Hackers afoot?
The nation’s power grid operators are bracing for a possible attack.
The potential for a major cyberattack against the nation’s power system is at an all-time high, according to the industry group representing electrical grid operators.
Gerry Cauley, president of the North American Electric Reliability Corp., told members of the Senate Energy and Natural Resources Committee last week that hackers have yet to shut down power to U.S. electricity customers but have succeeded in other countries. In December 2015, for example, hackers shut down power for thousands of Ukrainian electricity customers for six hours in an attack that compromised three power plants.
“We will never be complacent,” Cauley said. “The risk is very real.”
His comments came as the federal government makes a push to bolster security at the nation’s power plants and substations to prevent similar attacks.
The Department of Energy continues to work on developing what Patricia Hoffman, acting assistant secretary at the Department of Energy’s Office of Electricity Delivery and Energy Reliability, called “an ecosystem of resilience,” by developing security standards and improve information sharing between government officials and the companies that operate the grid.
“This is one of the secretary’s top priorities,” Hoffman said, referring to Energy Secretary Rick Perry.
Cybersecurity has become a growing concern among energy companies of all kinds as hackers, some allegedly sponsored by Russia, China and other nations, seek to steal trade secrets or learn how to disrupt the U.S. system of power lines, pipelines, refineries and other energy facilities, according to government officials and cybersecurity experts. The Department of Homeland Security received reports of 59 cyber-incidents at energy facilities last year, up nearly a third from the year before.
That brings the number of such incidents in the industry to more than 400 since 2011, according to Homeland Security data show. But security specialists say that’s likely a conservative number because energy companies aren’t required to report cyberattacks to the U.S. government.
Many attacks target automated controls connected to computer networks through the internet and wireless connections.
Andrew Bochman, senior cyber and energy strategist at Idaho National Laboratory, testified to the Senate Energy and Natural Resources Committee that the growing presence of automated technology on the power grid is allowing hackers “to develop more attack path options than ever before.”
“Cyber-risk futurists, myself included, are experiencing a palpable sense of foreboding,” he said.
A recent Houston Chronicle investigation found that detection remains a major concern for the energy industry and federal cybersecurity officials. The vast majority of oil and gas companies, for example, lack the technology and personnel to constantly monitor operational systems for anomalous activity, leaving them without a means to detect intrusions when they happen, federal cybersecurity officials and private security specialists said.
In past years, the Homeland Security Department has admitted that it doesn’t know where most cyberattacks against critical U.S. assets originate.
“Cyber-risk futurists, myself included, are experiencing a palpable sense of foreboding.” Andrew Bochman, cyber and energ y strategist