North American wholesale electricity providers reporting more cyber incidents, NERC says

According to the North American Energy Reliability Corporation (NERC) annual report, the number of cybersecurity-related incidents at the information-sharing hub of the North American electrical industry has more than doubled in the past year across multiple categories.

Released on Tuesday, the 2021 State of Reliability Report says that once again the NERC – which is the largest in Canada and the U.S.

However, it also notes that the number of incident reports sent by utilities to the Electricity Information Sharing and Analysis Center (e-ISAC) was 96 percent higher than in 2019. A cyber security incident is defined as an incident that can negatively affect an organization. . and was notable enough to report to e-ISAC even if there was no outage or reliability impact

That figure includes:

- a 156 percent increase in vulnerability-related incidents (328 incidents, up from 128 in 2020);

111 percent increase in suspicious activities (956 incidents, up from 453);

A -170 percent increase in ransomware-related incidents (73 incidents, up from 27).

“In addition,” the report said, “the unprecedented COVID-19 pandemic created an increased remote cybersecurity attack surface for the industry due to increased telework.” This requires "greater sharing and collaboration by e-ISAC with all levels of the electricity industry, the governments of the United States and Canada, and more partners than ever before."

The typical energy supplier experiences thousands or even millions of incidents every day, the report also said, "and there are very few of these events."

John Moura, NERC's director of reliability, told reporters at a briefing about the report that last year's revelations of supply chain attacks via SolarWinds' Orion network monitoring platform, where the application's update mechanism was compromised, had serious implications for the industry. was a major concern. It was a wake-up call. .

“The persistence [by attackers] that we have seen recently and the level of sophistication – especially SolarWind late last year – highlights the potential of threat actors,” he said. “This enhances the sense of security posture needed, and I particularly think that the threat of attack and future supply chains has created a great desire in the industry to increase security posture in view of all the variables around the world. "

In fact, the report stated that "with a successful SolarWinds compromise, a new single-attack vector that would effectively mimic a coordinated attack would kill any and all external forces, regardless of their individual scale or impact." will be able to finish." Raises significant concerns about the security of qualified equipment." As a result, NERC's cyber standards for rating high, medium or low impact assets should be reviewed, the report said.

The report does not mention any utility that is suffering from SolarWinds compromise. However, a threat intelligence firm called TruSeq said a US municipal utility showed signs of backdoor compromise on its system.

Cyber and physical security are among the top priorities of North American wholesale electricity providers, he said. “We are seeing in the last year – and the trend over many years – the types of [cyber] threats that we are seeing are the persistence of threats, the number of attack vectors, the more distributed nature of [electrical] systems that are attack vectors. . All of them have increased. Unlike other risks these are more difficult to manage because we are talking about risk actors."

Reliability Risk Preferences

Separately, NERC released its 2021 Reliability Risk Priority Report, which looks at future risks to the North American electric grid. The report said that members of NERC have identified cyber security vulnerabilities as their second biggest threat. The first was the variable resource mix, which included an ever-changing mix of natural gas, solar, wind and other power sources such as power supply to generators.

Moura said cyber threats are "top of the agenda" at energy meetings with the energy industry, government and regulators.