The Federal Energy Regulatory Commission (FERC) has ordered the North American Electric Reliability Corporation (NERC) to evaluate current power grid physical security guidelines and develop a report from the findings. The order follows a series of physical attacks on electrical substations in December that left 45,000 people without power for days.
- This is focused on physical security and monitoring of that security. Physical security can be hard, no pun intended, when you learn about not only bypass scenarios, but also common shortcuts such as using a standard lock plate which prevents lock plunger security from properly engaging or motion/heat sensing door releases which are placed so they can be bypassed from the outside. If you’ve not had a physical pen-test recently, it’s not a bad idea to validate your assumptions. Don’t roll your eyes at bypass options, instead look at how they can be mitigated and where your greatest risks lie.
- Recent attacks on electrical substations in both NC and WA serve only to highlight the need for such a review. While the focus rightfully is on the physical security of substations, a review of cybersecurity guidelines should also be conducted. Increasingly we find that OT systems are being connected with IT systems creating a pathway for adversary access.
- Is it too early to conclude from the experience in Ukraine that the power grid might be more resistant to attack from the network than to kinetic attack?
Read more in