The threat of cyber attack is a very real issue with serious implications for U.S. energy companies and government agencies and the threat is as likely to come from a trusted employee, a disgruntled former employee or a business rival as from a terrorist attack, computer hackers or even solar flares, a Federal Energy Regulatory Commission (FERC) official said on Platts Energy Week.
“Although there are some people who are intent on interrupting or damaging equipment…there are also financial incentives for criminals,” said Joseph McClelland, director of FERC’s Office of Electric Reliability.
Cyber attacks can be used by technically savvy customers to lower their bills or by business rivals to leak information on an energy company’s product line or its financial performance – information that could be detrimental to energy companies’ business negotiations and overall growth, he said.
“It’s interesting to note that many of these penetrations come from insiders – trusted employees who have access to this type of information or these control systems,” McClelland said. As a result, “some of the best practices” that energy companies can deploy to protect themselves from cyber threats “are already tried-and-true practices” that include installing software updates, monitoring network traffic for unusual or suspicious activities, and closing accounts that may have expired or were for former employees.
McClelland cited an Oak Ridge National Laboratory study sponsored by FERC, the Department of Energy and Department of Homeland Security that evaluated the effects of either a solarmagnetic disturbance or man-made weapons on the power grid. Among the findings was that such events could result in a loss of power to 130 million customers as long as four to 10 years.