After a long time, terms like “blackout” returned to appear in Brazilian news. One of the main reasons for leaving the scene in this state is the water crisis, as the lack of rain ends up depleting the reservoirs of the hydroelectric plants, which are the main energy matrix in the country.
With this context, which could condemn Brazilians to severe rationing, the energy sector is also concerned about possible new cyber attacks. To get around a future problem, government entities and private companies are studying possibilities and actions to prevent Brazil from falling back into the dark, like what happened at the beginning of this century.
Hacker attacks in the pandemic
Since the start of the coronavirus pandemic in March 2020, the world has seen the number of cybercrimes grow and common users have been among the main victims. Brazil suffered earlier this year, for example, one of the biggest alleged leaks in its history, which would have exposed sensitive data on more than 200 million people, including the deceased – today, this version ended up not holding up so strongly: the community The cybersecurity team realized that this was a compilation of sensitive old information, nothing more.
But, with the most fragile social structures and systems still “samba” to implement new features (such as Pix), cybercriminals take the opportunity to explore security problems. In this scenario, practically nobody was safe and companies were also attacked.
Chilli Beans, EA Games, Bose, JBS, Colonial Pipeline, Toshiba, CD Projekt Red and dozens of others had data stolen, websites and pages taken down or suffered other types of damage.
And how could it be different, public bodies were also targeted. In Brazil, the Federal Supreme Court (STF) and the National Library were among the targets.
It’s the modus operandi of criminals has had a pattern: ransomware. It is a type of malware that infects systems and encrypts files, making them “hostages”. To release access again, cybercriminals charge a fee (usually in bitcoin) for companies to “rescue” and retrieve locked files or servers.
Energy companies were also targeted
With the aim completely without direction, the so-called “black hats”, which are malicious hackers, and cybercriminals in general have also made victims of companies and public agencies in the energy sector in Brazil.
There were at least five institutions that suffered attacks since March of last year: EDP, Enel, Light, Copel and Eletronuclear. The criminal actions did not affect the distribution or supply of energy, but leaked data and affected the administrative systems of the companies.
The sector is concerned: the current scenario adds to the electricity bill that is more expensive (because of the water crisis) and in which rationing is a possibility (Mine and Energy Minister Bento Albuquerque even asked for “conscious use” of water and electricity).
Brazilian Electric Power Distribution Station
Júlio Oliveira, technology manager at Hitachi ABB Power Grids, a global power supply company, explains to TechWorld that companies in the electricity sector have become targets (as well as water, oil and gas) because successful attacks in these fields can bring great repercussions, since stoppages can effectively harm the daily lives of the population.
As for the actual risks, he argues that they are varied, as they depend on the type of criminal action. However, Oliveira specifies two attacks that can seriously compromise the operation of an electrical energy structure.
The first is the attacks that cause the unavailability of the Supervision and Data Acquisition System (SCADA) and Intelligent Electronic Devices (IEDs), tools used in plant automation.
Itaipu Binational Hydroelectric Power Plant
“An invasion that could corrupt, erase or replace files used in these processes or equipment crucially compromises the operation of an industrial plant or a power substation, preventing the execution of maneuvers or activations by the operators when these actions are required” , account.
In the case of ransomware, the executive claims that black hats can take, in a certain way, the control of plants and substations in a more serious blow. In this hypothetical situation, the energy company or company would be left with no autonomy to make operational decisions, as the cybercriminal can encrypt system information and demand a payment to return access.
Can Brazil stay in the dark?
On the risk of Brazilians being effectively affected by possible new successful attacks on the energy sector, the technology manager of Hitachi ABB Power Grids is categorical: “since there is no longer control over the system, the consequences could be disastrous “.
“Consequences can be disastrous,” Júlio Oliveira, technology manager, Hitachi ABB Power Grids
Another very important warning he makes is that a good part of the mission critical systems in the energy, oil, gas and water sectors “are not adequately protected against these threats”, which makes the scenario worrying.
O TechWorld contacted the Ministry of Mines and Energy (MME) to talk about the situation. By e-mail, the folder admitted that new cyber attacks on critical infrastructures, such as the electricity sector, “can generate strong impacts, including the unavailability of energy services”.
Blackout in São Paulo in 2013 (Photo: Mauricio Lima/AFP/VEJA)
The portfolio stresses, however, that the problems would be caused regardless of the water crisis that the country has been experiencing. The institution also claims that the country is at risk in this or “any other energy scenario”.
The article also got in touch with the National Electric Energy Agency (Aneel), a federal agency whose duties include regulating and supervising the production, transmission and distribution of energy. The institution did not respond to requests for comment on the matter.
How to avoid a possible blackout?
Because of the concrete possibility of new hacker attacks causing a blackout in the country, Brazilian public and private entities said they are moving to bring security to the energy sector.
The MME points out that several actions were implemented not only by public agencies, but also by companies to “prevent, identify, isolate and minimize” the damage of possible cybercriminal actions.
The folder says that, among the measures, there is a change in the Grid Procedures (Operational Routine) of the National Electric System Operator (ONS). The ministry also said that Aneel has taken bureaucratic measures to debate the matter.
Aneel’s National Energy Policy Council (CNPE) published Resolution No. 01/2021, which instituted a working group aimed at establishing new cybersecurity guidelines for the sector.
The text of the Resolution recalls that, in 2020 alone, at least five attacks on companies or entities in the energy sector were identified, and that although they did not cause interruption in supply, they ended up causing “disorders in the provision of general services to the population” .
Clearer details about how the cybersecurity work is being done was not commented upon.
Hitachi ABB Power Grids technology manager defends the idea that Brazilian companies operating with mission-critical systems have increased their concern with cyber defense in the last five years. According to him, the country has advanced in this regard mainly because of industry 4.0 techniques, which are increasingly automating and digitizing operations.
Oliveira explains that in the case of Hitachi ABB Power Grids, the company has prioritized improvements to offer safer systems, products and solutions in terms of cybersecurity. He comments that the company applies technologies that follow international safety standards, all to protect mission-critical systems.
“Relevance to the topic is a constant concern for us, from the conception of our solutions to the delivery of projects. An example where care in relation to cybersecurity is observed is in the engineering of Smart Digital Substations applications, one of the technological aspects of the Grid 4.0”.
Júlio Oliveira, Technology Manager at Hitachi ABB Power Grids
The executive points out that, on the other hand, a cyber attack cannot be prevented from occurring, since script kiddies/lammers (internet users with shallow knowledge of cybercrime) and cybercriminals invest time and resources incessantly to find loopholes in the systems. The so-called Industrial Control Systems (ICS), even, have become a target of this public since 2010, after the Stuxnet, an Israeli-American cyber attack, recalls Oliveira.
“But there is still a lot to be done to protect these assets, especially regarding the understanding that investments for this purpose can avoid problems in the availability of services provided and image in the near future”, he concludes.
The support and hope of Brazilians is that the actions taken by companies and public bodies are enough to prevent everyone from returning, after nearly two decades, to being in the dark.