Notes from remarks at the 2018 Western Area Power Administration (WAPA) Technology Security Symposium.
Regional electric utilities and cooperatives help form the “front line” to cyber threats against electric power. Threats directed at electric power may spend time, possibly years, gaining access, watching, learning, and testing ideas against smaller utilities before considering larger utilities and power companies. The reason is simple: if there is a mistake, the results are smaller, and possibly less detectable, which keeps operations secret longer. It provides an invaluable training ground. Therefore, localized attacks (even unintentional or accidental) against regional utilities are more likely than a larger “country-wide” disruption commonly imagined because they present less risk to an adversary’s operations, an accidental disruption is possible, and the outcome is likely as useful as a more considerable disruption.
This means electric power-focused cyber threat identification requires attention on all locations, including regional facilities and electric cooperatives, and not just the largest and most prominent. All electric utilities need to focus on four items right now:
The threat is real; our work must start now. But, we’re lucky enough to see far enough into the future to act now and create defensible OT/SCADA environments. We can’t rely on imagination to guide our security decisions. We must use the breadth of threat intelligence to fundamentally understand these threats to electric utilities and react accordingly, otherwise, we risk wasting already-constrained budgets. Work together, understand the threat, and act now – this is how we will defend our networks and our customers.