Hackers taking down the U.S. electricity grid may sound like a plot ripped from a Bruce Willis action movie, but the Department of Homeland Security has recently disclosed new details about the extent to which Russia has infiltrated “critical infrastructure” like American power plants, water facilities and gas pipelines.
This hacking is similar to the 2015 and 2016 attacks on Ukraine’s grid. While DHS has raised the number of the Russian utility-hacking incidents it detected from dozens to hundreds, it still maintains that this infiltration has not risen beyond scouting mode. Russia denies having any role in the hacking, yet the specter of Russian sabotage in the U.S. now seems more realistic than it used to.
Clearly, there’s no time to waste in shoring up the grid’s security. Yet getting that done is not easy, as I’ve learned through my research regarding efforts in to stave off outages in hurricane-prone Florida.
There is no way to completely protect the grid. Even if that were possible, utilities tend to adopt new and better security procedures after mishaps, boosting the chance that some attacks will succeed.
Say, for example, a power company is building a substation. The utility would disclose what it spent on construction, prove that it picked its contractors responsibly and explain how this new capacity is enhancing its service. The regulator then must decide what rate hikes, if any, would be reasonable – after hearing out everyone with something at stake.
Following this routine is harder with cyberdefense spending. Security concerns make it tough if not impossible for utilities to say what they’re doing with that money. Regulators, therefore, have a hard time figuring out whether utilities are spending too much or too little or maybe even wasting money on an unnecessary expense.
If regulators blindly approve these rate hikes, it can be an abdication of their duties. If they reject them, utilities get penalized for shoring up their security and then lose an incentive to keep doing the right thing.
To err is human
Even though the idiosyncrasies of utility regulation make cyberdefense a more complicated issue than it might otherwise be, tools to manage this risk are available.
Mitigating the damage that human error can cause in response to malicious attacks, for example, may not demand any spending beyond what it costs to teach workers at utilities and their contractors to refrain from blindly opening perilous email attachments, the avenue into the electricity system used by hackers in the 2015 Ukraine attacks and in the system breaches the government recently disclosed.
They also need to guard against so-called watering-hole attacks. According to the new DHS revelations, Russian hackers set traps in websites that utility vendors were known to frequent – many of which had insufficient cybersecurity measures in place. They then leveraged that access to steal the credentials they needed to worm their way into utilities’ systems.
Indeed, hackers delivered almost 94 percent of all malware in 2016 through email systems. Clearly, more widespread awareness of the need to keep an eye out for phishing attacks will help secure infrastructure.
Regulators have been studying strategies that might enhance cybersecurity. Standards are already in place in the U.S., Canada and part of Mexico for utilities to assess their capability to prevent or detect cyberattacks.
It’s also important that regulators recognize that securing systems is an ongoing process. It can never really end because as system security measures change, hackers devise new ways to circumvent them.
Grid resilience strategies can help to maintain service regardless of the source of the outage. For example, many utilities have invested in “self-healing” systems that isolate glitches in the grid and quickly restore service amid outages.
Here’s an example of how that works. During Hurricane Matthew in Florida, in 2016, Florida Power and Light identified a threatened substation and isolated it from the rest of the grid. This measure protected its customers by ensuring that outages at that substation would not spread.
Utilities can also create microgrids, or portions of the grid that can be isolated from the rest of the system in the event of an attack. Most of these systems have been designed to improve resilience in the event of natural disasters and storm events. But they can help defend the grid against cyberattacks as well.
Public concerns over grid security are more justified than ever. But I believe that minimizing the risk of a catastrophic infrastructure attack is within reach. All it will take is for utilities to educate their workers on system security while the government updates its rules and practices – and for everyone involved to keep doing what they can to avert outages of all kinds and to restore power as quickly as possible when outages occur despite those efforts.
Editor’s note: This article was updated on July 24, 2018 to add news regarding the scale of the hacking and the discovery that hackers used watering-hole attacks.
Britain’s Prince Andrew ‘appalled’ by Epstein abuse claim
Britain's Prince Andrew has said he was "appalled" by allegations of sexual abuse surrounding Jeffrey Epstein after a video was released purporting to show him at the home of the convicted paedophile in 2010.
"The Duke of York has been appalled by the recent reports of Jeffrey Epstein's alleged crimes," Buckingham Palace said in a statement, the Press Association reported on Sunday.
"His Royal Highness deplores the exploitation of any human being and the suggestion he would condone, participate in or encourage any such behaviour is abhorrent," the statement said.
Barack Obama was an awesome president — and Democrats shouldn’t forget that
It's time for a defense of Barack Obama, the best American president of the last 50 years.
Part of that is because the competition hasn't exactly been fierce, but we'll get to that in a moment. First it is worth reflecting on how Obama became something of a goat during the last round of Democratic debates in Detroit. As the Rev. Al Sharpton said afterward, "This whole suicide mission of going after Barack Obama smells like desperation, and I think it certainly shows that some of them are just not ready for where they are."
Morning Joe uses Fox News report to ridicule Trump’s business skills in coming trade deal with China
During a discussion on bad economic reports indicating that the U.S. may be heading for a recession, "Morning Joe" host Joe Scarborough first mocked President Donald Trump's business acumen before predicting that he will cobble together a bad deal with China in hopes of slowing down the economic slide before the 2020 election.
Using a report he heard on Fox News, which predicted that same scenario, the MSNBC host noted that China knows they have the president over a barrel.
"I actually heard this on Fox News last week. somebody expressing real concern that the Chinese already know that, for Donald Trump, the only sort of economic trick he has left in his bag is to come to a resolution on the trade war with China to get the economy going," Scarborough recalled. "Well, if we all know that, then the Chinese leaders know that. Xi [Jinping] knows that."