Protecting our energy infrastructure from cyber attack

Almost every day, news headlines announce another security breach and the theft of credit card numbers and other personal information. While having one’s credit card stolen can be annoying and unsettling, a far more significant, yet less recognised, concern is the security of physical infrastructure, including energy systems. “With a credit card theft, you might have to pay $50 and get a new credit card,” says Stuart Madnick, the John Norris Maguire Professor of Information Technologies at the Sloan School of Management, a professor of engineering systems at the School of Engineering, and founding director of the Cybersecurity at MIT Sloan consortium. “But with infrastructure attacks, real physical damage can occur, and recovery can take weeks or months.” A few examples demonstrate the threat. In 2008, an alleged cyberattack blew up an oil pipeline in Turkey, shutting it down for three weeks; in 2009, the malicious Stuxnet computer worm destroyed hundreds of Iranian centrifuges, disrupting that country’s nuclear fuel enrichment programme; and in 2015, an attack brought down a section of the Ukrainian power grid — for just six hours, but substations on the grid had to be operated manually for months.