Cybersecurity

January has traditionally been POWER’ s forecast issue, and there’s one overriding prediction I feel confident making: The speed of changes will continue to exceed the power industry’s ability to fully

In mid-November, current members of POWER’ s Generating Company Advisory Team responded by email to a set of questions about their concerns, challenges, and new initiatives as they plan for the year ahead

Another megatrend has hit the power generation industry: the Internet of Things (IoT)—countless devices with embedded electronics, sensors, and connectivity to digitally communicate with one another and

Thomas Edison State College, located in Trenton, N.J., has created an online program through which students can obtain a graduate certificate in cybersecurity with a focus on utility environments. The

The power industry is challenged by many changes in generating portfolio, operating mission profiles, grid interconnections, customer engagement, and a workforce that is losing knowledge and experience to

Hackers believed to be connected to Iran infiltrated the control system of a small dam outside New York City in 2013, according to a report in the Wall Street Journal. The Bowman Avenue Dam in Rye Brook, about 20 miles northeast of the city, is small and used only for flood control. While the hackers […]

The U.S. Senate has approved the Cybersecurity Information Sharing Act (CISA), controversial legislation intended to block the deluge of cyberattacks by opening up communication channels between the private sector and federal agencies.   Senate Bill 754 introduced in March by Sen. Richard Burr (R-N.C.) and co-sponsored by Dianne Feinstein (D-Calif.) passed the Senate by a […]

Before the official start of its Minds + Machines event in San Francisco this week, GE announced the launch of its “Digital Power Plant” during a briefing for the trade press. A formal announcement was to follow in the afternoon. Dick Ayres, general manager of software solutions, power generation services, explained that the company’s Predix […]

Researchers looking at “quantifiable differences in security performance” across industries from August 1, 2014, to August 1, 2015, found “challenging performance trends” in the critical energy and utilities sector. The third annual BitSight Insights Industry Benchmark report analyzed security ratings of nearly 10,000 organizations in six industries: finance, federal government, retail, energy and utilities, healthcare, […]

The societal impact of a “Black Sky Day”—a term used by electric infrastructure security experts when discussing a collapse of the North American power grid—would be devastating, according to Dr. Daniel Baker, distinguished professor of Planetary and Space Physics at the University of Colorado, Boulder. Baker testified before two subcommittees of the U.S. House of […]

It’s certainly no secret that for many years, the power industry has been a top target for hackers around the world. However, whereas in the past, many of these attacks were relatively easy to block using

Is the sky falling? No, but are there lessons we can learn from Chicken Little? Absolutely. False alarms and fear mongering consume energy we can ill afford to waste, but should some sort of alarm be sounding

Broad, bipartisan energy legislation that would allocate federal funding to grid technology research and demonstration along with a number of other initiatives, including cybersecurity and the energy-water nexus, has cleared the Senate Energy and Natural Resources Committee with an 18–4 vote.  The committee’s chair, Sen. Lisa Murkowski (R-Alaska), and Ranking Member Sen. Maria Cantwell (D-Wash.) […]

When a large electromagnetic pulse (EMP) or geomagnetic disturbance (GMD) event occurs—which, according to Sen. Ron Johnson (R-Wis.), there is “100% certainty” will happen at some time in the future—as many as 9 out of 10 people in the U.S. could die. Johnson, chairman of the U.S. Senate Committee on Homeland Security & Governmental Affairs, […]

A cyber attack on the U.S. power grid could potentially destroy dozens of generating units, leave 93 million people without power for weeks, and result in nearly $250 billion dollars in economic damage, according to a new report from Lloyd’s of London. Prepared to enable insurers to gauge and prepare for potential risks, the report […]

The Obama administration’s first installment in the Quadrennial Energy Review (QER) drew a variety of responses in its first public hearing before the Senate Energy and Natural Resources Committee on April 28. Chairman Lisa A. Murkowski (R-Alaska) opened the hearing with a nod to the still-in-limbo Keystone XL pipeline. She noted that though the QER […]

