As FERC bolsters cybersecurity rules, critics cite lack of secure communication standards
Federal regulators adopted a set of new security protocols, but Smart Grid News is calling out the commission’s order as a “big mistake” because it does not adopt the recommendations of the Foundation for Resilient Societies.
“With regard to Foundation’s argument that the commission should do more to promote grid security by mandating secure communications between all facilities of the bulk electric system, such as substations, the record in the immediate proceeding does not support such a broad requirement at this time,” FERC wrote. “However, if in the future it becomes evident that such action is warranted, the commission may revisit this issue.”
Just how vulnerable is the U.S. grid to cyberattack? That remains an open question, but vulnerabilities were identified years ago that would allow a sophisticated attacker to shut down a power plant remotely. In 2007, the Idaho National Laboratory’s Aurora Project showed that a remote attacker could damage generators by opening and closing certain circuit breakers to ultimately push a machine’s rotating parts out of alignment.
“America is increasingly vulnerable to foreign cyberattack,” the Foundation said earlier this month, following blackouts in Ukraine that stemmed from cyberattacks. Hackers remotely opened breaker switches at grid substations to cause the blackout, and restoring power meant substation switches had to be manually closed by on-site technicians. Hundreds of thousands of residents lost power and three regional Ukranian utilities were temporarily shut down.