July 21, 2016
The aftermath of the cyberattack in Ukraine on Dec. 23, 2015, produced two unexpected lessons that U.S. grid operators have started to take to heart.
After cutting off power to nearly 250,000 homes and businesses in western Ukraine, the cyber terrorists delivered a final punch to the gut. The hackers wrecked some of the digital controls the operators needed to restart the system remotely. An aptly named cyber weapon called “KillDisk” hidden inside the Ukraine system erased parts of the operators’ startup software.
But substations across the Ukraine utilities’ grid networks still had Soviet-era manual controls, so crews were able to restore power by hand within six hours.
“It was the folks who got in trucks and knew where to go and drove out and found the breakers that had been tripped through the remote access tools,” said Suzanne Spaulding, undersecretary of the Department of Homeland Security’s National Protection and Programs Directorate, in a blog interview.
Now, some leading U.S. grid officials, members of Congress and security experts are warning that old-fashioned protection might be needed for the more advanced U.S. power grid. Fail-safe cyberdefenses cannot be assumed in the age of the smart grid.
“We had this rush to automation over the last 15 years or so, on some level almost blind to security risks we are creating,” said Scott Aaronson, executive director for security and business continuity at the Edison Electric Institute, which represents large, investor-owned utilities.
“It is good we have automation, which gives us better situational awareness. But it also increases the attack surfaces,” he added, referring to the proliferation of sensors and controls that rely on software and connect to the virus-infected internet.