Blake
Sobczak of E&E News came out with
another very good article
on the “cyber event” that was reported on form OE-417 on March 5 by some entity
in the West – and if you haven’t read my previous two posts, you should do so
before going any further in this one. I think all of my readers can rejoice
that both of those posts, as well as this one, share one important feature:
they’re all short!
Today’s
article clears some of the fog about this event, but it also deepens it. It
makes very clear that this event, which involved a still-unspecified grid
disruption, was a cyber attack – specifically a Denial of Service attack,
although I realize that term can apply to a host of different attack types. Moreover,
the attack took advantage of a vulnerability for which a patch had already been
distributed by the vendor (whoever that is, and whatever the product is that
was attacked). The source of this statement is a “DoE official”. Since OE-417
is DoE’s form, that seems like a pretty authoritative source to me.
The mystery
is who the entity is that was attacked – and reported it. It had to be an
entity with connections in two counties in California (Los Angeles and Kern
Counties. Kern County includes Bakersfield), Converse County in Wyoming, and
Salt Lake County in Utah. Two days ago, it seemed to me – and others I talked
to about this – that only one entity, Peak Reliability, would have that sort of
footprint[i]. Peak
(formerly part of WECC) is the Reliability Coordinator for 14 Western states,
including all three states that were attacked.
However, in
today’s article, Blake quotes Peak as saying they weren’t attacked, which
leaves…no possibilities that I know of. Sigh.
But we do
now know that the North American grid has had the first reported disruption due to a cyber attack, although no load was
lost. So we’re still a little ahead of the Ukraine, since there was not only
disruption but load loss there. As my old boss used to say, thank God for small
favors.
Any opinions expressed in this blog post are strictly mine
and are not necessarily shared by any of the clients of Tom Alrich LLC.
If you would like to comment on what you have read here, I
would love to hear from you. Please email me at tom@tomalrich.com. Please keep in mind that
if you’re a NERC entity, Tom Alrich LLC can help you with NERC CIP issues or
challenges like what is discussed in this post – especially on compliance with
CIP-013. To discuss this, you can email me at the same address.
[i]
Actually, I can think of another entity, the Western Area Power Authority,
which distributes power from Federally-owned dams across the entire West. But
two days ago, WAPA denied they were attacked. Blake (or someone he talked to on
Tuesday) also identified Berkshire Hathaway Energy as a possible vector for this
attack. BHE has utilities that cover both Utah and Wyoming, but not California.
BHE has a renewables unit in California, but in Blake’s article today, the DoE
official says no generation was affected (Bill Lawrence, Director of the E-ISAC,
said the same thing in a quote in my post yesterday), and that’s what that unit
does. In any case, BHE also denies they were attacked.
No comments:
Post a Comment