A simulated attack, named the Aurora Generator Test, took place in March 2007 by researchers investigating supervisory control and data acquisition (SCADA) system vulnerabilities at utility...
Cybersecurity, Part 1
Opportunities and Challenges for State Utility Regulators
Public utility companies touch nearly every person's life on a daily basis through the transmission, distribution and consumption of gas, electricity and water. They also increasingly rely on networked technology to conduct their business.
However, attackers are acting faster, becoming more sophisticated, and getting more strategic in their attacks, including their abilities to navigate the increased complexity and connectivity of critical infrastructure systems.
The U.S. Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) recently reported that the energy sector has become the biggest cybersecurity target in America. The ICS-CERT 2015 Incident Response Statistics Report accounted for two hundred ninety-five energy sector-related incidents last year alone.
Last year, a Lloyd's of London report found that a widespread attack on the U.S. grid could lead to an economic loss ranging from two hundred forty-three billion up to a trillion dollars. Fallout could include a rise in mortality rates, a decline in trade, disruption to water supplies and transportation chaos.
As utility infrastructure becomes increasingly automated, ensuring the security of critical energy infrastructure is becoming a major concern. Not just for the companies that own and operate such assets, but also for the local, state and federal regulators tasked with ensuring the safety, reliability and cost-effectiveness of the services delivered as well.
While state commissioners have not traditionally regulated this area, many are now grappling with the proper role to play. This article examines the evolving role of state regulators in addressing cybersecurity in the energy sector.
It highlights the importance of developing state regulatory processes that promote efficiency, maintain confidentiality, consider affordability and incentivize investment, while ensuring both the cost-effectiveness and security of utility infrastructure.
Where Are We Now?
While some of the first cyber attacks on infrastructure date back to the 1980's, the Stuxnet worm is widely considered to be the most sophisticated contemporary attack. In 2010, it was discovered that the Stuxnet worm had targeted industrial control systems in Iran by installing a highly specialized malware designed to target SCADA systems that controlled industrial facilities such as power plants, dams and waste processing systems.
This allowed attackers to