• Home • About Us • Contact Us • Become A Member • 
 
Menu
· Home
· Join Michigan Green
· Member Directory
· Our Mission
· Calendar
· About Us
· Our Services
· Board Members
· Contact Us
· News Archive
· Search
· Topics
Search


Other Pages

· Mercury Information
· Publications
· Energy Saving Tips
· Michigan Green Fund
· Michigan Incentives

Bookmark and News Feed


AddThis Social Bookmark Button

AddThis Feed Button

Old Articles
Tuesday, August 12, 2008
· ACEEE Introduces a New State Energy Efficiency Policy Resource
Monday, August 11, 2008
· Net zero electric building is model for federal facilities
· Burning Biomass
Friday, August 08, 2008
· Letters from Readers - August 7, 2008
· EU Solar Market Catching Fire
· Seminar Urges Smart Energy Use
Thursday, August 07, 2008
· Doyle wants Wisconsin's downtown power plants to go coal-free
Wednesday, August 06, 2008
· Citizens Urge Against 11.2% Gas Rate Hike by PECO
· Building Momentum to Go Green
Monday, August 04, 2008
· Re-thinking Energy Savings

Older Articles
Controlling Hackers 
Food For Thought

October 29, 2007

Violent lunatics bent on the destruction of western civilization are one thing. Silent computer hackers who can whittle away at the nation's infrastructure are another.

Federal and industry experts say that the technology that allows utilities to run their operations is more vulnerable now than ever before. Because those networks are becoming increasingly standardized and linked to other centralized systems, they can be more easily breached and the resulting disturbances can be enormous.

The spotlight is on control systems, which can be used to manage and run the generation, transmission, and distribution of electric power. Basically, that hardware and software collects operational data from the field before processing and displaying it. That information is then relayed to local or remote equipment.

"Over the past few years, federal agencies have initiated efforts to improve the security of critical infrastructure control systems," says Greg Wilshusen, director of information systems for the Government Accountability Office. "However, there is as yet no overall strategy to coordinate the various activities across federal agencies and the private sector. Further, the Department of Homeland Security (DHS) lacks processes needed to address specific weaknesses in sharing information on control system vulnerabilities."

Consider the Browns Ferry nuclear plant in Alabama: In August 2006, two recirculation pumps at Unit 3 tripped and forced the unit to be manually shut down. The loss of the pumps was then traced to excessive traffic on the control systems, possibly caused by the failure of another device. Therein illustrates the agency's point, which is networks are more susceptible to attack - whether intentional or not - as they become increasingly interwoven through the Internet.

In 2003, the National Strategy to Secure Cyberspace reported that the disruption of control systems could have significant consequences for public health and safety and made securing these systems a national priority. It then directed homeland security and the Department of Energy to work with industry to increase awareness and to recommend steps to safeguard the nation's computer networks.

Toward that end, Congress had asked accountability office to make further suggestions. At a congressional hearing recently held, it suggested that the DHS develop performance measures and overall goals. It also said DHS should establish a rapid and secure process for sharing sensitive control system information with vendors, owners and operators.

For its part, the electricity industry has recently implemented standards for cyber security while a gas trade association is preparing guidance for members to use encryption to secure control systems.

Guard Up

It's widely acknowledged that the transmission system has vulnerabilities ranging from overt terrorist activity to random computer hackers. Regulators now have their guard up. The National Association of Regulatory Utility Commissioners, for instance, has formed a permanent committee to educate members through workshops and conferences as well as to develop tools to coordinate planning, prevention and response protocols among all relevant federal, state and local entities.

"Our mission has evolved beyond emergency planning and responsiveness, such as terrorism and hurricanes," says Sandra Hochstetter, former chair of Arkansas Public Service Commission, chair of the commissioners' committee. "This committee will be proactive in terms of identifying needed improvements to our nation's utility infrastructure and making it more resilient and less vulnerable."

Because electric transmission grids are interconnected, a failure at one critical point could trigger a partial collapse of the system. The 2003 Blackout, for example, proved that a non-malicious failure of a transmission line could cause 50 million people to go without power. Similarly, the wholesale market-a network of transactions and interdependencies-depends upon a reliable transmission grid and all the hardware and software that make it run efficiently.

In a simulated attack, folks at the Energy Department's Idaho National Laboratory were able to maneuver their way into a power plant control system and subsequently cause the destruction of those operations. The threat, however, is more than theoretical. In October 2006, a foreign hacker penetrated security at a water filtering plant in Harrisburg, Pa. The intruder planted malevolent software that infected the water treatment program there.

The Energy Department has designated the North American Electric Reliability Council as the electricity sector coordinator for critical infrastructure protection. It now works closely with homeland security and the Public Safety and Emergency Preparedness of Canada to ensure integrity of every power plant and transmission line.

The council adopted its cyber security standards in 2006, which have been incorporated into the nation's electric reliability standards. Among the many requirements listed, each utility should prioritize its facilities and assets as well as characterize potential risks based on historical accounts. Furthermore, emergency plans should be prepared and practiced. A failure to meet the council's benchmarks could result in being denied the privilege of participating in the wholesale market, or the right to buy and sell power as well as interface with systems that do transact commerce.

"It's not easy to hack your way in but with the linkage of more and more networks to the Internet, companies' risks are increasing," says Kevin Perry, former chairman of the NERC Critical Infrastructure Protection Advisory Group, in a prior talk with this writer.

Much has been done. And more is necessary. But, now, federal and state policymakers are beginning to get in synch with industry to create protocols to deter the disruption of critical infrastructure. According to the experts, vigilance, communication and coordination are the keys to staying one-step ahead.

More information is available from Energy Central:

Securing the Enterprise - Cyber Threats Grow, EnergyBiz, May/June 2007

Sierra Energy Group Report Series

Respond to the editor. Ken Silverstein EnergyBiz Insider Editor-in-Chief
Read Ken's Blog
Posted on Monday, October 29, 2007 @ 08:01:40 EDT by webmaster
Sorry, Comments are not available for this article.
 
Bookmark and News Feed


AddThis Social Bookmark Button

AddThis Feed Button

Related Links
· More about Food For Thought
· News by webmaster
Most read story about Food For Thought:
Corporate Board's New Faces
Article Rating
Average Score: 0
Votes: 0

Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad
Options

 Printer Friendly Printer Friendly
Associated Topics

Energy News

 

Michigan GREEN
1215 Ludington Avenue
Escanaba, MI 49829
Ph: 888.473.5444
Fax: 866.430.8361

Michigan Green © 2007