The former director of the California Independent System Operator, which oversees 80 percent of the state’s power system, says cyberthreats against the grid face a number of barriers to success.
(TNS) — The electrical grid may likely represent a prime target after Iran has vowed "crushing revenge" on the United States following a drone strike that killed its top general, Qassem Soleimani.
But the former director of the organization that oversees the power system for the bulk of California says he's not overly worried about a major disruption.
"We spend a lot of time, money and energy to harden the system so this doesn't happen," said Jim McIntosh, who was director of grid operations from 2000 to 2009 at the California Independent System Operator. "And the system is broken up into a lot of pieces. We can isolate areas very readily and keep control of the system. So it's a very difficult task to take the grid down — very difficult."
Based in Folsom, the California ISO manages the flow of electricity across the high-voltage and long-distance power lines that make up 80 percent of California's grid, as well as a small part of Nevada's power system. The ISO not only balances the flow of electricity in the state but also makes power purchases to match demand and avoid power outages.
"I would say we are adequately protected against anything Iran has done in the past and could do at this point," said McIntosh, who spent 13 years at the ISO. "They have proven over time that they can't break through the firewalls" put in place to protect the system.
Critical infrastructure such as the power grid has come under more intense focus since tensions between the U.S. and Iran have escalated.
On Saturday, the U.S. Department of Homeland Security issued an updated threat bulletin that warned "Iran maintains a robust cyber program" and "is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States."
But attempts to disrupt California's power grid are not new.
Last summer, the manager in charge of ensuring the state's power system remains safe from cyberattacks told the Union-Tribune the ISO fends off "several millions" of hacking attempts each month.
Spokeswoman Vonette Fontaine said in a statement the California ISO's systems "have not experienced any major cyber incidents" since the Iranian government promised to retaliate and the ISO coordinates "diligently and proactively with federal and state law enforcement agencies to stay in front of potential issues."
Fontaine would not say whether the ISO has stepped up its efforts in recent days to prevent any potential attacks on its information technology systems or physical assets.
Similarly, a spokeswoman for San Diego Gas & Electric did not go into specifics.
"We are aware of the recent events involving Iran and the heightened concerns of a cybersecurity threat," said SDG&E communications manager Sara Prince in an email. "Our cyber and physical security operations teams are in routine contact with our local, state and federal law enforcement partners to stay informed about the latest potential threats and respond quickly to evolving situations."
McIntosh said unless a specific threat shows up, "I don't think (the state's investor-owned utilities) would be doing much more than they always do ... They have a large group of folks that watch this stuff on a daily basis and would be able to protect their systems. (Southern California) Edison, San Diego (Gas & Electric) and (Pacific Gas & Electric) each have staffs that do this for a living, all the time."
At the same time, McIntosh recalled how the ISO had to interrupt electrical loads 13 times during the California energy crisis in 2000 and 2001 that led to rolling blackouts across the state.
"One of the things that people realized real quick was that if you don't have energy, things go downhill rapidly," McIntosh said in a telephone interview. "So if anybody would go and successfully knock out the grid, it would create havoc for California."
In 2013, snipers opened fire at a PG&E substation in San Jose and knocked out 17 transformers that supplied electricity to the Silicon Valley. Grid officials avoided a blackout by rerouting power but as the Wall Street Journal reported, it took 27 days to make the necessary repairs to bring the substation back online. No arrests have ever been made.
McIntosh said utilities have increased security at physical sites since then.
"They used to concentrate on 'inside the fence' and now they actually look out and have the same type of ground detection movement (technology) that (the government has) put on the border, so that anybody approaching is detected and alarms go off," McIntosh said. "They've spent millions and millions of dollars."
Nationally, the energy sector has become a prime target for cyberattacks in the past decade, according to a report by the U.S. Department of Energy detailing its multiyear security plans.
Energy infrastructure and sites experienced more cyber incidents than any other sector between 2013 and 2015, accounting for 35 percent of the 796 incidents reported by sectors accounting for critical infrastructure, according to the Industrial Control Systems Cyber Emergency Response Team at the Department of Homeland Security.
In October 2013, casino magnate and conservative political donor Sheldon Adelson said while appearing on a panel in New York that the U.S. could counter Iran's nuclear ambitions by exploding a warhead in a deserted area of the country.
The comments enraged Iran's Supreme Leader and four months later, hackers disabled the IT systems of one of Adelson's casinos in Las Vegas and caused $40 million in damages. U.S. intelligence officials traced the attack to Iran.
©2020 The San Diego Union-Tribune Distributed by Tribune Content Agency, LLC.
Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.