Digital Utility Group
The mission of this group is to bring together utility professionals in the power industry who are in the thick of the digital utility transformation.
Shared Link
Utility/DOE data indicates sophisticated hackers have compromised US electric control centers
DOE’s Form OE-417 collects information from the US utilities on electric incidents and emergencies. The OE-417 data covers the time span from 2000 through the end of February 2022 and so does not include any incidents since the start of the 2022 Russia-Ukraine War. There have been 37 cyberattacks identified, four of those cyberattacks lasted at least one and a half days with one lasting more than 4 months. There have been 150 “complete loss of view or control for more than 30 minutes” incidents reported since June 2018. several of these incidents lasted from 4 to 25 hours. Moreover, at least 11 of these incidents led to demand losses of at least 80 MW and, in one case, led to 130,000 customers losing power. There were several incidents where utilities in multiple locations had “loss of monitoring or control” starting at exactly the same time and ending at exactly the same time. Given it wasn’t weather or a common telecommunication provider issue, the only logical explanation is that a sophisticated attacker got simultaneous access to multiple utilities’ bulk control center SCADA systems and shut off monitoring (and possibly took control). It is not a stretch to say that our adversaries could be practicing for more impactful attacks at a time of their choosing.
Utility/DOE data indicates sophisticated hackers have compromised US electric control centers
DOE’s Form OE-417 collects information from the US utilities on electric incidents and emergencies. The OE-417 data covers the time span from 2000 through the end of February 2022 and so does not include any incidents since the start of the 2022 Russia-Ukraine War. There have been 37 cyberattacks identified, four of those cyberattacks lasted at least one and a half days with one lasting more than 4 months. There have been 150 “complete loss of view or control for more than 30 minutes” incidents reported since June 2018. several of these incidents lasted from 4 to 25 hours. Moreover, at least 11 of these incidents led to demand losses of at least 80 MW and, in one case, led to 130,000 customers losing power. There were several incidents where utilities in multiple locations had “loss of monitoring or control” starting at exactly the same time and ending at exactly the same time. Given it wasn’t weather or a common telecommunication provider issue, the only logical explanation is that a sophisticated attacker got simultaneous access to multiple utilities’ bulk control center SCADA systems and shut off monitoring (and possibly took control). It is not a stretch to say that our adversaries could be practicing for more impactful attacks at a time of their choosing.
Discussions
No discussions yet. Start a discussion below.
- Another case where process sensor monitoring could have prevented a facility shutdown
- Process sensors are different than IOT and IIOT devices
- More than 17 million control system cyber incidents are hidden in plain sight
- IEEE paper on process sensor monitoring – what you need to know about process sensor cyber security
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.
Your access to Member Features is limited.
Sign in to Participate