By Stephen M. Spina & J. Daniel Skees
Cyber attacks are increasingly becoming a regular part of an electric utility’s day-to-day business risks. News agencies provide an ongoing stream of reports on the increasing sophistication and danger of these attacks: 30,000 workstations disabled by a malicious virus at a Saudi oil firm, a generator’s control system infected by malware carried on a USB drive, and a generator restart delayed for three weeks by a malware inadvertently uploaded to control systems by a technician. Of the cyber incidents reported to the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (“ICS-CERT”) between October 2011 and September 2012, forty-one percent of incidents involved the energysector, by far the largest number of incidents by sector.