What would energy blackouts mean for cybersecurity?

04 April 2023

Scott Goodwin, COO and co-founder, DigitalXRAID

Scott Goodwin, COO and co-founder, DigitalXRAID

The recent cold snap in the UK has provided a stark reminder of what conditions the winter months could bring. As with the rest of Europe, the country is experiencing an energy crisis triggered by Russia’s invasion of Ukraine and subsequent sanctions imposed on the nation, made worse by Britain’s reliance on Russian gas. As well as causing overheads to soar, UK organisations are also facing the prospect of blackouts, as warned by the National Grid. What’s more, a lack of warning from the Met Office around the recent arctic blast is being blamed for even further strained energy supplies.

While energy blackouts pose obvious disruption to day-to-day operations that businesses will need to prepare for, it is also critical to consider the impact power outages could have on cybersecurity and what proactive protections organisations can put in place now.

The risk

The bottom line is organisations can be hacked during a blackout. One reason for this is that software-as-a-service (SaaS) platforms and servers are often hosted outside of a business’ territory, meaning they would remain online and vulnerable to attack while an organisation experiences a power outage.
Additionally, many enterprises now rely on remote IT and security support following the widespread adoption of ‘work from home’ arrangements over the past two years. If a localised blackout were to be imposed, cybersecurity personnel could be cut off from their organisation, leaving it exposed and without a team to detect, monitor and respond to breaches. With bad actors better positioned to infiltrate an organisation’s defences un-detected, navigate through a network and exfiltrate more data, cyberattacks during blackouts are not just possible, but also have the potential to be even more destructive.

The solution

While the prospect of blackouts appears bleak, the good news is that there are a variety of ways organisations can prepare now to mitigate against the cyber risk of rolling power cuts.

Plan ahead
The National Grid has outlined that the most likely window for blackouts is between 4pm and 7pm. As with holidays and weekends, these more vulnerable periods are ripe for exploitation by cybercriminals. Knowing when outages may occur means attacks can be timed to have maximum impact. It would not be surprising if bad actors were to breach a network ahead of a blackout window, lie dormant in blind spots and then deploy malware once a power outage has been imposed. However, equipped with this knowledge, organisations who rely heavily on remote cybersecurity and IT support can consider bolstering their onsite taskforce during periods when blackouts are most likely to occur.

Go back to basics
In times of heightened cyber threats, it is always best practice to make sure you are covering the basics. Maintaining good cyber hygiene and ensuring security is front of mind for all staff is essential. This can be aided with regular phishing training and simulations – especially important considering phishing is now the most common threat vector for UK organisations – and security notifications for staff ahead of vulnerable periods like blackout windows.
At the same time, it’s also vital to evaluate worst case scenarios. Updating business continuity plans (BCPs) and carrying out disaster recovery planning will identify existing vulnerabilities and new anomalies and risk factors that can be patched ahead of potential blackouts.

Work with the experts
For complete peace of mind, organisations may consider working with third parties to further support their cybersecurity strategy. Outsourcing to a trusted security partner is an excellent option for businesses who lack sufficient in-house expertise. Security operations centres (SOCs), for example, can provide 24/7/365 threat monitoring capabilities and the aggregate value of experienced cybersecurity professionals with extensive knowledge of the threatscape.

The threat of blackouts is indiscriminate, and therefore SOC services are also at risk of power cuts. While they will be preparing by ensuring power banks and back-up generators are on hand, it is also pertinent that organisations who rely on third parties have an open and transparent discussion with their cybersecurity providers about the potential risk. By having these conversations, organisations will be reassured that all eventualities have been planned for.

Looking ahead

The cyber risk of blackouts is something that will be a cause for concern across UK businesses. However, acting now, implementing proactive measures, and seeking additional support to mitigate against the fallout of a localised or nationwide blackout will put organisations in a much stronger position for the coming months.