As evidence that cyberattacks continue to threaten electric infrastructure in the United States, a report issued on December 14 by cybersecurity firm FireEye indicates that critical infrastructure industrial control systems (ICS) could be susceptible to a new type of malware. FireEye reported that the malware—dubbed “TRITON”—triggered the emergency shutdown capability of an industrial process within a critical infrastructure ICS. This is not the first time that hackers have successfully targeted ICS. In 2013, hackers believed to be operating on behalf of a state-actor managed to take partial control of the Bowman Avenue Dam near Rye Brook, New York. More recently, reports emerged this past summer that hackers gained access to the operational grid controls of US-based energy firms. Because of the destructive potential of these types of breaches, critical electric and other utility infrastructure will remain highly prized targets for future cyberattacks.
As the pace of reported cyberattacks on ICS continues to pick up, scrutiny of electric utilities’ compliance with the Critical Infrastructure Protection (CIP) reliability standards by the Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corporation (NERC) is likely to increase. It is highly likely that electric utilities will receive data requests or informal outreach from FERC or NERC in the near future to determine whether those utilities have similar equipment that could be exploited, and if so, what steps they have taken to mitigate the threat. Even in the absence of such requests, these events provide a good opportunity for electric utilities to test the sufficiency of their CIP compliance programs in identifying and remediating such threats.