Quantcast
Connect with us

Russians hacked into America’s electric grid — here’s why securing it is hard

Published

on

Hackers taking down the U.S. electricity grid may sound like a plot ripped from a Bruce Willis action movie, but the Department of Homeland Security has recently disclosed new details about the extent to which Russia has infiltrated “critical infrastructure” like American power plants, water facilities and gas pipelines.

This hacking is similar to the 2015 and 2016 attacks on Ukraine’s grid. While DHS has raised the number of the Russian utility-hacking incidents it detected from dozens to hundreds, it still maintains that this infiltration has not risen beyond scouting mode. Russia denies having any role in the hacking, yet the specter of Russian sabotage in the U.S. now seems more realistic than it used to.

ADVERTISEMENT

Clearly, there’s no time to waste in shoring up the grid’s security. Yet getting that done is not easy, as I’ve learned through my research regarding efforts in to stave off outages in hurricane-prone Florida.

A catch-22

There is no way to completely protect the grid. Even if that were possible, utilities tend to adopt new and better security procedures after mishaps, boosting the chance that some attacks will succeed.

Regulation at the state and federal levels makes it hard for utilities and regulators to work together to get this job done.

Utilities can charge their customers only what it takes for them to cover reasonable expenses. Regulators must approve their rates through a process that needs to be open to public scrutiny.

ADVERTISEMENT

Say, for example, a power company is building a substation. The utility would disclose what it spent on construction, prove that it picked its contractors responsibly and explain how this new capacity is enhancing its service. The regulator then must decide what rate hikes, if any, would be reasonable – after hearing out everyone with something at stake.

Following this routine is harder with cyberdefense spending. Security concerns make it tough if not impossible for utilities to say what they’re doing with that money. Regulators, therefore, have a hard time figuring out whether utilities are spending too much or too little or maybe even wasting money on an unnecessary expense.

ADVERTISEMENT

If regulators blindly approve these rate hikes, it can be an abdication of their duties. If they reject them, utilities get penalized for shoring up their security and then lose an incentive to keep doing the right thing.

To err is human

Even though the idiosyncrasies of utility regulation make cyberdefense a more complicated issue than it might otherwise be, tools to manage this risk are available.

Mitigating the damage that human error can cause in response to malicious attacks, for example, may not demand any spending beyond what it costs to teach workers at utilities and their contractors to refrain from blindly opening perilous email attachments, the avenue into the electricity system used by hackers in the 2015 Ukraine attacks and in the system breaches the government recently disclosed.

ADVERTISEMENT

They also need to guard against so-called watering-hole attacks. According to the new DHS revelations, Russian hackers set traps in websites that utility vendors were known to frequent – many of which had insufficient cybersecurity measures in place. They then leveraged that access to steal the credentials they needed to worm their way into utilities’ systems.

Indeed, hackers delivered almost 94 percent of all malware in 2016 through email systems. Clearly, more widespread awareness of the need to keep an eye out for phishing attacks will help secure infrastructure.

Regulators have been studying strategies that might enhance cybersecurity. Standards are already in place in the U.S., Canada and part of Mexico for utilities to assess their capability to prevent or detect cyberattacks.

ADVERTISEMENT

Preventative measures can include states adopting new regulations that protect utilities’ confidential information and doing more to train utility workers to spot and confront cybersecurity threats.

It’s also important that regulators recognize that securing systems is an ongoing process. It can never really end because as system security measures change, hackers devise new ways to circumvent them.

Grid resilience

Grid resilience strategies can help to maintain service regardless of the source of the outage. For example, many utilities have invested in “self-healing” systems that isolate glitches in the grid and quickly restore service amid outages.

ADVERTISEMENT

Here’s an example of how that works. During Hurricane Matthew in Florida, in 2016, Florida Power and Light identified a threatened substation and isolated it from the rest of the grid. This measure protected its customers by ensuring that outages at that substation would not spread.

Utilities can also create microgrids, or portions of the grid that can be isolated from the rest of the system in the event of an attack. Most of these systems have been designed to improve resilience in the event of natural disasters and storm events. But they can help defend the grid against cyberattacks as well.

Public concerns over grid security are more justified than ever. But I believe that minimizing the risk of a catastrophic infrastructure attack is within reach. All it will take is for utilities to educate their workers on system security while the government updates its rules and practices – and for everyone involved to keep doing what they can to avert outages of all kinds and to restore power as quickly as possible when outages occur despite those efforts.

ADVERTISEMENT

The ConversationEditor’s note: This article was updated on July 24, 2018 to add news regarding the scale of the hacking and the discovery that hackers used watering-hole attacks.

By Theodore J. Kury, Director of Energy Studies, University of Florida

This article was originally published on The Conversation. Read the original article.

Enjoy this piece?

