January 25, 2020 Real Estate Publication

The energy industry practices for a ‘black swan’ cyberattack that could take down the grid

Chris Sistrunk, a grid security expert with cybersecurity company FireEye.

FireEye

More than 6,500 government officials and big players in the energy sector came together this week to conduct a simulated cyberattack on the electrical grid.

The event is called GridEx, and takes place every two years. It imagines the U.S. under attack from a foreign country, through the power grid.

It’s a scenario that planners say is unlikely, a black swan event, but one that could have devastating impacts if it came to fruition. Those ripple effects could go far beyond leaving homes without heat or citizens without smartphones, bringing down big portions of the telecommunications, media and finance sectors. This is why, organizers said, they aimed to gather as many stakeholders as they could to run through how they would respond.

Based in reality

Gridex organizers based the potential attack scenario on real events and intelligence, said Karen Evans, a cybersecurity specialist at the Department of Energy, on Thursday. Countries like Russia, China and Iran have either attacked foreign grids or conducted reconnaissance on the U.S. grid, according to U.S. intelligence agencies.

In 2015 and 2017, intelligence experts have said Russia was responsibile for sporadic outages in Ukraine, particularly around the Christmas holiday season. China and Iran have proven they can gain a foothold on various parts of the U.S. grid. Last year, a saboteur of unknown origin was found to have been tampering with the safety systems of large industrial systems in the Middle East.

The power landscape in the United States operates more like a “quilt” than a grid, said Chris Sistrunk, an electrical engineer who serves on FireEye’s Mandiant industrial controls system consulting team.

That quilt is joined together by a handful of regional hubs, Although it’s dominated by some very large companies, it’s also populated by thousands of regional power co-ops, which often receive far less oversight than the bigger, more critical players.

In all, there are more than 8,000 power plants with various owners and operators in the U.S., according to the Department of Energy. Those include traditional electric utilities, but also hydroelectric plants, oil, rewnewable source plants, natural gas, coal and nuclear facilities.

The U.S. grid also interconnects with Canada’s grid, Sistrunk said, creating an even more complex oversight task across borders.

Plants have operational equipment that is often run on a series of industrial control systems known as Supervisory Control and Data Acquisition systems, or SCADA. These systems are essentially computers that run substations or power controls, and run a huge variety of operating system software. Some power plants use systems that are decades old. Many of them must be retrofitted to connect to the latest internet-enabled devices.

This fragmentation and complexity is why power grid cybersecurity is often focused on minimizing the damage and spread from any single attack to the wider grid.

The GridEx event focused on resiliency. In the imagined scenario, the attack on the Northeast corridor of the U.S. rippled beyond the energy sector to the biggest telecommunications companies and the financial sector, acccording to Tom Fanning, CEO of Southern Company, a gas and electric utility holding company.

Fanning said he has worked with CEOs including Jamie Dimon of JPMorgan Chase, Brian Moynihan of Bank of America and Randall Stephenson of AT&T on understanding the “interconnectedness” of these sectors in the event of a cyberattack on the energy industry.

This type of information sharing that has traditionally proven hardest for the industry, said Eddie Habibi, founder and CEO at PAS Global, a Houston-based industrial control systems security company.

“That’s not something you advertise — that you’ve been compromised — unless it’s noticed by your customers or unless it is required by the government to be reported. One of the things that we have in the industrial sector that has worked really well is self-reporting on safety incidents. We don’t have that yet for cybersecurity, and for good reasons. People don’t want to advertise that they have been compromised. So it is really difficult to know how often people are compromised,” he said.

Follow @CNBCtech on Twitter for the latest tech industry news.

in News
Related Posts

Apple and Microsoft representatives are set to join a meeting on Monday promoting patient access to health data

January 25, 2020

January 25, 2020

Tim Cook, chief executive officer of Apple Inc., speaks during the Apple Inc. Spring Forward event in San Francisco, California....

Trump administration cracks down on counterfeits sold on Amazon and other online retailers

January 24, 2020

January 24, 2020

Amazon.com founder and CEO Jeff Bezos. Getty Images The Trump administration is cracking down on the sale of counterfeits online...

Famed novelist Zane Grey’s Altadena estate asks $3.995 million

January 24, 2020

January 24, 2020

In Altadena, the historic home of famed Western novelist Zane Grey just surfaced for sale for $3.995 million. One of...

Justice Department plans to hold meeting to discuss law crucial to protecting Big Tech

January 24, 2020

January 24, 2020

William Barr, U.S. attorney general, speaks during a Senate Judiciary Committee hearing in Washington, D.C., U.S., on Wednesday, May 1,...

‘Entourage’ creator Doug Ellin lists new-look Beverly Hills home

January 24, 2020

January 24, 2020

Doug Ellin, creator of the HBO drama series “Entourage,” is asking $7.995 million for a Beverly Hills Post Office home...

Google backtracks on design that made search ads look like normal results

January 24, 2020

January 24, 2020

Sundar Pichai, chief executive officer of Google Inc., speaks during the Google I/O Developers Conference in Mountain View, California, U.S.,...

Steph and Ayesha Curry buy luxe San Francisco apartment

January 24, 2020

January 24, 2020

Golden State Warriors star Stephen “Steph” Curry and his wife, Ayesha, have snapped up an apartment in San Francisco’s new...

Senator asks Tesla to rebrand its Autopilot feature because it can confuse drivers

January 24, 2020

January 24, 2020

A Tesla Model S car equipped with Autopilot David Paul Morris | Bloomberg | Getty Images Senator Edward Markey (D-Mass.)...

Whitley Heights home with star-studded past seeks $1.995 million

January 24, 2020

January 24, 2020

With its stunning Mediterranean architecture and sweeping city views, Whitley Heights has housed many Old Hollywood stars over the years....

Intel stock soars to dot-com era levels even as warning signs flash for 2020 and beyond

January 24, 2020

January 24, 2020

Intel CEO Robert Swan speaks at the Rakuten Optimism event in Yokohama, Japan, on July 31, 2019. Tomohiro Ohsumi |...

When the Prince of Wales Is Your Landlord

January 24, 2020

January 24, 2020

NEWQUAY, England — People who move to Nansledan, a new residential community in the southwestern corner of England, must abide...

The High Line’s Latest Starchitect Project

January 24, 2020

January 24, 2020

At Hudson Yards, Thomas Heatherwick gave New York an endless staircase. Now, the creative British designer is set to deliver...

Dealing With Clutter Hangover

January 24, 2020

January 24, 2020

If December is the season of giving, January is typically about unloading. Perhaps your coffee table has become the de...

Intel stock soars to dot-com era levels even as warnings signs flash for 2020 and beyond

January 24, 2020

January 24, 2020

Intel CEO Robert Swan speaks at the Rakuten Optimism event in Yokohama, Japan, on July 31, 2019. Tomohiro Ohsumi |...

Vintage SoCal: Pasadena Craftsman set the stage for the Greenes’ style

January 24, 2020

January 24, 2020

A signature style emerges over time. Brothers Charles and Henry Greene were still evolving as architects in the early 1900s...