The Department of Homeland Security on July 23 held the first in a series of unclassified briefing regarding Russian cyber threats to critical infrastructure including the power grid. A second briefing is scheduled for July 25, with additional ones scheduled for late July and early August.
The Wall Street Journal on July 24 reported on the details of the first unclassified briefing, which provided additional details on an issue that was first raised in 2017, when the federal government notified grid operators of a threat to the energy and manufacturing sectors.
According to the newspaper, officials at DHS said that Russian hackers, “who worked for a shadowy state-sponsored group previously identified as Dragonfly or Energetic Bear, broke into supposedly secure, ‘air-gapped’ or isolated networks owned by utilities with relative ease by first penetrating the networks of key vendors who had trusted relationships” with power companies. The story quoted a DHS official as saying that the hackers “got to the point where they could have thrown switches” and disrupted power flows.
The article noted that DHS has been “warning utility executives with security clearances about the Russian group’s threat to critical infrastructure since 2014.”
In a statement released by the Edison Electric Institute on July 24, EEI Vice President of Security & Preparedness Scott Aaronson commented on cyber activities targeting energy and other critical infrastructure sectors.
He said, “Today’s news is not new news, and there have been no operational impacts to the energy grid from these threats.”
In addition to his role at EEI, Aaronson also serves as the Secretary for the Electricity Subsector Coordinating Council (ESCC).
In July 2017, government and industry officials said that there were no operational impacts from cyber incidents involving the U.S. power sector that occurred last year.
More recently, in March 2018 a joint tactical alert that was the result of analytic efforts between the DHS and the Federal Bureau of Investigation provided information on Russian government actions targeting U.S. government entities as well as organizations in the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.
The alert said that since at least March 2016, Russian government cyber actors targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.
Briefings available through webinars
The DHS briefings on Russian cyber threats to critical infrastructure are accessible via webinar.
The next scheduled webinar that will be held by the DHS National Cybersecurity & Communications Integration Center (NCICC) will occur on July 25, with subsequent briefings scheduled for July 30 and August 1.
Experts from the NCCIC will discuss recent cyber incidents, share mitigation techniques and highlight resources available to protect critical assets.
Additional information about the webinars is available here.
Exercises
As part of its efforts to protect against cyber and physical security threats, the power industry has participated in various incident response exercises, including several national-level exercises.
For example, the power sector in late 2017 participated in GridEx, an exercise designed for utilities to exercise their response and recovery to cyber and physical security threats in a simulated environment.
The exercise, which takes place every two years, allows utilities, government partners and other critical infrastructure participants to engage with local and regional first responders, exercise cross-sector impacts, improve unity of messages and communication, identify lessons learned and engage senior leadership.
The exercise began in 2011 and NERC hosts the GridEx series. The 2017 GridEx, which took place over two days, marked the fourth such exercise. It also included a six-hour executive tabletop exercise.
More than 1,100 public power employees and 53 public power organizations participated in the 2017 GridEx exercise. In 2015, the total number of public power organizations participating in GridEx was 26.
The exercise includes direct engagement among senior federal government officials and leaders from the ESCC.
The ESCC serves as the principal liaison between the federal government and the electric power industry and is comprised of the CEOs that represent all segments of the industry, including investor-owned electric companies, electric cooperatives, and public power utilities in the U.S. and Canada.
Kevin Wailes, administrator and CEO of Lincoln Electric System, serves as co-chair of the ESCC, while Sue Kelly, president and CEO of the American Public Power Association, serves on the ESCC steering committee.
E-ISAC
The power industry also guards against cyber and physical security threats through the Electricity Information Sharing and Analysis Center, or E-ISAC.
E-ISAC, which is operated by the North American Electric Reliability Corporation and functions as an independent group, establishes situational awareness, incident management, coordination, and communication capabilities within the electricity sector through timely, reliable, and secure information exchange.
The E-ISAC, in collaboration with the Department of Energy and the ESCC, serves as the primary security communications channel for the electricity sector and enhances the sector's ability to prepare for and respond to cyber and physical threats, vulnerabilities, and incidents.
The Association has encouraged its member utilities to sign up for the E-ISAC's portal to get alerts and resources to monitor and manage cyber threats.