Since 2010, the year Stuxnet was discovered, there has been an increase in industrial control system (ICS) vulnerability research and reported vulnerabilities, exploits, and ICS-specific malware (Figure 1)

With unprecedented changes and challenges facing the U.S. energy sector, the Department of Energy has spearheaded a comprehensive assessment of the nation’s energy policy. Released the same day as ELECTRIC POWER 2015 opened, the first installment of this review was highlighted in the conference’s keynote address. U.S. energy infrastructure needs not just substantial investment for […]

Some of the anxieties about the smart grid go to the possibilities of security breaches, particularly at the interface of the distribution grid to the customer. Interest in the smart grid seems to be fading, as consumer-controlled electric devices, the “internet of things,” or, in our acronym-infected world, the IoT. These smart devices give homeowners, […]

The U.S. energy infrastructure needs not just substantial investment for the future but also considerable rethinking about its role and functions in order to be positioned to deal with a rapidly changing energy landscape and evolving threats from cyber attack and climate change. That was the message from William F. Hederman, Jr., Department of Energy […]

Staff at the Nuclear Regulatory Commission (NRC) should expeditiously complete and implement cybersecurity rulemaking for nuclear fuel-cycle facilities, the regulatory agency’s commissioners have ordered.  In a March 24 agency memorandum to Mark Satorius, NRC executive director for operations, the commission disapproved the one option, which was the staff’s recommendation, to issue a security order to […]

Cyberattacks on Korea Hydro and Nuclear Power’s (KHNP’s) computer systems last December were committed by a group of North Korean hackers, an interim South Korean investigation has concluded.  The Seoul central prosecutors office said in a March 16 statement that the malicious codes used for the nuclear operator hacking were “the same in composition and […]

Here are selected thought-provoking (and even unexpected) comments made by presenters at the 10th annual MIT Energy Conference on Feb. 27 and 28 in Cambridge, Mass. Comments are summarized and paraphrased unless presented in quotes. For more on the event, see “Exelon: The Utility of the Future Views Change as Enabling, Not Disruptive” and the […]

The threats to power industry operations—and the reliable supply of power that we all depend upon for daily life—are no longer theoretical. A roughly 250% spike in reported industrial control system incidents over the past four years demonstrates that regulations alone will not protect power infrastructure. Everyone who works in this industry needs to develop […]

One of the persistent challenges for power sector cybersecurity is integrating operational and information technology teams and functions, especially when they include remote or third-party systems. A new military-grade security approach provides industrial control system security without compromising ease of daily operations. What do power generating companies have in common with The Boeing Co.? The […]

Over the last few years, it has become increasingly clear that a massive cyber-attack on the North American electric grid represents a serious threat to U.S. national security. Over time, a string of senior

In mid-November, members of the POWER Generating Company Advisory Team responded via email to the following set of questions. Their comments have been edited for style. POWER: What changes in your fleet’s

Computer systems at Korea Hydro and Nuclear Power Co. (KHNP)—the operator of South Korea’s 23 commercial nuclear reactors—were hacked and information divulged via blog posts and posts on Twitter, according to the company. The first leaks on Dec. 15 were of personal information obtained from some of the 10,799 employees of the company, but later […]

The Cybersecurity Enhancement Act of 2014 that cleared Congress last week and was presented to President Obama on Monday has the backing of automation organizations.  The bill was one of four cybersecurity measures passed—without much debate and by voice vote—by Congress before the 113th session came to a close on Tuesday, Dec. 16. Sen. John […]

Inadequate training and a culture of complacency among many owners and operators of critical infrastructure are significantly raising the risks of highly damaging cyberattack throughout the world, according to Steve Mustard, an industrial cybersecurity subject-matter expert of the International Society of Automation (ISA). The ISA reports that Mustard, who recently delivered a presentation on industrial […]