberate attacker, it should not be forgotten that possible design flaws or software vulnerabilities in components of the networked system may have contributed to the event. Additionally, it was reported that on the same day, due to the power outage, a dam’s gates in Antalya opened unintentionally.

To make such systems more secure, Turkey needs a skilled workforce in the fields of Cybersecurity and its subcomponents: Network Security, Information Security, Critical Infrastructure Security, and SCADA Security. This can only be achieved by highly qualified Turkish engineers focusing on these areas. That focus must be realized through production, project development, and creating opportunities for professional growth in these fields.

Moreover, this issue should not be seen as one that can be solved by a single institution; rather, an ecosystem must be developed. This ecosystem should include security product manufacturers, SCADA system producers, technical firms performing vulnerability analysis in compliance with standards, security awareness training companies, incident response teams, universities, and regulatory authorities. Institutions like the EPDK and other relevant regulatory bodies should set minimum competency requirements for all stakeholders and ensure these are verified through external audits.

On the other hand, the importance of using national products for the protection of networks in critical infrastructure and industrial systems is also clear.