… then let us make a small request. Like you, we here at Raw Story believe in the power of progressive journalism — and we’re investing in investigative reporting as other publications give it the ax. Raw Story readers power David Cay Johnston’s DCReport, which we've expanded to keep watch in Washington. We’ve exposed billionaire tax evasion and uncovered White House efforts to poison our water. We’ve revealed financial scams that prey on veterans, and legal efforts to harm workers exploited by abusive bosses. We’ve launched a weekly podcast, “We’ve Got Issues,” focused on issues, not tweets. And unlike other news outlets, we’ve decided to make our original content free. But we need your support to do what we do.

Raw Story is independent. You won’t find mainstream media bias here. We’re not part of a conglomerate, or a project of venture capital bros. From unflinching coverage of racism, to revealing efforts to erode our rights, Raw Story will continue to expose hypocrisy and harm. Unhinged from billionaires and corporate overlords, we fight to ensure no one is forgotten.

We need your support to keep producing quality journalism and deepen our investigative reporting. Every reader contribution, whatever the amount, makes a tremendous difference. Invest with us in the future. Make a one-time contribution to Raw Story Investigates, or click here to become a subscriber. Thank you. Click to donate by check.

Enjoy this piece?

… then let us make a small request. Like you, we here at Raw Story believe in the power of progressive journalism — and we’re investing in investigative reporting as other publications give it the ax. Raw Story readers power David Cay Johnston’s DCReport, which we've expanded to keep watch in Washington. We’ve exposed billionaire tax evasion and uncovered White House efforts to poison our water. We’ve revealed financial scams that prey on veterans, and efforts to harm workers exploited by abusive bosses. We’ve launched a weekly podcast, “We’ve Got Issues,” focused on issues, not tweets. Unlike other news sites, we’ve decided to make our original content free. But we need your support to do what we do.

Raw Story is independent. You won’t find mainstream media bias here. We’re not part of a conglomerate, or a project of venture capital bros. From unflinching coverage of racism, to revealing efforts to erode our rights, Raw Story will continue to expose hypocrisy and harm. Unhinged from corporate overlords, we fight to ensure no one is forgotten.

We need your support to keep producing quality journalism and deepen our investigative reporting. Every reader contribution, whatever the amount, makes a tremendous difference. Invest with us in the future. Make a one-time contribution to Raw Story Investigates, or click here to become a subscriber. Thank you.



Report typos and corrections to: [email protected]. Send news tips to: [email protected].
READ COMMENTS - JOIN THE DISCUSSION
Continue Reading

Facebook

Britain’s Prince Andrew ‘appalled’ by Epstein abuse claim

Published

on

Britain's Prince Andrew has said he was "appalled" by allegations of sexual abuse surrounding Jeffrey Epstein after a video was released purporting to show him at the home of the convicted paedophile in 2010.

"The Duke of York has been appalled by the recent reports of Jeffrey Epstein's alleged crimes," Buckingham Palace said in a statement, the Press Association reported on Sunday.

"His Royal Highness deplores the exploitation of any human being and the suggestion he would condone, participate in or encourage any such behaviour is abhorrent," the statement said.

Continue Reading

Breaking Banner

Barack Obama was an awesome president — and Democrats shouldn’t forget that

Published

on

It's time for a defense of Barack Obama, the best American president of the last 50 years.

Part of that is because the competition hasn't exactly been fierce, but we'll get to that in a moment. First it is worth reflecting on how Obama became something of a goat during the last round of Democratic debates in Detroit. As the Rev. Al Sharpton said afterward, "This whole suicide mission of going after Barack Obama smells like desperation, and I think it certainly shows that some of them are just not ready for where they are."

Continue Reading
 

2020 Election

Morning Joe uses Fox News report to ridicule Trump’s business skills in coming trade deal with China

Published

on

During a discussion on bad economic reports indicating that the U.S. may be heading for a recession, "Morning Joe" host Joe Scarborough first mocked President Donald Trump's business acumen before predicting that he will cobble together a bad deal with China in hopes of slowing down the economic slide before the 2020 election.

Using a report he heard on Fox News, which predicted that same scenario, the MSNBC host noted that China knows they have the president over a barrel.

"I actually heard this on Fox News last week. somebody expressing real concern that the Chinese already know that, for Donald Trump, the only sort of economic trick he has left in his bag is to come to a resolution on the trade war with China to get the economy going," Scarborough recalled. "Well, if we all know that, then the Chinese leaders know that. Xi [Jinping] knows that."

Continue Reading
 
 

Thank you for whitelisting Raw Story!

As a special thank you, from now until August 31st, we're offering you a discounted rate of $5.99/month to subscribe and get ad-free access. We're honored to have you as a reader. Thank you. :) —Elias, Membership Coordinator
LEARN MORE
close-link
close-image