There are many vectors of concern when it comes cybersecurity, but one of the greatest might be the U.S. power grid. With 200,000 miles of high-voltage transmission lines and 5.5 million miles of distribution lines bringing power to millions of U.S. homes and businesses, securing critical U.S. infrastructure is indeed of national importance, especially as it is increasingly targeted by hackers.
The activity began to tick up in 2015 when some reports suggested the U.S. grid was being attacked as frequently as every four days by a cyber (or physical) attack.
More recently, over the summer, it was revealed that a group of hackers known as Dragonfly, Energetic Bear or Berserk Bear, infiltrated U.S. energy companies. They did so by initiating a phishing scheme, which tricked employees into opening documents. This allowed the hackers to steal usernames and passwords and use those credentials to reach a handful of non-nuclear power operation systems.
Although the level of infiltration is alarming, the activity by these groups did not trigger a major operational event at any U.S. energy facility, leaving many to speculate on the hacker’s motives. The Department of Homeland Security (DHS), with support from North American Electric Reliability Corp. (NERC), is investigating and providing grid operators tools and guidance to detect and remove malware. As of this writing, DHS spokesman Scott McConnell said, “At this time, there are no impacts on the operation or reliability of the bulk power system in North America,”
Despite the increase of cyber intrusion like Dragonfly into the energy sector, I predict there won’t be a “watershed 9/11 attack” on the U.S. electric grid in 2018. Why?
First, we have a resilient grid due to both increased federal coordination around cybersecurity support to the energy sector, and ongoing progress around building security by design into the smart grid.
Second, we greatly benefit by an increasing adoption and reliance on microgrids. Microgrids add much more resiliency to the larger grid by offering a faster and cleaner method to tap into distributed renewable sources while the larger source is restored. Municipalities should follow some of the early adopter models seen in California to mitigate outage issues due to natural disasters or cyber attacks.
In addition, the fact that Dragonfly did not cause major disruption served as further evidence that we are doing something right. Because if we weren’t, the outcome of that attack would have been severe.
In 2018, the numerous and widely dispersed, and often disjointed cybersecurity expertise that span multiple U.S. federal agencies, ranging from Department of Energy to DHS, will have a greater impact on assisting electric grid owners in fending off and rebounding from cyber and physical attacks. It’s also likely the President’s National Infrastructure Advisory Council’s (NIAC) recommendations around practical strategies that can serve grid asset owners will be eagerly embraced.
While reality dictates that cyberattacks will continue and most likely increase—especially sophisticated, highly targeted and state-sponsored ones—grid providers with improved and more responsive assistance from government will more effectively fend off or contain attacks that could result in a catastrophic outcome. By continuing to shift the emphasis from preventive to include containment and response, grid operators are more likely to control the impact of a successful cyber-breach.
In addition, as renewables and modernized Internet of Things (IoT) systems increase, central attack vectors will slowly be replaced by a highly interoperable distributed grid. IoT will increase the number of attack vectors exponentially, however, the distributed nature of grid components should reduce the risk of a widespread outage. Initiatives such as Smart Electric Power Alliance’s (SEPA) OpenFMB, which was created by Smart Grid Interoperability Panel (SGIP) before it merged with SEPA (See POWERGRID International’s November issue for more details.) also are likely to be adopted given its commitment to security by design using standards and proven technology such as public key infrastructure (PKI).
Grid providers and federal agencies must continue to optimize the plethora of cybersecurity expertise and experience within the industry, and the federal government has given appropriate restraints around privacy and liability exposure for those grid providers who share information. Utilities should embrace National Institute of Standards and Technology and North American Energy Standards Board-led standards initiatives like OpenFMB that promote “security built in from the beginning.”| PGI