Traditional electrical power grids have evolved toward technology-enabled smart grids. These grids integrate traditional electric power grids with information and communication technologies. While they improve the efficiency and availability of the power system, and monitor, control and manage customer demands, they also increase security concerns and vulnerabilities.
Steve King of cybertheory.io describes these vulnerabilities in a post on the website (at https://cybertheory.io/the-mothership-critical-vulnerabilities-in-the-smart-grid/).
Networks become large and complicated when traditional infrastructure is integrated with IoT sensors and devices. Most traditional power systems coexist with legacy IT systems. Outdated equipment is vulnerable to cyberattacks.
Companies are using digitization for market advantage including outsourcing to third party cloud service providers and factory automation. These systems are now prime targets of cyber criminals.
In addition to ransomware and phishing, attackers use remote code execution (RCE) to control the instruction pointer in a process. This gives them control over the next instruction in a process. RCEs are popular because it gives attackers administrative privileges over a system.
PrintNightmare is a current vulnerability allowing an attacker with a regular user account to take over a server running Windows Print Spooler - a default service on all Windows servers and clients in an active directory environment. Although supposedly patched, this exploit still works on a fully patched domain controller.
Because of the volume of its code and complex interactions, Microsoft vulnerabilities will be a continuing security challenge.
Other "killers of cyber defense" are advances in swarm-based intelligence technologies that control clusters of nano-robots. These robots can perform structural changes in real time to reconfigure networks and systems, discover zero day vulnerabilities and train security devices and software to overlook threats. Dark web versions are available as "Swarm-as-a-Service" and some are designed to take control of a target's physical systems as well as networks.
An enterprise with a "bring your own device" policy is vulnerable to an RCE exploit. An Internet Explorer vulnerability now patched by Microsoft allows an attacker to take control of a system and create new accounts with full user rights. Other RCE vulnerabilities target the Linux operating system.
According to King, by encouraging BYOD programs, installing insecure IoT devices, and leveraging insecure open-source software instead of practicing basic cyber hygiene we are increasingly vulnerable to attacks on our critical infrastructure - water, agriculture, communications, transportation, energy, electricity, oil and gas, and the military.