News

If 25% of US utilities downloaded the malicious SolarWinds software, could the grid go down Ukraine-style?

If 25% of US utilities downloaded the malicious SolarWinds software, could the grid go down Ukraine-style?

By Jennifer Runyon, Clarion Events Content Director

According to the North American Electric Reliability Corporation (NERC), about 25% of its 1500 registered entities – comprised of users, owners, and operators of the bulk power system in North America – indicated that they downloaded the impacted version of the Orion SolarWinds platform.

The utilities voluntarily reported to NERC that they had downloaded the malicious software while performing routine updates to their systems. They said this in response to an Alert issued by NERC in December 2020 after the SolarWinds breach was discovered. A spokesperson for NERC explained in an email that NERC regularly issues alerts “to gather data from entities about reliability or security issues.” NERC then analyzes the information it receives and sends its findings back to the entities to “raise awareness and help them develop mitigation strategies,” the spokesperson said.

“Helping our members to successfully prepare for and rebuff cyber and physical attacks is largely based on the insight gained through this voluntary information sharing from asset owner operators and partners,” the spokesperson added.

The SolarWinds Orion platform is used by large entities including the U.S. government. Scott Sternfield, Chief Technology Officer with Agile Inclusion and Chair of the Cybersecuring the Grid Educational Track at DISTRIBUTECH International, said he wasn’t surprised to learn that roughly 345 U.S. utilities are now at risk.

“Solarwinds is a very popular product for managing large IT networks (which utilities are),” he said in an emailed statement, adding, “The latest versions of the software were affected until the discovery date, so utilities who were following industry best practices of keeping their software up to date still ended up impacted.”

Could the Grid Go Down?

In December 2015 three Ukraine distribution utilities were cyber-attacked resulting in a massive power outage. This was the first known cyberattack on a powergrid and set a scary precedent for utilities worldwide.

Cybersecurity experts Lila Kee, General Manager of GlobalSign North and South America, and Richard Brooks, CoFounder of Reliable Energy Analytics, both said in an interview that the threat of a catastrophic event in the US is very real now that the malicious actors have already breached utility networks.

“I would say this is a vulnerability that leads to a big exposure to the grid, especially in terms of ransomware, said Kee.

Malicious actors could be anywhere said Brooks, “they can be sitting dormant just waiting for a message to arrive.”

The two agree that stopping an intrusion before it occurs is key and recently authored an article for POWERGRID on the importance of understanding your software bill of materials (SBOM).

“Once they are walking around in the network, it’s too late,” said Kee. Brooks added that a software attack this sophisticated is exceedingly difficult to eradicate so having a business continuity plan is essential.

“It’s a really hard problem to solve,” said Brooks.

How Can Utilities Safeguard their Networks

As part of the American Rescue Plan Act of 2021, the Biden Administration allocated $1.65 billion to agencies within the government to boost cybersecurity efforts. The agencies include the Cybersecurity and Infrastructure Security Agency (CISA), which is heading up the response to the SolarWinds Corp breach and the Technology Modernization Fund, which is focused on IT and government agencies and also includes cybersecurity.

— — — — —

Digitalization is one of the content tracks happening at POWERGEN International Jan. 26-28 in Dallas. The POWERGEN Call for Abstracts is now open and seeking session ideas.