U.S. Powergrid Vulnerable Says Congressional Report

Cyberattacks affecting the US powergrid are apparently much more common that previously thought.

According to a new congressional report one utility reported 10,000 attempted attacks every month. Apparently utilities, including Investor-Owned Utilities (IOU), are still struggling to come into NERC compliance, which does not necessary address cyber security issues. The report found: "NERC has established both mandatory standards and voluntary measures to protect against the computer worm known as Stuxnet. Of those that responded, 91% of IOUs, 83% of municipally- or cooperatively-owned utilities, and 80% of federal entities that own major pieces of the bulk power system reported compliance with the Stuxnet mandatory standards. By contrast, of those that responded to a separate question regarding compliance with voluntary Stuxnet measures, only 21% of IOUs, 44% of municipally- or cooperatively-owned utilities, and 62.5% of federal entities reported compliance."

This tracks closely to what Joe Weiss told me in a recent DeviceLine Radio interview. He said "I am working with the only electric utility in the United States that I am aware of that number one, is doing an Aurora hardware mitigation project, and is willing to be a test bed for evaluating control systems cybersecurity solutions, because this particular utility, this is the ultimate irony, it’s small enough that it doesn’t have any NERC Critical Cyber Assets, which means it can be an engineer and do the right thing. Isn’t that an incredible statement, that arguably about the only utility in the United States that is going to be secure or trying to be secure is doing so because they don’t have to meet the NERC CIPs?"