The Horus Scenario: practical and theoretical research, which shows an existence of vulnerabilities in solar panel power grids, leaving them exposed to hacking.
The Horus scenario depicts a situation in which there is a large-scale cyber-attack onto an electrical infrastructure. The scenario uses both theoretical and practical based approaches to demonstrate how a cyber-attack on the solar energy systems could create a ‘solar eclipse’ on the stability of the power grid.
The scenario details how malicious hackers could target the electrical grid and succeed in causing power outages, which could be nationwide, or even continental. The shutdown of one countries’ power grid could create a domino effect of other power grids around the continent. If ever executed in the wild, it could cost billions to repair and have a great impact on everyone’s day-to-day life.
A power grid needs a constant balance between supply and demand of power, which if either create an imbalance or exceeds the limit, outages can occur. To maintain this stability, there are measures in place to counteract any dips or surges in either demand or supply. If a hacker is able to confuse or manipulate these countermeasures to convince the power grid it is not in need of the power due to a ‘surge’, then an outage can occur.
As this is only a hypothetical situation, we ask Mark James, ESET IT Security Specialist, what would happen if this were to occur in the wild.
How would an attack work?
"Power grids work on the basis of importing and exporting power, an equilibrium exists to keep things running smoothly, if one is higher than the other for too long a time then measures need to be put in place to counter that surplus or demand, this may include shutting off or turning on resources to stabilise the power.
“By utilising the vulnerabilities found in inverters made by SMA an attacker could shut down a number of those devices all at once then threshold values would be hit and power grids could start to fail, unable to cope, in this scenario safety measures may kick in shutting down other sources of power to protect the grids integrity.
What should organisations do to mitigate such attacks?
“The vulnerabilities need to be patched ASAP to stop the attacks in the first place, in situations like this where key points in technology are used for utility purposes then a good way to identify and fix these problems could be to use a bug bounty program, utilising external expertise to help find them in the first place.
How likely is an attack on solar panel grids? Could an attack shut down the whole power grid of a country?
“Honestly, not that likely, but the fact that it exists is an indication of the type of vulnerabilities that affect the very core structure of our daily lives, but it only takes one successful attack to create a disaster!
“With redundancy measures in place its highly unlikely that the power grid of a whole country would be shut down, if multiple attacks were to happen at the same time though we could see the load increased to such a level that entire areas would be without power and would cost millions.
What do you think about the Horus Scenario? Let us know on Twitter @ESETUK.
Join the ESET UK LinkedIn Group and stay up to date with the blog. If you are interested in seeing where ESET has been featured in the news then check out our ‘In the news’ section.