The Security Ledger Podcast

The Security Ledger Podcast


Episode 162: Have We missed Electric Grid Cyber Attacks for Years? Also: Breaking Bad Security Habits

September 25, 2019

In this episode of the podcast #162: according to the non profit that oversees it, the first disruptive hack of the U.S. grid happened in March of this year. Our guest, Joe Weiss, said it really happened more than a decade ago and that hundreds more like it have been overlooked or mis-classified. Also: Rachel Stockton of the firm LastPass* joins us to talk about changing users troublesome password behavior to make companies more secure.

If you believe the headlines, the first known disruptive cyber attack against  the U.S. grid happened on March 5, 2019 when an unidentified actor attacked firewalls at an undisclosed utility that was part of the power grid in California, Utah and Wyoming. The incident cause “brief” outages of internet-facing firewalls that controlled communications between the control center and multiple remote generation sites and between equipment on these sites, according to a report (PDF) released by NERC, the North American Electric Reliability Corporation.

That incident made news in April after the utility reported it to the U.S. Department of Energy and was called “unprecedented.” “A cyberattack is not known to have ever disrupted the flow of electricity anywhere in the United States,” E&E News, an electricity industry publication noted.

But what if the first successful attack on the grid didn’t happen in March 2019, but 15 years ago, in 2004? And what if hundreds of similar cyber incidents -both malicious and inadvertent – had occurred since the turn of the Millennium, but were never labeled as such?

Joe Weiss, Applied Control Solutions

Our next guest, Joe Weiss of  of Applied Control Solutions has been making the case that cyber attacks on North America’s expansive grid are neither new nor are they rare. According to Weiss, there have been hundreds of cyber incidents (he counts more than 300) going back decades.

So how come we haven’t heard about them? Weiss argues that much of the problem is due to how cyber incidents are classified by the NERC, which oversees users, owners, and operators of the North American bulk power system, which serves more than 334 million people. Despite ample evidence of malicious and inadvertent “cyber” incidents that cause power disruptions, NERC and FERC, the federal regulators that oversee it, have a “see no evil” mentality.

Weiss worries that the unwillingness to confront cyber risk is allowing grid operators to ignore mounting evidence that our electric grid is highly vulnerable to cyber attack and manipulation. In our first segment, we welcome Joe back to our podcast to talk about how and why cyber incidents affecting grid operation and reliability are being overlooked. 

Patching Flaws at Layer 8

Security pros like to joke about compromises at “Layer 8” – a reference to the seven layer OSI model. Its a nerdy and amusing way to talk about the “users” -the homo sapiens who are increasingly the targets of malicious actors.

But what is the role of users in ensuring the security of modern organizations? And can even the best trained users be counted on to not become victims?

Rachel Stockton is the director of product strategy a...