Today at the
S4x16 conference, Sean McBride of iSight Partners (which recently bought his
company, Critical Intelligence. I have known Sean for a long time and have
great respect for him. I’ve written about him in this
and this
posts) did an impromptu presentation on the Ukrainian cyber
attack on the grid. He immediately answered what was my biggest question:
Was the loss of load actually a result of the attack, and not just an excuse
for an outage caused by something else?
His answer:
Yes it was, although there still is a lot that’s not known about the attack. I
won’t go into the details of what he said, especially since they’re evolving.
However, I was impressed by one very interesting detail: The loss of load
resulted from attacks (perhaps combining physical as well as cyber means) on
several Distribution substations.
This gets
back to something I just discussed in the previous post:
Since NERC and FERC just have jurisdiction over the Bulk Electric System, NERC
CIP can never provide a comprehensive solution to the problem of the cyber
security of the North American power grid – unless some way is found to
incorporate Distribution in there. That will require an act of Congress (not
easy to come by nowadays, in case you haven’t noticed) as well as a lot of
negotiation with the state Public Utility Commissions, who consider the
Distribution grid to be their domain.
I’m sure I’ll
have multiple posts on this issue as we go forward (and I’d welcome any
comments). But I refer you back to the Maginot Line analogy in the previous
post: Ultimately, any effort just to protect the BES will be futile when
attackers can simply go around the BES and come in through the Distribution
grid. When I wrote this just three days ago, I didn’t think confirmation would
come so quickly.
Note 1/15: This news article provides more information on Sean's talk, as well as comments by several other S4 attendees or speakers.
The views and opinions expressed here are my own and don’t
necessarily represent the views or opinions of Deloitte Advisory.
No comments:
Post a Comment