Better Safe than Sorry: A Warning to Electric Utilities
WHEN SPEAKING with electric utilities about the most disruptive trends they face today, common responses centered around distributed energy resources, net metering, energy efficiency, and industry competition, among others. While the issue of grid security is still greatly undervalued, recent industry headlines and events have spurred a new wave of investment and attention around the topic.
Electric power systems around the globe are undergoing a radical evolution during the 21st century and are increasingly embracing transformative concepts like decentralization, automation, and digitization. This paradigm shift has led to the deployment of billions of networked sensing devices and a continued expansion of communications networking outwards to the grid edge. While this transition has led to unprecedented visibility and control for utility operators, it has also greatly expanded the potential surface area for cyber-attack. Additionally, the exponential growth in the number of attacks and threat actors is shaping a business environment in which the question utilities now face is when an incident will occur—not if.
Cybersecurity threats pose a unique challenge for utilities due to their unpredictability. Unlike outage events related to weather or asset depreciation, utilities cannot foresee cyber-attacks with any level of accuracy. While large-scale attacks have been limited to date, the hack on the Ukrainian power grid in December 2015 and the more recent WannaCry ransomware attack are motivating utilities to expand beyond traditional, compliance-based management practices and begin actively addressing cybersecurity. Only recently has the issue of cybersecurity truly bubbled to the surface of utility decision makers’ minds.
The electric power industry is of critical importance when it comes to cybersecurity. This sector has been disproportionally targeted by threat actors for a number of reasons, including a reliance on critical infrastructure, weak endpoints at the grid edge, and a growing surface area for attack. While utilities have avoided a catastrophic attack on the grid to date, cyber incidents have persisted for years and are presenting a clear warning sign to utilities of the potential for future harm.
The electric power sector was forced to take a more aggressive approach to cybersecurity following the 2015 attack on the Ukrainian power grid, affecting 27 substations and approximately 225,000 end customers. Attackers utilized the BlackEnergy3 malware to gain root access to operator human-machine interfaces (HMIs) and open a series of breakers, triggering the blackout. This incident garnered global attention and helped spread public awareness to the vulnerabilities of electric power systems. A subsequent attack in December 2016 further exasperated industry concerns, with the country’s power grid quickly becoming a test bed of sorts for cyber-attacks.