This
morning, Blake Sobczak of E&E News
published a story
about the March grid
event that definitely qualifies as the first publicly-acknowledged successful
grid cyberattack in the US. We knew most of the details already, except for the
name of the company involved. But Blake had filed a FOIA request, and now we
know the name as well: SPower, which says they’re the large private wind
developer in the US.
Some people
have tried to tell me that, since this may not have been specifically targeted
at the power industry, it doesn’t qualify as a grid attack. But a grid attack
doesn’t have to be targeted at the grid. This one didn’t seem to have any
direct impact other than loss of visibility for a number of 5-minute periods.
But it could obviously have been more serious in another context.
Speaking of
another context, soon I expect to post a story about an event that was
originally characterized as just malware on the IT network, but – from what I
recently heard - seems to have led to a much more serious loss of visibility in
a large EMS system. In fact, this should probably count as the first successful
grid cyberattack, since it happened last year.
Any opinions expressed in this blog post are strictly mine
and are not necessarily shared by any of the clients of Tom Alrich LLC.
If you would like to comment on what you have read here, I
would love to hear from you. Please email me at tom@tomalrich.com. Please keep in mind that
if you’re a NERC entity, Tom Alrich LLC can help you with NERC CIP issues or
challenges like what is discussed in this post – especially on compliance with
CIP-013. My offer of a free
webinar on CIP-013, specifically for your organization, remains open to
NERC entities and vendors of hardware or software components for BES Cyber
Systems. To discuss this, you can email me at the same address.
No comments:
Post a Comment