DHS climb-down over grid hacking warning, gift still sort of giving

Not even a week after we covered its stern warning, the DHS has begun scaling back the apparent severity of hackers in the grid. In stark contrast to the claimed ability to “throw switches” on critical equipment, the US Department of Homeland Security (DHS) has walked back the threat, saying that the only energy asset that hackers have managed to successfully access was a renewable energy generator that would not disrupt the grid if it was taken offline.

At the National Cybersecurity Summit, DHS Undersecretary Christopher Krebs said explained the actual abilities, dousing the alarmist warnings that had appeared in the Wall Street Journal and public webinar. At the same show, Southern Company CEO Tom Fanning said that such cybersecurity threats do not constitute an emergency that would require intervention to save coal and nuclear plants – a political angle that some fear the current US government is trying to push for, under the remit of Energy Secretary Rick Perry.

The DHS webinar said that multiple utility control rooms had been penetrated, and that there have been hundreds of victims of such grid cyberattacks. When challenged at the convention, Krebs said that some context was missing, and agreed that these attackers were not in a position to launch widespread attacks.

Krebs said that the webinar had focused on a successful but very targeted attack at a renewable energy source, rather than the base-load generation from a coal or nuclear plant. Speaking to Utility Dive, Southern’s Fanning said that he thought the hackers had got into one or two wind turbines, in a very limited attack, clarifying that “they never got the ability to interface with the broad electric infrastructure.”

So, this is where the politics comes in. The Department of Energy (DoE) was ordered by the Trump administration in March to investigate a way to keep coal and nuclear plants that are due for retirement online, on the basis that they are less vulnerable to outages than gas plants – due to the required supporting pipelines that could feasibly be destroyed or obstructed.

It will come as no surprise that there have been cries of corporate lobbying and vested interests, especially so from the renewable energy community that sees battery storage, grid optimization software systems, and solar and wind as the future. To these, the DoE proposal smacks of cronyism and protectionism, propping up a dying industry at the expense of both the consumer and the environment.

In that perspective, the DHS is being used as a tool to further this narrative. However, there are many business objections to this plan, as well as environmental and consumer objections, and so it will be important to gauge the DoE’s reaction to the push-back from the likes of Southern. Gas was already killing off coal quite easily, and so the utilities don’t want to be burdened by coal plants – no matter how beautiful or clean that coal is claimed to be.

For the grid operators, there is a need to get on with the hard work of implementing storage and communications technologies, in order to pave the way for what looks like the inevitable victory of renewable energy. For these types, regulations that prop up unviable coal plants is not helpful, and potentially detrimental.

Such government rules certainly benefit the coal plant owners, but for the rest of the distribution network, any additional spending on a dying source is effectively wasted. The same can be said for older nuclear plants too, although some newer designs could certainly be useful in terms of generating base-load requirements. However, nuclear plants have never really gotten over the stigma of Chernobyl, and more recently Fukushima, and so there’s little political appetite for them – as seen in Germany’s shutdown.

The DHS might be wrong about the current capabilities of such hackers, but the sophistication of the attacks is only going to increase in time. Attacking the supply chain to infiltrate control rooms seems to have proven a viable tactic, which will likely lead to the requirement for specialist integrity and auditing services – a market that could swell thanks to the likely demand for their services.

However, the community response to the idea of national or state-wide blackouts has been pretty critical. Collectively, they think that the DHS is way off the mark. But the DHS maintains that these attackers are currently probing for weaknesses, and so it is in everyone’s interest that the utilities and grid operators take a very good look at their weak links and redundancy measures.