Home > Critical Infrastructure Security, SCADA Security, SMART GRID > High Impact, Low Frequency Risks to the NA Power Grid

High Impact, Low Frequency Risks to the NA Power Grid

NERC issued a report that speaks about the challenges posed by ‘High Impact, Low Frequency Risks’ on the Power Grid.

Although the report is not exclusive to cyber attacks, I will try and highlight the areas of interest to people like me, cyber security fanatics.

Attack Window

Attack Window

Snippet from page 10/11

The risk of a coordinated cyber, physical, or blended attack against the North American bulk power system has become more acute over the past 15 years as digital communicating equipment has introduced cyber vulnerability to the system, and resource optimization trends have allowed some inherent physical redundancy within the system to be reduced. The specific concern with respect to these threats is the targeting of multiple key nodes on the system that, if damaged, destroyed, or interrupted in a coordinated fashion, could bring the system outside the protection provided by traditional planning and operating criteria. Such an attack would behave very differently than traditional risks to the system in that an intelligent attacker could mount an adaptive attack that would manipulate assets and potentially provide misleading information to system operators attempting to address the issue.

it also adds:

While no such attack has occurred on the bulk power system to date, the electric sector has taken important steps toward mitigating these issues with the development of NERC’s Critical Infrastructure Protection standards5, the standing
Critical Infrastructure Protection Committee6, and a myriad of other efforts. More comprehensive work is needed, however, to realize the vision of a secure grid. Better technology solutions for the cyber portion of the threat should be developed, with specific focus on forensic tools and network architectures to support graceful system degradation that would allow operators to “fly with fewer controls.” Component and system design criteria should also be reevaluated with respect to these threats and an eye toward designing for survivability. Prioritization of key assets for protection will be a critical component of a successful mitigation approach.

The report reflects a significant shift in industry specific standards by referencing active security monitoring, security intelligence and specially designed forensics tools.

You can download a copy of the (120 pages) report here

HILF- NERC Report

HILF- NERC Report

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: