Thursday, October 31, 2019

The full story of the March grid event



This morning, Blake Sobczak of E&E News published a story about the March grid event that definitely qualifies as the first publicly-acknowledged successful grid cyberattack in the US. We knew most of the details already, except for the name of the company involved. But Blake had filed a FOIA request, and now we know the name as well: SPower, which says they’re the large private wind developer in the US.

Some people have tried to tell me that, since this may not have been specifically targeted at the power industry, it doesn’t qualify as a grid attack. But a grid attack doesn’t have to be targeted at the grid. This one didn’t seem to have any direct impact other than loss of visibility for a number of 5-minute periods. But it could obviously have been more serious in another context.

Speaking of another context, soon I expect to post a story about an event that was originally characterized as just malware on the IT network, but – from what I recently heard - seems to have led to a much more serious loss of visibility in a large EMS system. In fact, this should probably count as the first successful grid cyberattack, since it happened last year. 


Any opinions expressed in this blog post are strictly mine and are not necessarily shared by any of the clients of Tom Alrich LLC.

If you would like to comment on what you have read here, I would love to hear from you. Please email me at tom@tomalrich.com. Please keep in mind that if you’re a NERC entity, Tom Alrich LLC can help you with NERC CIP issues or challenges like what is discussed in this post – especially on compliance with CIP-013. My offer of a free webinar on CIP-013, specifically for your organization, remains open to NERC entities and vendors of hardware or software components for BES Cyber Systems. To discuss this, you can email me at the same address.


No comments:

Post a Comment