After Alert On Russian Hacks, Bigger Push To Protect Power Grid
The joint alert from the FBI and Department of Homeland Security last month warning that Russia was hacking into critical U.S. energy infrastructure may have shaken some Americans. But it came as no surprise to the country’s largest grid operator, PJM Interconnection.
“You will never stop people from trying to get into your systems,” says PJM Chief Information Officer Tom O’Brien. “The question is, what controls do you have to not allow them to penetrate? And how do you respond in the event they actually do get into your system?”
PJM is the grid operator for 65 million people across the Midwest and mid-Atlantic. At its headquarters outside Philadelphia, there are multiple levels of security to get into the control center. There, on a rainy day in early April, about 10 people were closely monitoring floor-to-ceiling digital displays showing real-time information from the region.
“This is a very large, orchestrated effort that goes unnoticed most of the time,” says Donnie Bielak, a reliability engineering manager. “That’s a good thing.”
The industry certainly did take note in late 2015 and early 2016, when hackers managed to shut down power to about 225,000 people in Ukraine. The outages only lasted a few hours. But it was the first publicly known case of a cyberattack causing major disruptions to a power grid. It was widely blamed on Russia.
One of the many lessons of the Ukraine attacks was a reminder to people who work on critical infrastructure to keep an eye out for odd communications.
“A very large percentage of entry points to attacks are coming through emails,” says O’Brien. “That’s why PJM, as well as many others, have aggressive phishing campaigns. We’re training our employees.”
O’Brien doesn’t want to get into specifics about how PJM deals with cyberthreats. But one common way to limit exposure is by having separate systems: industrial controls in a power plant, for example, are not connected to corporate business networks.
Training to respond to an “act of war”
Since 2011, North American grid operators and government agencies have also carried out large scale war games every two years. Thousands of people practice how they would respond to a coordinated physical or cyber event.
So far, nothing like that has happened in the U.S. It’s possible, though not likely, says Robert M. Lee, a former military intelligence analyst who runs the industrial cybersecurity firm Dragos.