Texas power grid under constant Russian cyber threats while also facing peak demand as temps rise

Tom Abrahams Image
Wednesday, May 4, 2022
ERCOT under constant 'cyber warfare' threats
ABC13 learned ERCOT is dealing with potential record power demand ahead of soaring temperatures this weekend, in addition to a persistent threat.

HOUSTON, Texas (KTRK) -- In a week that ERCOT, the state's energy regulator, warns of peak demand this weekend as temperatures rise, ABC13 learned extreme heat and cold are not the only threats to the production and delivery of energy. The Department of Energy, the FBI, the Cybersecurity and Infrastructure Security Agency, and the National Security Agency have issued an alert and advisory of an advanced persistent threat to the energy sector.

SEE RELATED STORY: ERCOT positioning for potential record demand as Texas temperatures expected to soar this weekend

It was in May 2021 that hackers shut down the Colonial Pipeline, a gas conduit between southeast Texas and the East Coast. For six days, hackers stopped movement of gasoline, diesel, and jet fuel. They demanded a ransom, which the company paid to regain control of its systems.

SEE RELATED STORY: Colonial Pipeline temporarily shuts down 2 fuel lines as Hurricane Ida makes landfall

Ramanan Krishnamoorti, the chief energy officer at the University of Houston, said the threats run throughout the energy industry.

"When you saw the Colonial Pipeline, that incident is such a stark reminder of what can happen with the cyber attack," said Krishnamoorti. "Your weakest link is somebody's thumb drive that they put into a local computer that then starts to lead to this entire cyber attack."

Colman Ryan calls the threat "cyber warfare."

Ryan is a forensic investigator in Houston who helps companies identify their weaknesses and fortify their systems against everything from attacks from foreign actors to email phishing. He demonstrated how simple it is to learn enough information about a company to probe its systems and look for weak points using strings of automated queries.

"It's public. There's no way to stop these queries," Ryan said. "These electricity generation companies, they don't all have the same level of security."

ABC13 also reached out to Matt Morris, the managing director for 1898 Security and Risk Consulting. Morris explained hackers are always looking for the weakest point anywhere they can find it.

"This gives a pretty wide range of targets to a would-be adversary who is looking to disrupt, deny, or even take out aspects of the power or the energy system," Morris said.

Another expert paints an equally grim picture, despite real efforts at every level to fend off would-be hackers. Chris Bronk, who wrote a book on cyber security threats, frequently advises the government and the military.

Bronk said there is a constant vigilance among energy providers to stay ahead of the hackers, the greatest threats coming from Russia and Russian affiliated groups. Unlike a conventional attack, which could also easily disrupt reliable energy, it's a hack that could instantly shift supply in the wrong direction.

"It's a patchwork quilt of a lot of different utilities, big and small," Bronk said of the grid. "This system, when it is knocked out of equilibrium makes a lot of pain every place. It is, you know, the thing that makes everything work."

It is an around-the-clock fight across an entire spectrum of industry to keep the very real threats at bay, the power on, and the fuel moving. As the threat unfolds, University of Houston announced that on Monday, May 2, it would join a U.S. Department of Defense consortium to launch a virtual institute which plans to recruit and train the next generation to combat cyber warfare, including cyber espionage and attacks on the electromagnetic spectrum.

For updates on this story, follow Tom Abrahams on Facebook, Twitter and Instagram.