EXECUTIVE SUMMARY:
On March 5th, a cyber attack on the US electrical grid disrupted service in some Western states for 10 hours, according to a report filed with the US Department of Energy.
While the denial of service attack did not cause disruptions to consumers, it did lead to significant concern. The incident “made waves in critical infrastructure security circles as a first-of-its-kind case study,” writes E&E news.
Energy companies fend off run-of-the-mill hackers everyday; an exercise akin to swatting at flies. This attack was of a different nature.
In 2015, Ukraine was hit by a massive attack on the grid, causing widespread blackouts and minor social crises. Utility operators quickly dispatched service workers to manually flip high-voltage circuit breakers, successfully restoring power. Large energy companies in the US are taking precautions and preparing for flipping the grid into “manual mode.”
A collapse of the US electric grid could plunge hospitals without backup systems into dire circumstances, destabilize society’s economic engines (think big tech and Wall Street), and escalate corporate and public debts.
To better protect all stakeholders, the rules that govern reporting cyber attacks to federal agencies are due to change in the near future. Legal gymnastics currently prevent the Department of Energy and the Federal Energy Regulatory Commission from accessing certain privately held information.
This event was reported due to the fact that it “cleared a certain bar of severity…[but there are] undoubtedly many more such events that don’t breach that bar and therefore don’t become public knowledge,” notes an industry expert.
Get the full story from The Washington Post.