Skip to main content
close search
site logo
Dive Brief

NERC to analyze first potential cyberattack on US grid

Published May 10, 2019
By
HJ Mai
Adobe Stock

Dive Brief:

  • The North American Electric Reliability Corporation (NERC) told Utility Dive it will conduct a root cause analysis to determine what caused a utility to temporarily lose visibility to certain parts of its supervisory control and data acquisition system.
  • The March 5 cyber event, reported last month by E&E News, resulted in interruptions of electrical system operations across several states, including California, Utah and Wyoming.
  • The electric disturbance report, filed by one of the affected utilities, suggests that this is the first time remote hackers interfered with U.S. grid networks. But the event had no impact on generation and there was no evidence to suggest malicious intent, NERC said.

Dive Insight:

Cybersecurity and resiliency are garnering a lot of attention in the utility industry. As the potentially first cyberattack on the U.S. grid, the incident is a reminder that more has to be done to protect America's power infrastructure against an increasing threat.

Due to the secrecy surrounding cyberattacks in the industry, specific details about the incident remain confidential. 

"Currently, there is no information that would lead us to believe the March 5 event — which had no impact to generation — had malicious intent," Kimberly Mielcarek, spokeswoman for NERC, told Utility Dive. "Whenever a loss of visibility occurs, a root cause analysis is done."

NERC said it is working closely with the Federal Energy Regulatory Commission (FERC) and Western Electricity Coordinating Council (WECC) on the analysis. 

FERC did not provide any additional information, while WECC did not respond to a request for comment.

The lack of transparency in this event further proves why the current system needs to be reformed, Tyson Slocum, Public Citizen’s energy program director, told Utility Dive.

"[T]he current secretive nature of the way that NERC presides over these problems needs to be reformed," he said.

Some changes are occurring, though not enough for Slocum.

Current cybersecurity standards rely on self-reporting and self-regulation. Frustrated by utilities' reluctance to report cyberattacksFERC commissioners last year started broadening the definition of what constitutes a reportable incident.

"The utility industry has, unfortunately, demonstrated that it lacks the credibility to continue to be trusted with self-regulation," Slocum said. "And NERC, by virtue of steering committees and boards dominated by utility interests, has also demonstrated that it lacks the independence needed to effectively oversee utilities."

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
Heat Pump Assisted Water Heater Technology Could Make Big Lift
From Energy Solutions
November 07, 2024
General Atlantic’s BeyondNetZero Fund and TA Partner to Drive Continued Growth of Technosylva
From Technosylva
November 21, 2024
Puget Sound Energy Maximizes Consumer Participation in Rates Engagement Pilot Powered by Uplig…
From Uplight
November 12, 2024
Utility Broadband Alliance 2024 Summit & Plugfest Shatters Attendance Milestone
From Utility Broadband Alliance
November 21, 2024
Editors' picks
Latest in Generation
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell