Today at the S4x16 conference, Sean McBride of iSight Partners (which recently bought his company, Critical Intelligence. I have known Sean for a long time and have great respect for him. I’ve written about him in this and this posts) did an impromptu presentation on the Ukrainian cyber attack on the grid. He immediately answered what was my biggest question: Was the loss of load actually a result of the attack, and not just an excuse for an outage caused by something else?
His answer: Yes it was, although there still is a lot that’s not known about the attack. I won’t go into the details of what he said, especially since they’re evolving. However, I was impressed by one very interesting detail: The loss of load resulted from attacks (perhaps combining physical as well as cyber means) on several Distribution substations.
This gets back to something I just discussed in the previous post: Since NERC and FERC just have jurisdiction over the Bulk Electric System, NERC CIP can never provide a comprehensive solution to the problem of the cyber security of the North American power grid – unless some way is found to incorporate Distribution in there. That will require an act of Congress (not easy to come by nowadays, in case you haven’t noticed) as well as a lot of negotiation with the state Public Utility Commissions, who consider the Distribution grid to be their domain.
I’m sure I’ll have multiple posts on this issue as we go forward (and I’d welcome any comments). But I refer you back to the Maginot Line analogy in the previous post: Ultimately, any effort just to protect the BES will be futile when attackers can simply go around the BES and come in through the Distribution grid. When I wrote this just three days ago, I didn’t think confirmation would come so quickly.
Note 1/15: This news article provides more information on Sean's talk, as well as comments by several other S4 attendees or speakers.
The views and opinions expressed here are my own and don’t necessarily represent the views or opinions of Deloitte Advisory.