NERC established the Cyber Attack Task Force (CATF) as a follow-up to the 2010 NERC High Impact Low Frequency (HILF) initiative. The purpose of the CATF is to consider the impact of a coordinated cyber attack on the operation of the bulk power system and to develop flexible options for detecting, operating, and recovering from such an attack. The scenario being addressed is an organized disruption that disables or impairs the integrity of multiple control systems, or intruders take operating control of portions of the bulk power system such that generation or transmission system is damaged or mis-operated. Specifically, the scenario being addressed is transmission operators report unexplained and persistent breaker operation that occurs across a wide geographic area.
A coordinated cyber attack requires the presence of common mode failures that can be exploited by cyber. Often common mode failures affecting control systems are not traditional IT cyber vulnerabilities. There have been numerous control system common mode failures identified and even unintentionally and intentionally exploited to date. A number of these common mode failures have affected or could affect power generation – Aurora, Stuxnet, cold temperatures (recent brownouts in Texas), grid manipulation (Enron), Japan (loss of off-site power), natural gas pipeline failures, etc. However, none of these scenarios are being addressed by the CATF. Even the CATF proposed scenario does not address the common mode breaker failure that has already occurred - LACK of breaker operation, which appears to be key to the 2008 Florida outage.
This brings up some important questions.
- The focus of the CATF scenario doesn’t seem to be on events that have actually occurred, and therefore have a credible potential for recurrence. Why?
- If many of the identified common mode failures involve generation, not just transmission and distribution, does CATF plan on expanding the scenario they are working on to incorporate these failures? Do they plan to cover generation in a subsequent scenario? Or do they intend to ignore specific generation issues?
- If issues excluded by the NERC CIPs are not included, can CATF provide a dispassionate technical review?
I sent this blog to the three co-chairs of the NERC CATF for their comments. Mark Engles, one of the three co-chairs, responded by stating: “Joe, thanks for your thoughts. These are important questions which I believe have been covered with the task force during our conference call and/or our Face-to-Face meeting.” I am a member of the NERC CATF and have participated in the two conference calls mark mentioned. Even though it is early in the CATF’s existence, I do not believe these important subjects have been adequately addressed.
Joe Weiss
