Bob Chiarelli was the mayor of Ottawa during the power outage. He's now the Ontario Energy Minister.
From GlobalNews.ca:
“One of the highest priorities of NERC today is cyber security and severe weather events … they’re priority areas but I don’t think there’s 100 per cent comfort in the system yet in those areas,” said Chiarelli. “We see foreign countries invading the cyber security system of embassies in different countries and it’s that type of cyber security that is also a risk to the energy system,” he said. “So they’re upgrading the cyber security on an ongoing basis to ensure that that doesn’t happen.” Ontario’s energy watchdog said the grid’s susceptibility to these threats grew in the years following the blackout.
While the greatest threat to the power grid is still undoubtedly natural disasters, as the 2011 catastrophe in Fukushima demonstrated, a close second is the threat posed by malicious hackers.
“Cyber threats are becoming more and more of an issue… they probably escalated in the last five or six years from where they were in the last seven or eight years, but then so has our readiness,” said Kim Warren, vice-president of operations of Ontario’s Independent Electricity System Operator.
Since the outage 10 years ago, the power industry has implemented a cybersecurity policy overhaul, requiring rapid information sharing between grid operators, companies, and regulators in the event of an attack.
From Reuters:
Gerry Cauley, president of the North American Electric Reliability Corp (NERC), the agency enforcing grid standards, said the power industry has made significant progress to address cybersecurity threats since he returned as president in 2010.
"I walked in the door and I felt a black hole of worry, risk and problems in terms of security. We were not in good shape at NERC or in the industry in terms of understanding what we should be doing and where we needed to focus," Cauley told an industry meeting earlier this year.
"We have been able to turn that around. It has become a way of life for us," Cauley said.
However, there will always be threats to the power supply, and it will never be possible to account for them all, according to senior leadership at government regulatory agencies.
Cyber intrusions and attempted attacks on grid computer systems have increased dramatically over the last decade, according to the U.S. Department of Homeland Security, raising fears of both widespread power cuts and threats to nuclear facilities.
From USAToday:
"This job of reliability is kind of impossible, in the sense that there's just so many things that could happen that it's hard to be sure that you're covering all the bases," said William Booth, a senior electricity adviser with the U.S. Energy Information Administration.
From an environmental perspective, it's fair to say that nobody can accurately predict the weather 100% of the time, and perhaps the weather can even be too severe to be stopped. However, from a security standpoint, a statement like that from a regulatory official doesn't exactly inspire confidence. Time will tell if cybersecurity turns out to be the cause of the next big power outage, but currently, utilities and regulators are making cybersecurity a priority.
One key piece of security software in any industry is a good anti-malware system, and as power companies continue their efforts to protect their systems from attacks, they should be mindful to choose the best security option available. After all, they are protecting one of the most important pieces of infrastructure we have.
It's a threat that needs to be taken seriously. We all remember Stuxnet - an infection that targeted nuclear power facilities. It's not so far-fetched to imagine a similar infection designed to take down an entire section of a power grid. Considering all it took the last time we had a near-nationwide power grid failure was a tree branch touching a power line, imagine what a malicious hacker could do if he really set his mind to it.
Webroot SecureAnywhere Business Endpoint Protection protects against Stuxnet and other infections like it, and it provides the strongest layer of internet security available, backed by 9 billion web page classifications, over 500 million PC, Mac, and Android file determinations, and over 30 million users. If you're a utility company, regulatory agency, or even just a small business that found this article interesting, reach out to us (and mention this article). We'd love to hear from you, and we're sure we can help.
