- I believe most coal, hydro and gas generating plants – especially those that are Medium impact under CIP – are probably fairly cyber secure as far as their own operations go. In other words, if one of these plants were to experience a cyber attack, it is very unlikely that it would be tripped.
- This also applies to the Criterion 2.1 plants (>1500MW) that have been segmented so that there are no Medium impact BES Cyber Systems. There is a popular misconception that the ability to segment the plant so that no single system can affect 1500MW – which means there are no Medium BCS - constitutes a “loophole” in the CIP requirements. This is simply not the case. If say an 1800MW plant with three 600MW units is properly segmented (and the auditors are looking at this very closely whenever an entity claims that a 1500MW+ plant has no Medium BCS), then this plant is no more vulnerable to a complete shutdown from a cyberattack than would be three 600MW plants situated near each other. The only difference is that in the first case, the three “plants” share a common fence and in the second they don’t.[ii] Of course, if you think the 1500MW threshold is too high and it should really be around 500MW, that’s another story – but I think this is appropriate, and it’s actually a lot lower than the 2200MW that I remember was originally approved by the Standards Drafting Team[iii].
- Even if a single plant, no matter how large, were to be brought down by a cyber attack, this would most likely not have a BES impact, since N-1 contingencies are already well planned-for. The danger to the BES would be from a coordinated attack on multiple plants.
- Such a coordinated attack would be very hard to pull off (I used to think it was literally impossible, but now I’m not quite so sure about that, given some information I learned fairly recently about a situation in one part of the US. I am trying to interest various organizations in investigating this potential vulnerability. So far I haven’t had any success, but I’m not done yet. I will never publish details about this in my blog, but I’m not going to stop until some organization has committed to investigating this situation. However, even if this vulnerability were to be exploited, it is highly unlikely that an outage would occur, and certainly not a widespread or even cascading outage).
So my position is that, while it wouldn't be completely impossible to cause a widespread outage by attacking generation, it would be very difficult. As I said at the end of the article linked at the top, if you're aiming to bring down the North American power grid, you need to look elsewhere than generation.