Over a two day period this month, Delta Airlines delayed nearly 4,000 flights and cancelled 1,680 flights, causing thousands of passengers to endure long hours at airports worldwide.
Due to a power outage at their Atlanta headquarters, Delta's vital booking and scheduling functions failed. Even their flight status software crashed; most passengers didn’t know about the gridlock until they reached the airport.
This wasn’t a cyberattack or physical breach of Delta’s systems, but it might as well have been. Delta’s meltdown shows two important threats to information security: the role that energy plays in powering vital information systems and the multi-dimensional nature of threats to those systems.
Energy and security – a vital nexus
In this case, the network that failed had nothing to do with the Internet. This network was the energy network - often overlooked as the largest of all networks. Every socket, every dialysis machine, every hospital and every iPhone is on this network. As Delta found out, a failure in one section of that network - like a simple power outage - has worldwide effects.
In the information security world, barely any attention is paid to ensuring a steady energy supply and its security. While digital technology designed to monitor and report on energy demand is deployed across the entire grid, energy data is almost never gathered or analyzed to truly optimize that enterprise. Because of that lack of information, key vulnerabilities that could compromise the whole organization are never identified.
All this digital energy data has a dangerous downside. It can be used by hackers to find the most vulnerable equipment from an energy perspective. Armed with that knowledge, threats can be executed via a “bank shot.” If you take down the energy system - like Delta’s power outage - the information systems fail and an entire airline can be grounded.
A “big data” approach that understands energy data as a rich source of continuous monitoring could identify security risks long before they blossom while also freeing millions of dollars in energy and capital expenditures.
Huge flows of sensitive data bring greater opportunities for innovation
This energy network is the world’s largest network and information grid. Sensitive data flows through this system too, like how much energy you’re using and when. New sensors can be clipped to power mains that can even tell which station you’re watching on a TV inside a building. In addition to normal data security, the increasing inter-connectedness of the electric grid is also ripe for hackers.
That same data can also be harnessed to drive unprecedented innovation. For example, fault analysis can use energy data to model key information networks’ stability and predictability. It can even model their vulnerability to physical fluctuations in energy supply, temperature, humidity and more.
How can you secure your energy network?
How can you prevent a systems meltdown occurring in your facility from an energy network failure or breach? Security starts with what you’re doing already. Ensure that your core information security systems are rock solid.
Then, expand your circle of consideration. Run scenarios to understand your energy system’s potential weak spots, then design systems to mitigate those vulnerabilities. Use the big three tools to accomplish this: scenario analysis, external reviews and audits.
Finally, treat energy as a vital asset and input in your operations. Understand and take control of your energy supply chain when appropriate. Collect and unify your energy data and use it to drive efficiency through the system. Securing your energy network can also make you eco-friendly since many renewables and clean energy solutions are uninterruptible power supplies when properly deployed. If your information security strategy is done right, your business won’t crumble in the face of a power outage like Delta’s did.
Have you mapped your energy systems and vulnerabilities? Comment below on thoughts or concerns about threats to your energy network.