On November 16-17, 2021 the utility industry conducted its biennial grid security exercise – GridEx VI. The exercise addressed the hybridized attacks of IT and OT networks which included ransomware as well as physical security. The lack of cybersecurity in the grid’s process sensors is a common mode vulnerability that affects both situational awareness and incident response plans. Aurora is a gap in electrical grid protecting that can render the grid inoperative for 9-18 MONTHS by damaging expensive and difficult to replace machinery. It can also damage natural gas compressor stations. The Chinese hardware backdoors represent a supply chain compromise that can lead to unanalyzed grid disturbances affecting major population centers. Yet hardware supply chain issues were not addressed. Why won’t the utilities adequately address what is their most important function which is keeping the lights on?
