27_APrimer_1500x679-1
Richard E. Harrison

A Primer On How Utilities Plan To Handle Grid Attacks

A recent Wall Street Journal article reports that Russian hackers have been actively seeking to infiltrate utilities across the U.S., Canada and the U.K. According to an industry expert quoted in the article, at least 60 utilities have been targeted. Over 20 were breached. In at least eight cases, it is believed that adversaries accessed utility industrial controls systems.

The threat of a debilitating grid attack is increasing. So, if cyberterrorists are successful in their efforts, do utilities have an emergency plan in place? 

Indeed they do. It’s called the Cyber Mutual Assurance Program. And to understand how it came about and what it entails, you’ll need to know all the acronyms.  

Let’s start with the NERC.

NERC is the North American Electric Reliability Corporation. It’s a not-for-profit regulatory authority that assures the reliability of the bulk power system in North America. NERC conducts biennial grid security and emergency response exercises known as GridEx. During these sessions, cyber and physical security attacks that would impair the grid’s operational reliability are simulated. Utility executives then discuss and demonstrate how they would respond to these situations.  

More than 4,400 individuals from 364 organizations across North America took part in the November 2015 GridEx III. At that time, no utility in the world had ever been disabled by a cyberattack.

Five weeks later, three Ukraine power distribution centers were cyberattacked, leaving 230,000 residents in the dark. It was the first confirmed hack to bring down a power grid.

The Ukraine incident was more than a warning shot for utilities around the world; it was a wake-up call. By February 2016, the Edison Electric Institute was hosting a two-day task force meeting for electric utility personnel. The goal was to discuss approaches to implementing an industry-wide mutual assistance program to handle cyberattacks. By 2017, GridEx IV had expanded to 6,500 participants representing 450 organizations, with industry law enforcement and government agencies participating.

Enter the ESCC.

That would be the Electric Subsector Coordinating Council. The electric power industry created this CEO-led partnership to coordinate security strategies with the federal government and other stakeholders.

Enlightened by what happened in Ukraine and recommendations made at GridEx drills, the ESCC spearheaded the creation of the Cyber Mutual Assistance (CMA) Program. This initiative provides “surge capacity” to utilities unable to serve customers due to cyberattacks.

Administered by the ESCC, the program establishes a framework for the voluntary sharing of IT and cybersecurity resources. This would include both proactive information-sharing and remedial resources for responding to events.

So how does the CMA Program work?

Participation in the CMA Program is entirely voluntary and costs nothing. However, each participant must do two things:

            • sign a mutual non-disclosure agreement (NDA) that ensures protection of information

            • designate a CMA Coordinator.

(While not mandatory, participants are also encouraged to sign a standardized contract that provides terms and conditions for engagement between utilities. This agreement covers items like travel costs, labor fees and safety measures.)

A CMA Coordinator is responsible for assessing relevant cyber resources, considering and responding to another participating entity’s request for assistance, and making any requests on behalf of the entity the coordinator represents.

If a cyber emergency occurs, it’s the participant’s CMA Coordinator who seeks assistance from one or more CMA Coordinators. This request can be made in response to a particular cyber emergency or in advance of a threatened or anticipated attack. Assistance may include services, personnel and/or equipment.  

Coordinators receiving an assistance request must assess their entity’s relevant cyber resources and then decide whether to respond to the entreaty. 

It’s no surprise that participation in the CMA Program – which now includes gas utilities – is growing.

As of February 2018, more than 140 utilities, companies, cooperatives and operators entities take part in the program. These entities cover approximately 80 percent of U.S. electricity customers, nearly 75 percent of U.S. domestic natural gas customers, and about 1.25 million electricity customers in Canada.

For more information about the CMA Program or to become a participant, please visit www.electricitysubsector.org/CMA or contact cma@electricitysubsector.org.

The electric grid is transforming rapidly with an ever-expanding ecosystem of partners looking to connect to a plethora of new assets. While the CMA Program focuses on recovering from a cyber emergency, the electric industry is taking other steps to proactively protect the electric grid. Dispersive is proud to be part of the solution that delivers the standardized, secure, reliable and high-performance connectivity that utilities and grid operators require.

We welcome the chance to talk with you about all this. Email us at info@dispersivegroup.com or call us at 1-844-403-5850