Experts warn of escalating grid security issues after PG&E break-in

 
Brief:

  • Federal law enforcement agents are investingating a break in at a Pacific Gas and Electric Co. substation in March, but the event has raised broader concerns about grid security issues and the industry’s ability to guard its infrastructure.
  • Experts told SNL the power industry needs to better protect its systems, and at this point the country is essentially “waiting” for a serious breach to occur.
  • The Federal Bureau of Investigation is looking into the break in at PG&E’s Westpark substation, where an intruder disabled monitoring and control technology before escaping.

Insight:

Utility substations have been targeted by physical attacks before, often including the theft of equipment or valuable metals. Another PG&E’s substation was targeted in a notorious in a sniper attack in 2013 as well, when 17 transformers were disabled. And cyber attacks are rising through the ranks of utility concerns, according to a survey earlier this year Black & Veatch. The firm’s poll of the electric industry’s strategic direction showed internet and data concerns now rank fourth in company’s concerns, up from sixth the previous year.

But the attack two months ago on PG&E’s Westpark substation represents a new kind of threat, security experts told SNL, combining physical vulnerabilities with network-enabled threats. The attackers, the news outlet reported, entered the substation control room and disabled supervisory control and data acquisition before damaging communications and other equipment.

The fact that [someone] targeted the SCADA and control system equipment is kind of a big deal,” Mark Weatherford, principal at the Chertoff Group, told SNL. It leaves open the possibility that intruders could perpetrate hacking crimes not through the internet, but through physical vulnerabilities at power facilities themselves.

Federal regulators are working on the issue; in 2014 FERC adopted new cybersecurity standards regarding critical infrastructure and reliability standards for guarding against physical threats.