North America’s electricity grid is facing increasing risk of cyberattacks from criminals, terrorists and foreign states, and utilities have to devote growing resources to defend the system, a regulators’ conference was told this week.
The technological modernization of the grid – from smart meters to less-centralized generation – is creating new opportunities for cyberthreats to enter the system, and new risk for the utilities.
“There is a growing appreciation among utilities that this is real, and it is part and parcel of doing business now,” Francis Bradley, vice-president of the Canadian Electricity Association, said Wednesday.
The threats range from nuisance hacking that can disrupt software systems, to attacks on the grid by shadowy, state-backed groups in an effort to steal secrets, sow terror or disable critical infrastructure.
Companies that own transmission lines or oil and gas pipelines also worry about “hacktivists” targeting their operations as part of their protest against controversial developments. And the companies regularly consult with police and public safety agencies about those threats.
The hacktivist group, Anonymous, has publicly opposed TransCanada Corp.’s proposed Keystone XL pipeline project and has vowed to participate in the ongoing fight against the project.
At a conference in Halifax this week, U.S. energy regulator Philip Jones said there are a “number of actors” who are targeting the North American energy infrastructure.
“It’s not a question of if but when we are going to have some sort of cyberattack on the grid,” Mr. Jones told a meeting of Canada’s energy and utility regulators. Mr. Jones is a member of Washington State’s utilities and transportation commission and former president of the national regulators’ association in the United States.
“My biggest nightmare is that there is a co-ordinated physical and cyberattack.”
There is a major effort to identify and prevent thefts to critical infrastructure among officials from Homeland Security, Public Safety Canada, state and provincial and utilities themselves.
Mr. Bradley noted that cyberthreat researchers have identified state-sponsored threats from China, Russia and Syria that specifically target North America and specifically target industrial control functions to either disable them or extract information.
“There are significant and growing risks,” he said, adding that utilities and indeed all companies need to have preventative measures and well-rehearsed response strategies.
In a report last year, cybersecurity firm Mandiant Corp. exposed a multiyear, large-scale computer espionage threat originating from a group in China with close ties to the People’s Liberation Army.
With the growing digitization of the electricity transmission and distribution system, cyberthreats are growing. Smart meters send information on homeowners’ energy use back to local distribution companies, and some critics worry that information could be hacked for criminal purposes.
Mr. Bradley said there is little valuable information that would be obtained by hacking the smart meters, noting there is no credit card or financial information exchanged.
“It does create some additional risk but the nature of the risk isn’t as significant as it is in, say, the threat to industrial controls,” he said.
Robert Gordon, a special adviser to Public Safety Canada on cyber threats, identified three distinct risks that Ottawa is working with industry to combat: criminal, espionage and activism.
He said many companies still don’t have adequate safeguards, and often don’t know their systems have been compromised.