As the threat of cyberattacks on the nation’s electric infrastructure grows, Clark Public Utilities customers should rest assured no hackers have their digital fingers on our light switches.
“Fortunately, we have not been targeted by a nation/state, criminal or activist adversary beyond receipt of a random assortment of spam and common viruses circulating on the Internet,” said utility spokeswoman Erica Erland. “We have defenses in place as well as a rigid protocol in place in the event we detect an attack to limit any incursion into our digital environment — and to mitigate it when it does occur.”
All good news, except that hackers’ abilities to compromise utility networks and plunge cities into darkness is constantly improving. That just means utilities need to remain vigilant to protect against such advances.
At Clark Public Utilities, efforts are evolving in software, firewalls, detection systems, email filtering, encryption and network separation and more.
“A key area to emphasize is regular employee training on cybersecurity so that employee awareness of threats remains strong,” said utility Director of Information Services Mike Harris. “We also participate in cyber information security-sharing programs as we are alerted to emerging threats that specifically target the utility sector.”
The county utility says it has met all standards from the North American Electric Reliability Corp. while dozens of other utilities in the country have been fined for security or engineering violations, data show.
Beyond a backup dispatch center, security reporting and training, Clark Public Utilities is currently implementing physical security and monitoring upgrades as well as “formal plans and procedures” to address the cyberthreat.
Yet Clark Public Utilities is a small fry compared to the federal Bonneville Power Administration, which markets the power generated at dams on the Columbia River. About 60 percent of Clark Public Utilities’ power is bought from the agency.
The BPA, with regional headquarters in Portland, also owns a majority of the high-voltage infrastructure in the Northwest.
“We take all potential threats to cybersecurity seriously,” agency spokesman Kevin Wingert said. “We have increased the budget for the Office of Cyber Security at BPA and added eight federal employees and a full-time, 24/7 monitoring and analysis capability.”
The BPA’s Ross Complex in Clark County is a major generation and control center for the region, and an attack there could have far-reaching effects.
Wingert did not say if BPA has been subject to a successful cyber intrusion, but said an attempt is “less important than the technique or method behind it.”
One of the ways the BPA is protecting itself from an attack, then, is getting inside the mind of a hacker and blocking all possible digital entrances.
“We strongly believe that in order to prepare for or mitigate the risks of attacks, it is necessary to conduct the same offensive research as the bad guys,” Wingert said. “That means attacking ourselves, so to speak, or penetration testing on a different level.”