Grid Security

I’m worried. No, not about my weight. I’m doing as well at that as I am with getting younger. And just to be clear, I’M NOT GETTING YOUNGER.

What worries me is what happened to Sony pictures recently. In case you missed it, they were brutally and ruthlessly attacked by what I (and many others) believe was the government of North Korea in retribution for the Sony movie The Interview.

In the movie, Seth Rogen and James Franco are recruited by the CIA to assassinate North Korean dictator Kim Jong-un. The two have a hit TV show, and Kim Jong-un is a huge fan. To enhance their journalistic credentials, they get an interview with him, at which point the CIA intervenes and tries to recruit Rogen and Franco to assassinate the Beloved Leader. As they are totally incompetent and inept, the plan is doomed from the beginning, and it falls apart with hilarious consequences.

Kim Jong-un was not amused. Though he denies it, it is pretty apparent that the North Korean state’s cyber army was directed to attack Sony. Sony has released few details, but this event is thought to be the most destructive attack yet on a US company. It is likely that the attack knocked much of Sony’s network off line with malware that wipes the drives of PCs. A lot of Sony’s intellectual property, including unreleased movies, is thought to have been stolen during the attack. Apparently, the cyber attackers had free rein inside Sony’s network. Sony likely will never release the complete details of what they lost (if they ever really know).

This reminds me of the attack on the PG&E Metcalf substation in April of 2013. Not much was made of that attack as destructive as it was, since the Boston Marathon bombing occurred the day before. This attack was well organized, well planned and well executed. Communications cables were cut and a large number of rounds from high-powered rifles were fired at the generator in an apparent attempt to make it explode.

The electrical substation was disabled for nearly a month, with repairs costing several million dollars. It could have been much worse. There are only one or two suppliers of massive generators like this in the world, the largest of them in South Korea. Making one is not an overnight endeavor. Replacing a group of them, disabled in a coordinated attack, would be impossible.

Luckily, the Metcalf attack occurred in the middle of the night when power demand was low, and the utility was able to reroute electrical power. FERC (Federal Energy Regulatory Commission) chairman Jon Wellinghoff called the attack the most significant incident of domestic terrorism against the electrical grid ever. No one was ever arrested. The case remains unsolved.

Security of our country’s infrastructure and our production facilities is going to become increasingly important in the years ahead. I predict that some major manufacturer or plant will be targeted for cyber destruction in the near future. I hope such an attack does not succeed.

When that happens, I think we will all realize how poorly we have planned for that type of situation, how inept our defenses are, and how long it will take to secure our companies’ infrastructure and intellectual property. Technology has increasingly made more communication with less security more common in our lives. There is no stopping that, but it may have some severe consequences in the future.

It’s something that RTA is going to seriously address in 2015. Our products provide data transfer between the factory floor and devices on the other side of the factory firewall. We are going to do everything we can to provide you with products and services that can make your systems safer and more secure.

John