Last week, I was contacted by one of the five reporters who were working on this CNN story that appeared yesterday. I’ve never had as much interaction with a reporter for one story – we emailed and talked several times, and I wrote a small position paper for her, mainly so I could get my ideas straight and not give her a jumbled mess of statements.
It was interesting to see her evolution
(which I believe was the evolution of the other reporters as well). When she
first contacted me, what she really wanted to know about was how the Russians
could take down the grid – not whether it could be done at all. As I argued in this
post last year, it’s physically impossible for any kind of disturbance –
other than an EMP attack, which is by far the worst threat the US faces, other
than a full nuclear war, of course – to take down all three Interconnections
that make up the US grid.
Even taking down one Interconnect would
be close to impossible. That is, except for ERCOT, the small Interconnect that
covers most of Texas, which almost succeeded in taking
itself down early in the morning of February 15, 2021. But you can’t blame
the Russians for that one!
Her main thrust then became that
the Russians could cause a lot of small outages by attacking small utilities
(especially distribution ones) that aren’t covered by the NERC CIP cybersecurity
standards. But I pointed out that there’s never been a cyberattack that’s
caused an outage, no matter how small, in North America. How is Russia going to
cause a bunch of small attacks? And more importantly, how would you distinguish
these from the daily attacks caused by the two most important causes of power
outages: squirrels and copper theft?
But then what do I think are the
biggest cyber threats to the grid? As I said in the article (near the end), there
are really two. First, a ransomware attack that takes down the IT network results
in the OT network having to be brought down as well, even though it wasn’t
directly compromised. This isn’t a theoretical risk. This is what happened with
Colonial Pipeline.
And more relevant for the article
(although the reporter didn’t mention this), a devastating 2018 ransomware
attack on the IT network of a very large electric utility resulted in the utility
having to bring down a thousand or so systems in their control centers and
re-image them. They lost the ability to monitor the grid in real time and also lost
their VOIP phones. What saved the grid in the 3-5 states that were dependent on
those control centers? Pure luck and a bunch of dedicated control center staff
members who pulled out their cell phones and kept things on an even keel. For
24 hours.
Fortunately, there were no serious
incidents that could have caused a sudden cascading outage, but without
real-time monitoring, it’s very unlikely they would have even known there was a
problem, if such an incident had occurred.
The second threat I pointed to was
a software supply chain attack. I honestly can’t think of a likely scenario
where such an attack would cause a widespread grid outage. But, given that software
supply chain attacks increased by something like 10,000% in the last decade (and
are still doubling or tripling every year. Read the story of the dependency
confusion attacks in 2021, in which a researcher’s demonstration of a
successful attack he conducted – without damage, of course – led within days to
thousands of copycat attacks), it’s hard to rule anything out with software
supply chain attacks.
So there’s plenty to worry about
in grid attacks, even though there’s no chance that the whole country will go
dark….Other than an EMP attack, of course. Or full-scale nuclear war. But then
the lack of power will be the least of our problems.
Any opinions expressed in this
blog post are strictly mine and are not necessarily shared by any of the
clients of Tom Alrich LLC. If you would
like to comment on what you have read here, I would love to hear from you.
Please email me at tom@tomalrich.com.
No comments:
Post a Comment