Russia Hacks Into U.S. Power Plants
According to an alert from the United States Computer Emergency Readiness Team yesterday, Russia has hacked into many of our government entities and domestic companies in the energy, nuclear, commercial facilities, water, aviation and critical manufacturing sectors – essentially most of what makes our country go.
This is not new — Russia seems to have made hacking America its favorite past-time, most notably in its efforts to impact the 2016 presidential campaign. They’ve been hacking into our electric grid for some time. It’s just that we haven’t done much to stop it or to respond in any potent fashion.
The electric grid is a system of systems, managed by thousands of people, computers and manual controls, with data supplied by tens of thousands of sensors connected by a wide variety of communications networks. Over the next 20 years, the growth in data flowing through our grid will far exceed the flow of electricity.
So it is essential that we protect it from cyber-attack.
According to an MIT study on the future of the grid, it will be impossible to fully protect the grid from cyber accident or attack, so mechanisms to respond, and recover rapidly in order to reduce the impact of these events, need to be promulgated throughout the industry as quickly as possible.
As described in the study, the U.S. National Institute of Standards and Technology Cybersecurity Working Group identified 137 types of interfaces between different grid systems. For example, every smart meter and most sensors and major pieces of equipment at generating plants and substations will have communications modules, using millions of components from potentially hundreds of manufacturers. Software applications will also be provided by many different developers.
While the North American Electric Reliability Corporation has developed Cybersecurity Infrastructure Protection standards covering the bulk power system, no organization presently has responsibility for overseeing grid cybersecurity across all aspects of our energy systems.
Therefore, to cope with cybersecurity threats, the first thing to do is give a single federal agency responsibility for cybersecurity preparedness, response, and recovery across the entire electric power sector, including both bulk power and distribution systems. This is going to take years to implement.