There are many vectors of concern when it comes cybersecurity, but one of the greatest may be the U.S. power grid. With 200,000 miles of high-voltage transmission lines and 5.5 million miles of distribution lines bringing power to millions of U.S. homes and businesses, securing critical U.S. infrastructure is indeed of national importance, especially as it is increasingly targeted by hackers.
The activity began to tick up in 2015, when some reports suggested the U.S. grid was being attacked as frequently as every four days by a cyber (or physical) attack.
More recently, over the summer, it was revealed that a group of hackers known as Dragonfly, Energetic Bear or Berserk Bear, infiltrated U.S. energy companies. They did so by initiating a phishing scheme, which tricked employees into opening documents to steal usernames and passwords and using those credentials to reach a handful of non-nuclear power operation systems.
Although the level of infiltration is alarming, the activity by these groups did not trigger a major operational event at any U.S. energy facility, leaving many to speculate on the hacker’s motives. The Department of Homeland Security (DHS), with support from North American Electric Reliability Corp., are investigating and providing grid operators tools and guidance to detect and remove malware. As of this writing, DHS spokesman, Scott McConnell states, “At this time, there are no impacts on the operation or reliability of the bulk power system in North America,”
No Major Cyberattack on the U.S. Electric Grid in 2018
Despite the increase of cyber intrusion into the energy sector like Dragonfly, I predict there won’t be a “water-shed – 9-11” attack on the U.S. electric grid in 2018. Why?
First, we have a very resilient grid due to both increased federal coordination around cyber security support to the energy sector, and ongoing progress around building security by design into the smart grid.
Second, I also believe we greatly benefit by an increasing adoption and reliance on microgrids. Microgrids add much more resiliency to the larger grid by offering a faster and cleaner method to tap into renewal sources while the larger one is restored. Municipalities should follow some of the early adopter models seen in California to mitigate outage issues due to natural disaster or cyber attacks.
In addition, the very fact that Dragonfly did not cause major disruption served as further evidence that we are doing something right. Because if we weren’t, the outcome of that attack would have been severe.
Federal Efforts Further Protect the Grid from Cyber Attacks
In 2018, the numerous and widely dispersed, and often disjointed cyber security expertise that span multiple U.S. federal agencies, ranging from Department of Energy to the Department of Homeland Security, will have a greater impact on assisting electric grid owners in fending off and rebounding from cyber and physical attacks. It’s also likely the President’s National Infrastructure Advisory Council (NIAC) recommendations around practical strategies that can serve grid asset owners will be eagerly embraced.
While reality dictates that cyber-attacks will continue and most likely increase – especially sophisticated, highly targeted and state-sponsored ones – grid providers with improved and more responsive assistance from government will more effectively fend off or contain attacks that could result in a catastrophic outcome. By continuing to shift the emphasis from preventive to include containment and response, grid operators are more likely to control the impact of a successful cyber-breach.
Additionally, as renewables and modernized Internet of Things (IoT) systems increase, central attack vectors will slowly be replaced by a highly interoperable distributed grid. Admittedly, the IoT will increase the number of attack vectors exponentially, however, as I alluded to earlier, the distributed nature of grid components should reduce the risk of a wide spread outage. Also, initiatives such as Smart Grid Interoperability Panel (SGIP) OpenFMB are likely to be adopted given its commitment to security by design using standards and proven technology such as PKI.
Grid providers and the federal agencies must continue to optimize the plethora of cyber security expertise and experience within the industry, and the federal government given appropriate restraints around privacy and liability exposure for those grid providers who share information. Utilities should embrace NIST and NAESB-led standards initiatives like SGIP OpenFMB that promote “security built in from the beginning”.
About the author: Lila Kee is general manager for GlobalSign’s North and South American operations, as well as its chief product officer. She is also a board member of the North American Energy Standards Board. Lila came to GlobalSign with over 20 years of PKI experience most previously from GeoTrust (a VeriSign company) where in 2003 she joined as senior product manager. Prior to GeoTrust, Lila was strategic account manager for RSA, where she was responsible for managing critical technology partners and key strategic customers. Before RSA, Lila spent over 14 years providing product management to GTE Government System’s spin off, CyberTrust. Lila holds a bachelor’s degree from Northeastern University, and a Masters of Business from Bentley College.