Experts see ‘unprecedented’ increase in hackers targeting electric grid

The leader of a key information sharing group said Tuesday that organizations involved in the electricity sector had seen an “unprecedented” increase in cyber threats during the COVID-19 pandemic.

“While cyber and physical security has always been a top priority, the events over the past year have really differentiated themselves. … It really has been an unprecedented 12-18 months,” Manny Cancel, the senior vice president of the North American Electric Reliability Corporation (NERC), said during a virtual press briefing Tuesday. 

Cancel also serves as CEO of the Electricity Information Sharing and Analysis Center (EI-ISAC), a key organization used to share threat intelligence from the federal government and private industry with grid owners and operators. 

Cancel noted that the organization had seen a spike in cyber threats during the COVID-19 pandemic due to more employees working remotely. 

“Just over the first quarter of this year, it has dramatically increased,” Cancel said.

“Whether they are nation state actors or cyber criminals, they possess the capabilities to disrupt our infrastructure, so that again underscores the need to remain vigilant. The pandemic created a broader opportunity since it increased our attack vector since everyone was working from home, and we saw adversaries targeting and attempting to take advantage of this across our industry.”

The threat of cyber hacks was illustrated by a major cyber espionage attack on the U.S. — the SolarWinds hack — that intelligence agencies have assessed was likely carried out by Russian operatives. 

The hackers exploited software from IT group SolarWinds to compromise at least nine federal agencies and 100 private sector companies, far fewer than the initial 18,000 SolarWinds customers that might potentially have been impacted. 

Many of these customers were in the electricity sector. Cancel stressed Tuesday that the sector was clearly not the main target of the hackers, due to the lack of successful breaches despite around 25 percent of EI-ISAC downloading the malicious SolarWinds software. 

“Our sector did not appear to be a target of this attack, and as a result we saw no threats that would indicate a compromise or any impact on the reliability of the bulk power system,” Cancel said. “We continue to watch this very closely.”

The cybersecurity of the electric grid has been an area of increasing concern in recent years, particularly as foreign adversaries develop the ability to target critical infrastructure. 

The 2019 Worldwide Threat Assessment compiled by former Director of Intelligence Dan Coats found that Russia, China and Iran were all capable of launching cyberattacks that “cause localized, temporary disruptive effects on critical infrastructure.” 

The updated 2021 assessment released Tuesday found that China still had the ability to “launch cyber attacks that, at a minimum, can cause localized, temporary disruptions to critical infrastructure within the United States.”

The Government Accountability Office also stressed in a report released last month that distribution systems within the U.S. grid are increasingly vulnerable to cyberattacks.

The Biden administration is currently working on a plan to secure critical infrastructure against attacks.

Members of Congress on both sides of the aisle have stressed the need to address threats to the grid, with one key lawmaker pushing for inclusion of language on cybersecurity in Biden’s infrastructure proposal.