The Electric Utility System Hacking Threat

As the world grows increasingly interconnected, so does the cyber threat of malicious system hacking.  This is not exactly recent news, but the threat of system hacks seems to be growing.  While all utilities are susceptible, electric utilities seem to be most at risk mainly due to the integration of generation, transmission and distribution assets.  Simply put, there are plenty of back doors.

Primer on Generation System Hacking

This article from power-eng.com goes into a lot of detail about how attackers can exploit generation assets, especially as it relates to the vulnerability of bypass valves and steam conditioning valves in combined-cycle plants (those that include both gas and steam turbines).  I will not regurgitate the details here – the article presents several scenarios and diagrams to outline the vulnerability – but it is worth noting that the process seems relatively straightforward which makes it attractive to hackers.

Closing the Gap

The article pontificates that the ability to effectively monitor asset communication networks is critical to reducing this system hacking risk.  This makes sense, because it is tough to detect anomalies without adequate visibility into what is happening.  This is especially true with sophisticated hacking tactics that slowly degrade and compromise system integrity as opposed to the Hollywood hit and run approach.

The article provides data-oriented proof that electric utility system hacking is on the rise, so it would behoove us all to incorporate such scenarios into emergency plans as well as exercises and drills.  The bottom line is that the risk cannot be completely mitigated, but at least we can be prepared for the worst.  Doing so should help get things back on track as quickly as possible in the event of a hack; it certainly can’t hurt!