There is still a lack of cyber resiliency of the electric grid

Feb. 28, 2018

October 10, 2016, I wrote a blog: “The NERC CIPs continue to expose the grid to significant cyber vulnerabilities even after the Ukrainian hack” This was because NERC, DOE, and DHS had effectively ignored the 2015 attack as it was against the distribution system. Ironically, two months later, the second Ukrainian cyberattack was against the transmission system. In both cases, the attack was step 1 of the 2 steps of Aurora. Enclosed are examples of what is not happening.

October 10, 2016, I wrote a blog: “The NERC CIPs continue to expose the grid to significant cyber vulnerabilities even after the Ukrainian hack” - https://www.controlglobal.com/blogs/unfettered/the-nerc-cips-continue-to-expose-the-grid-to-significant-cyber-vulnerabilities-even-after-the-ukrainian-hack/. This was because NERC, DOE, and DHS had effectively ignored the 2015 attack as it was against the distribution system. Ironically, two months later, the second Ukrainian cyberattack was against the transmission system. In both cases, the attack was step 1 of the 2 steps of Aurora. So what has happened in the interim to make the grid more cyber resilient?

- There is still no security in any Purdue Reference Model Level 0,1 device (process sensors, actuators, or drives). These devices are out-of-scope for NERC CIP. ISA99 has initiated a working group to address this issue, yet there is almost no electric utility participation in this effort. Iran is aware of this deficiency.

- There is a lack of monitoring of these devices before they become Ethernet packets to determine if the input to the ICS/SCADA network and associated network monitoring is uncompromised AND correct.

-  Utilities are still not adequately addressing Aurora despite the Aurora information having been declassified. At the 2016 ICS Cyber Security Conference, a demonstration was given of hacking an Aurora hardware mitigation device (SEL751A) and effectively turning into an Aurora initiation device.

-  A utility lost all relay communications to almost 400 high voltage relays and SCADA was not aware of the loss of relay communications.

Where is the cyber resiliency of the electric grid?

Joe Weiss

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.