By Richard Schlottmann, NERC Project Manager
Every day it seems there are new attacks or vulnerabilities reported through EIASC (NERC’s reporting portal for physical and cyber-attacks on grid assets). It is good to see that Facilities are taking an active role in reporting these attacks, it is even more disconcerting that we are seeing so many reported every day.
It is difficult enough as it is to keep the lights on for everyone in our nation due to aging infrastructure and the increased penetration of renewables that contribute to instability on the grid. Add in additional impact of threatening letters, cyber-attacks and actual physical damage to facilities and it is amazing our lights come on pretty much 100 percent of the time! In a high-pressure environment that demands attention to both plant operation and transmission operations, throwing more potential threat vectors into the mix makes it increasingly possible for major incidents to occur that will greatly affect reliability and resiliency of the grid.
What can we do in the industry to ensure that we keep the power available for our customers? Being vigilant is a must, be hyper aware of your surroundings and look for things out of the ordinary. This could mean that if you notice the controls behaving in an unusual way or seeing loss of data you might have malicious code or an unauthorized penetration into the OT environment. Be aware of whom is allowed on or near your facility, there have been numerous reports of people photographing plants and transmission facilities, unknown drones scouting sites as well as physical breaching of site security systems. Vandalism of equipment is on the rise; it is going from people stealing copper from grounding grids to destruction of equipment (transformers and breakers getting shot up) to removal of bus bars and conductors from energized equipment. So far, the impact has been minor, but that impact is growing in scope and even for the small number of customers impacted to date, I am sure the level of impact was meaningful to them.
Effective security controls can help minimize impacts, but they are only as good as the people using them. Walking your facility on a regular basis can make you aware of potential problem areas before they become entry points exploitable by bad actors. Don’t be afraid to report emails as phishing scams and make it a good practice to not open attachments unless you know they are safe and clean of malware. Also, make use of your local law enforcement agencies when seeking assistance for unknown people or drone activity near or on your Facility’s property. I will leave you with another best practice, when in doubt report all suspicious activity via the OE417 form and EISAC so that there is more information for entities to use to help determine the nature of these threats and attacks on our electrical infrastructure.