A Congressional report was released May 21, 2013, entitled, “Electric Grid Vulnerability, Industry Responses Reveal Security Gaps.”
The report listed two (2) cyber security-related findings:
Finding 1: The electric grid is the target of numerous and daily cyber-attacks.
Finding 2: Most utilities only comply with mandatory cyber-security standards and have not implemented voluntary NERC* recommendations.
* NERC is an acronym for the North American Electric Reliability Corporation.
- More than a dozen utilities reported “daily,” “constant,” or “frequent” attempted cyber-attacks ranging from phishing to malware infection to unfriendly probes.
- One utility reported that it was the target of approximately 10,000 attempted cyber-attacks each month.
- More than one public power provider reported being under a “constant state of ‘attack’ from malware and entities seeking to gain access to internal systems.” A Northeastern power provider said that it was “under constant cyber attack from cyber criminals including malware and the general threat from the Internet…”
- A Midwestern power provider said that it was “subject to ongoing malicious cyber and physical activity. For example, we see probes on our network to look for vulnerabilities in our systems and applications on a daily basis. Much of this activity is automated and dynamic in nature – able to adapt to what is discovered during its probing process.
- Almost all utilities cited compliance with mandatory NERC standards. Of those that responded to a question of how many voluntary cyber-security measures recommended by NERC had been implemented, most indicated that they had not implemented any of these measures.
- “Grid operations and control systems are increasingly automated, incorporate two-way communications, and are connected to the Internet or other computer networks. While these improvements have allowed for critical modernization of the grid, this increased interconnectivity has made the grid more vulnerable to remote cyber attacks.” [emphasis added]
The newly issued report reinforces prior similar credible reports and conclusions that:
- Cyber-related attacks on our electrical grid are increasing.
- Not enough has been done to curb the increasing threat.
- Implementation of the smart grid makes the grid more vulnerable to remote cyber attacks.
Refer to the link below for the full report.