DOE’s Form OE-417 collects information from the US utilities on electric incidents and emergencies. The OE-417 data covers the time span from 2000 through the end of February 2022 and so does not include any incidents since the start of the 2022 Russia-Ukraine War. There have been 37 cyberattacks identified, four of those cyberattacks lasted at least one and a half days with one lasting more than 4 months. There have been 150 “complete loss of view or control for more than 30 minutes” incidents reported since June 2018. several of these incidents lasted from 4 to 25 hours. Moreover, at least 11 of these incidents led to demand losses of at least 80 MW and, in one case, led to 130,000 customers losing power. There were several incidents where utilities in multiple locations had “loss of monitoring or control” starting at exactly the same time and ending at exactly the same time. Given it wasn’t weather or a common telecommunication provider issue, the only logical explanation is that a sophisticated attacker got simultaneous access to multiple utilities’ bulk control center SCADA systems and shut off monitoring (and possibly took control). It is not a stretch to say that our adversaries could be practicing for more impactful attacks at a time of their choosing.
