On November 16-17, 2021 the utility industry conducted its biennial grid security exercise – GridEx VI. The exercise addressed the hybridized attacks of IT and OT networks which included ransomware as well as physical security. The lack of cybersecurity in the grid’s process sensors is a common mode vulnerability that affects both situational awareness and incident […]
Category: Electric
Addressing Chinese-made equipment in the electric industry – a success story
Monday, November 15, 2021 a public utility commission in a hearing on a major new transmission project referenced my blog on the DNI report on Chinese-made transformers, https://www.controlglobal.com/blogs/unfettered/dni-identifies-chinese-transformers-as-cyber-vulnerable-risks-yet-doe-and-industry-ignore-the-threat/ in a question to the utility. In response, the utility stated they would not be using Chinese-made transformers in this project. I consider that to be a […]
The gaps preventing cyber securing physical infrastructures
Physical infrastructures are monitored and controlled using instrumentation and control systems. Instrumentation monitors the processes and control systems control the physics. I have not used the term “critical infrastructure” as these issues apply to any physical infrastructure. Yet, instrumentation and the physics of the processes are often ignored as the focus of security experts is […]
DNI identifies Chinese transformers as cyber vulnerable risks yet DOE and industry ignore the threat
A DNI National Intelligence Estimate states: “Deployment of utility-scale solar and wind technologies in remote areas is likely to require ultra-high-voltage transmission lines to move the power to cities. China is the world’s leading supplier of advanced grid components for ultrahigh-voltage systems, such as transformers, circuit breakers, and inverters, which we assess creates cyber vulnerability […]
Comments to the US Secretary of Energy’s Advisory Board on lack of process sensor cyber security
October 28, 2021, I gave a presentation to the US Secretary of Energy’s Advisory Board (SEAB) on the need for process sensor monitoring. The SEAB meeting can be found at https://www.energy.gov/seab/seab-meetings as well as my prepared presentation. My short presentation is at approximately the 1 Hour 20-minute timeframe. In the SEAB meeting, DOE was looking […]
Electric distribution reclosers can be cyber compromised to cause devastating wildfires
October 13, 2021, the San Jose Mercury News had the following headline: “High-wire act for PG&E: balancing safety, reliability”. PG&E is facing lawsuits and pleaded guilty to 84 counts of voluntary manslaughter in a 2018 blaze that nearly destroyed the town of Paradise. Consequently, PG&E is taking a zero-tolerance approach to “arcing,” which happens when […]
Iran is aware of electric substation cyber threats and vulnerabilities
Mojtaba S. is a project manager, consultant, and industrial security specialist for the Electric Industry of Iran for the past 8 years. His well-written article, “Detecting Cyber Intrusions in Substation Networks,” demonstrates detailed knowledge of electric substation designs, protocols, and cyber vulnerabilities. Russia compromised a US water system and has been in the U.S. grids since […]
Formal response to FERC Complaint EL21-99-000 on Chinese equipment in the US grid
September 13, 2021, I submitted my response to the FERC Complaint EL21-99-000 on the use of Chinese-made equipment for critical equipment used in the US grid. The equipment identified can be used in many other critical infrastructures such as water/wastewater, pipelines, oil/gas, and manufacturing. – https://www.controlglobal.com/blogs/unfettered/formal-response-to-ferc-complaint-el21-99-000-on-chinese-equipment-in-the-us-grid
Do the Chinese “own” our electric grids and other infrastructures?
The national focus on cyber security has been on data breaches including ransomware which is what precipitated the August 25, 2021, White House Cyber security meeting. For IT networks, the focus on data breaches is sufficient. However, the real concern for critical infrastructures is not data breach but equipment damage that can cause very extended […]
What happened at the Taishan Unit 1 nuclear plant in China?
June 14, 2021, CNN reported that the Chinese Taishan Unit 1 EPR nuclear reactor experienced unusual operating conditions. Specifically, Framatome warned of an “imminent radiological threat”. The warning included an accusation that the Chinese safety authority was raising the safety limits for radiation detection limit to avoid having to shut it down. June 16, 2021, […]