You Might Not Want to Know Who’s Minding Our Grid

No one likes a broken record, but I need to be one. The recent revelation of Russians successfully hacking the US electrical grid is alarming, and yet expected. It moves me to ask: Is everyone asleep at the cybersecurity switch here?

In case you’ve been snoozing or on vacation, here is what the US Department of Homeland Security revealed on July 23: hackers working for Russia penetrated hundreds of US electric utility control rooms. The attackers could have caused blackouts. First detected in the spring of 2016, the long-term attacks were executed by hackers working for a Russian state-sponsored group previously known as Dragonfly or Energetic Bear. The hackers were able to penetrate the corporate networks of utility vendors, many of whom were smaller companies without large budgets for cybersecurity. Are we to believe this is the last occurrence of hacking? Not likely—some companies still may not know they have had their facilities compromised.

Too Little, Too Late

My colleagues and I have written about this before (see the Guidehouse Insights reports: Cybersecurity for the Digital Utility, and Managing IoT Cybersecurity Threats in the Energy Cloud Ecosystem), and it is galling that so little action seems to have occurred to foil this activity. In a previous blog, I wondered at the lack of evidence of progress thwarting the bad guys. Now those doubts seem to have credence.

It helps to take a deep breath and get some perspective, yet, at the same time, all stakeholders (utilities, vendors, regulators, the public) must act now. We cannot afford to have the grid hacked and risk losing control to a foreign bad actor, Russian or otherwise. Grid cybersecurity needs to be a top priority, not a lazy afterthought. Let’s outsmart the cyber criminals! Do I need to say that again, like a broken record?