Five years ago this August, an extended blackout crippled virtually the entire U.S. Northeast and parts of Canada. According to the Institute of Electrical and Electronics Engineers, it was the largest in North American history, shutting down 62,000 MW of generation capacity serving nearly 35 million homes. The outage cost businesses an estimated $13 billion in productivity and affected users in eight U.S. states and Ontario.
Initial fears that terrorists had caused the blackout were quickly set aside, despite a few claims of responsibility from radical groups. That said, it’s interesting to note that the post-blackout analysis and report by the U.S.-Canada Power System Outage Task Force recommended 46 steps for making another widespread outage less likely. Significantly, 13 of the suggestions called for improving the cyber security of the North American electricity grid.
Doors wide open
The cyber security recommendations shouldn’t have come as a surprise because the experts on the task force know that it’s not hard for any reasonably accomplished hacker to break into interconnected utility control systems. In North America and the rest of the developed world, such control systems are unprotected by commonly accepted cyber security practices, including logging. As a result, those systems are unable to prevent, detect, or produce audit trails of an intentional or unintentional cyber event. It’s more than a little unnerving to consider how much damage can be done to the power grid by a few keystrokes from ill-intentioned hackers sitting at computers anywhere in the world (see figure).
How to thwart an attack. Attacks on utility SCADA networks can occur at any point in the chain of communications. A virtual “electronic security perimeter” should be used to thwart these attacks, regardless of source or target. The host provides control and monitoring of the data network and data logging. The remote service module (RMS) encrypts and compresses network communications with the central host. The remote modem defender (RMD) is the gateway between the network, maintenance land lines, and control points that use analog dial-up lines. Source: Aegis Technologies Inc.
To emphasize the cyber security risks to grids, Joseph M. Weiss, managing director of Applied Control Solutions, testified last October before the U.S. House of Representatives’ Homeland Security Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology. Weiss said that there had already been “more than 90 confirmed control system cyber security incidents. . . . The incidents are international in scope and span several industrial infrastructures including electric power, water, oil/gas, chemical, and manufacturing. With respect to the electric power industry, cyber incidents have occurred in transmission, distribution, and generation including fossil, hydro, and nuclear power plants. Impacts, whether intentional or unintentional, range from trivial to significant environmental discharges, serious equipment damage, and even death.”
Email
Comments
Print
Reuse
