Paris (AFP)
Diving a country in the dark thanks to computers? This is a serious threat for companies and states, for which the energy sector has become one of the most sensitive in terms of cybersecurity.
"Today, all major powers, and even smaller ones that are in a bellicose context, have set up attack strategies via cyber, and in all these offensive strategies, energy supply is present" says Gérôme Billois, cybersecurity expert at Wavestone.
Russia, China and the United States have thus developed attack capabilities, but also smaller countries such as North Korea or Iran, which can act directly or through criminal groups.
As evidence of interest in the sector, "attacking groups have demonstrated their skills and knowledge of a number of systems specific to the energy sector," says Billois.
Electricity in particular is the subject of all attention: without it, the economic activity and the means of communication are quickly paralyzed.
Venezuela has recently suffered the serious consequences of repeated giant breakdowns. The regime has accused the United States of being at the origin, but nothing proves for the moment the intentional nature of these black-outs.
Other cyber attacks have been proven. The most massive and iconic remains for the moment that caused the end of 2015 a significant power cut in the west of Ukraine for several hours. A computer attack is also suspected in the 2008 explosion of an oil pipeline in Turkey.
- "Vital importance" -
Energy infrastructures, sometimes of old design, are more and more digitized and automated, which in parallel increases their vulnerability.
"These are systems that were often not originally designed to be connected to an IT infrastructure," says Frédéric Cuppens, chair of critical infrastructure cybersecurity at the IMT Atlantic School of Engineering. "It's hard to apply recent solutions to evolve their cybersecurity."
In concrete terms, an attack could as well target a production site, such as a nuclear power plant, as private homes, where the mass start-up of connected household appliances would result in a sharp rise in consumption.
But in terms of electricity, "the most likely remains an attack on the transport network, and this is where the state puts the most effort," said Gérôme Billois.
In France, the RTE high-voltage network manager lists thousands of attacks each month, even if they are not necessarily targeted or sophisticated.
"The IT systems of RTE are under constant surveillance and attacks of any kind are every day thwarted by the means of IT protection in place," said the company, which however wishes to give no details for security reasons.
Energy has been identified by the state among twelve sectors of activity "of vital importance" (alongside the army, communications or water supply).
The National Agency for Information Systems Security (Anssi) closely follows about twenty companies in the sector who are qualified as "operators of vital importance" and who perform regular tests and exercises.
"The public authorities in France and in Europe are rather very aware of these issues and are well prepared," Judge Nicolas Mazzucchi of the Foundation for Strategic Research.
But the energy landscape is changing with the emergence of renewables, self-consumption or electric vehicles that will one day reinject electricity on the network.
"I am rather worried about the future with the strong decentralization of production and distribution", observes Nicolas Mazzucchi. "In this area, we risk multiplying the points of cyber vulnerability with small players who will be much less armed and savvy than are the big operators."
© 2019 AFP