Russian hackers have broken into the control rooms of U.S. utilities where they could cause blackouts, federal officials have told the Wall Street Journal.
The Russian hackers, who worked for a shadowy state-sponsored group previously identified as Dragonfly or Energetic Bear, broke into supposedly secure “air gapped” or isolated networks owned by utilities with relative ease by first penetrating the networks of key vendors who had trusted relationships with the power companies., said officials at the Department of Homeland Security.
“They got to the point where they could have thrown switches” and disrupted power flows, said Jonathan Homer, chief of industrial-control-system analysis for DHS.
Federal authorities did not identify which utilities had been compromised.
Needless to say, all manner of groups — from the North American Electric Reliability Council, the federal agency that regulates electric reliability, to PJM Interconnection, which oversees the regional grid of which Virginia is a part, to the electric utilities themselves — are paying very close attention to this issue. The obvious question for Virginians is this: What can state legislators and regulators do… if anything?
One of the aims of the Grid Modernization and Security Act of 2018, enacted this year, is to upgrade the electric transmission and distribution systems maintained by Dominion Energy, Appalachian Power Co., and the electric cooperatives. Priorities include protecting the grid against terrorist attacks and cyber attacks, although it is not clear yet what additional resources will be allocated to those efforts. Whatever conversation occurs, much of it will be behind closed doors on the not-unreasonable grounds that we don’t want to tip off the bad guys to what we’re doing.
But public involvement would helpful in some areas. What grid configuration would be the most secure? One could make the argument that a centralized grid operated by a handful of players would be easier to protect from cyber-intrusion than a grid with many players that is only as secure as the most vulnerable among them.
Conversely, one could argue that a distributed grid would be preferable. It would be easier for the Russkies (or Chinese, or Iranians, or North Koreans) to take out, say, a nuclear power plant or to overload a critical transmission line than it would be to take out thousands of small rooftop generators connected by a micro-grid.
The answers to such questions would shape the kind of electric grid that will best serve the interests of all Virginians.
Bacon’s Rebellion is in the process of organizing a roundtable on the Future Grid to discuss issues just like this. Right now, we are looking for a neutral venue (not tied to any particular faction or interest group) to host the first meeting. If you would like to participate or can suggest a meeting location, please contact me.
