The Buzz

Cyber Threats to the U.S. Electric Grid Are Real

On December 30th, the Washington Post incorrectly reported that Russian hackers had penetrated the U.S. electric grid through a Vermont utility. While this story ended up being an error as malicious code was found in a computer which was not connected to the grid, it highlights the importance of protecting the U.S. electric grid from cyber-attacks. The federal government, some states and the private sector are implementing programs, especially ones that focus on information sharing, to keep the power grid safe from such threats.

Most industrial control systems used in the electric grid are connected to the Internet, making them vulnerable to a cyber-attack. U.S. officials have tracked efforts by China, Russia and other countries to implant malicious software inside computers used by U.S. utilities as far back as 2009. American officials believe that a cyber-campaign against the U.S. energy industry in 2014 resulted in the penetration of at least 17 companies’ systems, including four utilities, where hackers stole data and gained access to private networks. Such information and access could potentially allow them to remotely adjust equipment settings. Because the U.S. power grid is a large system with interconnected networks, taking down one or more utilities could easily destabilize large areas of the grid.

Ukraine is one example of a country that has had power interrupted as a result of a cyber-attack to its power grid. In December 2015, Ukraine’s electric grid was hacked by a third party and about 225,000 customers lost power. Since then, Ukraine has experienced 6,500 cyber hacks to state institutions in November and December 2016 alone. Ukraine has accused Russia of these cyber-attacks, but Moscow has denied involvement. Cyber threats to the electric grid are real. It is only a matter of time another country experiences a similar attack on its electric grid.

The U.S. federal government has implemented multiple programs to boost cybersecurity in critical sectors. The Cyber Security Advisor Program recognizes that a regional and national cyber security focus is necessary to protect critical infrastructure. This program assigns Department of Homeland Security (DHS) personnel to 10 regions to bolster cybersecurity preparedness, risk mitigation and incident response capabilities of critical infrastructure. The Cyber Resilience Review aims to measure key cybersecurity capabilities to provide indicators of an entity’s operational resilience and ability to manage cyber risk to critical services. This program includes a free voluntary assessment to evaluate and enhance cybersecurity within critical infrastructure sectors and state and local governments.

President Barack Obama issued Executive Order 13636 in February 2013 which established U.S.  policy to enhance the security and resilience of the nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties. The Executive Order called for a voluntary risk-based Cybersecurity Framework to provide a set of industry standards and best practices to help organizations manage cybersecurity risks.

Information sharing and analysis plays a critical role in cyber security. Enhanced Cybersecurity Services utilizes sensitive and classified cyber threat information to block malicious traffic from entering customer networks. The Cybersecurity Information Sharing and Collaboration Program allows the government and private sector to block certain cyber threats prior to damage occurring. The Automated Indicator Sharing (AIS) initiative is an effort to create a system that shares information about attempted compromises, such as malicious IP addresses or the sender address of a phishing email, detected by a federal agency in real time with partners.

One good example of enabling collective cyber defense through information sharing is the report on Russian malicious cyber activity, released by DHS and the Federal Bureau Investigation. This document includes cyber signatures including IP addresses, signatures and character combinations known as file hashes that allow governments and companies to review their log history, identify them and eliminate any compromises. This is the first time the federal government has gone to such lengths to attribute malicious cyber activity to specific actors in Russia.