Digital Utility Group
The mission of this group is to bring together utility professionals in the power industry who are in the thick of the digital utility transformation.
Shared Link
Utility/DOE data indicates sophisticated hackers have compromised US electric control centers
DOE’s Form OE-417 collects information from the US utilities on electric incidents and emergencies. The OE-417 data covers the time span from 2000 through the end of February 2022 and so does not include any incidents since the start of the 2022 Russia-Ukraine War. There have been 37 cyberattacks identified, four of those cyberattacks lasted at least one and a half days with one lasting more than 4 months. There have been 150 “complete loss of view or control for more than 30 minutes” incidents reported since June 2018. several of these incidents lasted from 4 to 25 hours. Moreover, at least 11 of these incidents led to demand losses of at least 80 MW and, in one case, led to 130,000 customers losing power. There were several incidents where utilities in multiple locations had “loss of monitoring or control” starting at exactly the same time and ending at exactly the same time. Given it wasn’t weather or a common telecommunication provider issue, the only logical explanation is that a sophisticated attacker got simultaneous access to multiple utilities’ bulk control center SCADA systems and shut off monitoring (and possibly took control). It is not a stretch to say that our adversaries could be practicing for more impactful attacks at a time of their choosing.
Utility/DOE data indicates sophisticated hackers have compromised US electric control centers
DOE’s Form OE-417 collects information from the US utilities on electric incidents and emergencies. The OE-417 data covers the time span from 2000 through the end of February 2022 and so does not include any incidents since the start of the 2022 Russia-Ukraine War. There have been 37 cyberattacks identified, four of those cyberattacks lasted at least one and a half days with one lasting more than 4 months. There have been 150 “complete loss of view or control for more than 30 minutes” incidents reported since June 2018. several of these incidents lasted from 4 to 25 hours. Moreover, at least 11 of these incidents led to demand losses of at least 80 MW and, in one case, led to 130,000 customers losing power. There were several incidents where utilities in multiple locations had “loss of monitoring or control” starting at exactly the same time and ending at exactly the same time. Given it wasn’t weather or a common telecommunication provider issue, the only logical explanation is that a sophisticated attacker got simultaneous access to multiple utilities’ bulk control center SCADA systems and shut off monitoring (and possibly took control). It is not a stretch to say that our adversaries could be practicing for more impactful attacks at a time of their choosing.
- Many OT cyber security experts don’t understand the systems they are trying to secure – the square peg in the round hole
- Critical infrastructures cannot be secure when critical equipment isn’t
- Another process sensor incident that has killed people
- Windows-based HMIs are too slow for monitoring process sensors or plant equipment anomalies
Discussions
No discussions yet. Start a discussion below.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.
Your access to Member Features is limited.
Sign in to Participate