Digital Directorship – Cybersecurity: Electric Grid
It’s Starting: The First Cyberattack on the U.S. Grid has been Reported
Source: Digital Directorship: Richard Spangenberg, CEO & Executive Director
Reports of an unparalleled grid “cyber event” caused a stir in power sector and cybersecurity circles. The grid runs everything. Forget how powerful the Grid is. Think how many other vital infrastructure sectors rely on electricity? Yes, it is everything.
You start to get some appreciation of the impact a problem with the Grid could create. The hack itself occurred two months ago, on March 5, when a “denial-of-service” attack disabled Cisco Adaptive Security Appliance devices ringing power grid control systems in Utah, Wyoming and California, according to multiple sources and a vague summary of a Department of Energy filing.
The “cyber event that causes interruptions of electrical system operations,” as the attack was categorized in the jargon of DOE electric disturbance forms, made waves in critical infrastructure security circles as a first-of-its-kind case study.
A denial of service attack, which involves overwhelming computer systems with information in a bid to take them down, successfully interrupted electrical systems in Los Angeles County and Salt Lake County in March, according to the Department of Energy. The incident was a rare example of as against an energy utility, particularly in a high population area.
The attack did not disrupt electrical delivery or cause any outages, the Department of Energy confirmed, but caused “interruptions” in “electrical system operations.” In this case, “operations” does not refer to electrical delivery to consumers, but could cover any computer systems used within the utilities, including those that run office functions or operational software. The March 5 incident lasted from 9 a.m. until nearly 7 p.m. but didn’t lead to a power outage.
Although the attack did not interrupt service, denial-of-service attacks are easily preventable, and most large organizations no longer consider them major threats. This is exactly the type of attack one would expect of a bad actor that was testing system vulnerability and areas of access. The fact that it succeeded calls into question whether the utilities are prepared for a far more sophisticated attack, as the U.S. government has warned about.
Cyber hits don’t get enough attention.
Sam Feinburg (executive manager of Helena, that will be focusing on a “Shield Project” to boost U.S. grid defenses) said “There are undoubtedly many more such occasions that don’t breach that bar and so do not become public knowledge.” “It is the first, “Grid infrastructure is becoming more complicated, and because of that, it is getting harder and harder to guard each component of it. The capability to run these attacks is also being dispersed over a wider and broader set of people.” Feinburg stated such occasions, even if completed by unsophisticated hackers, don’t get enough attention.
The danger “depends on just how much SCADA visibility is lost,” noted Patrick Miller, managing partner at Archer Energy Solutions. To ensure that supply and production run smoothly and for controlling and monitoring purposes, operators take operational devices and take serial connections and encapsulate them over the TCP/IP protocol. Many of these devices are uniquely identified in the SCADA protocol and with the right tools and knowledge they can be discovered and attacked by malicious actors. Moreover, plant operators and IT teams are often unaware of what assets/devices, processes, configurations, and protocols are connected and running on their networks.
Our critical electrical infrastructure can be frightening.
“It is similar to an ecosystem where you are able to infer what is going on in one place from how another reacts” FERC commissioners are frustrated by means of radio silence from utilities despite having a flow of warnings about growing cyberthreats, moved last year to broaden the definition of what constitutes a reportable incident. The more recent “denial of service” on U.S. Cisco equipment isn’t proven to have entailed any aggressive takeover of operational networks. It’s possible the hacker or hackers in that case didn’t even realize they were interfering with electricity grid equipment, sources said, possibly having discovered the Cisco firewalls exposed online through internet search programs. “It does not require a sophisticated attacker to deal with damage to critical electrical infrastructure.”
This incident marked a first loss of perspective to utilities’ control systems as a hazard, whether from communications glitches or power outages. Last week, the U.S. power industry marked a sober landmark: an anonymous Western utility became the first to report a malicious”cyber event” that interrupted grid operations. It is not even clear the March 5 event led to a complete loss of visibility throughout its 9 a.m. to 7 liter length.
Many utilities maintain alternative means of management system communications, Since Miller pointed out. U.S. grid operators picked up on the significance of manual backstops in the wake of a December 2015 cyberattack on Ukraine’s electricity grid. In that event, hackers knocked out power for several hours the first time in Ukraine to clients of three supply utilities.
The March 5 event was scary.
The March 5 event was listed publicly because it cleared a particular bar of seriousness. Sam Feinburg stated “There are undoubtedly many more such occasions that don’t breach that bar and so do not become public knowledge.” “It is the ideal method to cause cascading effects throughout society — that the public knows that. They don’t know anything about how hard that might be.” No U.S. electrical utility is proven to have undergone any tumultuous cyberattack previously, a surprising fact given that utilities often locate themselves in the crosshairs of the world’s most advanced hackers and certainly will face countless more run-of-the-mill hacking efforts daily (Energywire, July 20, 2018).
The”cyber incident which leads to interruptions of electrical system operations,” as the attack was categorized into the jargon of DOE electric disturbance forms, made waves in crucial infrastructure security circles as a first-of-its-kind case study. DOE electrical disturbance reports are littered with reports of”total loss of monitoring or control capacity” at utility control centers, the vast majority of that never contributed to some power outages.
The Ukraine provided a warning.
In the Ukraine hack, the utilities did not just lost their visibility, they also ceded control of their networks to remote attackers linked to Russia. The hackers knew whom they had been laughing and hitting their grid to overwhelm the utilities’ phone networks and hamper recovery.
The 3 utilities Prykarpattyaoblenergo, Chernivtsioblenergo and Kyivoblenergo — managed by sending workers to flip high-voltage circuit breakers to bring the lights back on immediately. There were no blackouts, effect on the transmission grid and clearly no harm to power generation, based on numerous sources and officials. The most direct effect was likely a temporary reduction of visibility to specific parts of the utility’s supervisory control and data acquisition (SCADA) system, though all major transmission operators in the regions affected denied having been struck by the denial-of-service attack.
Utility executives have pointed to the bulk power grid’s sophistication — that the United States has three separate”interconnections” linked up to tens of thousands of utilities — as contributing to its defense against new hacking dangers. We may not fully appreciate the substantial power businesses practice that it will take to conduct the grid in”manual mode” if hackers succeeded in blinding operations centers or hijacking digitized equipment.
This event may prove to be a shot over our bow. Fair warning of things about to change. But then again, perhaps not. I am a conservative individual and think we should be prepared. Our infrastructure is a matter of national security and should be bullet proof. Somehow I fear we are far short of that.