This page contains a Flash digital edition of a book.
Cover Story Energy companies choreograph a


dance of electrons across a vast stage. To keep the show running smoothly, Vir- ginia’s utilities say they collaborate now more than ever on security. Not surpris- ingly, they won’t disclose many details, except that the work involves greater information sharing, industrywide security practices and simulation of real- world emergencies. Stronger measures are being taken to prevent disruption and thwart information thieves. The efforts include fortifying tangible assets — buildings, capital equipment and peripheral security — and digital assets, such as corporate and customer data. Enhanced coordination with


intelligence officials is equally pivotal. Dominion and some Virginia rural electricity cooperatives participate in the DHS Electricity Subsector Coordinat- ing Council, a liaison between industry CEOs and defense, law enforcement and national security agencies. “We stay plugged in


Engels


to all sources to determine changes in the threat pic- ture. We have to focus on a wide range of potential threats from a wide range of potential actors,” says Mark Engels, director of


enterprise technology security and com- pliance at Dominion, the state’s largest regulated electricity utility, which has 2.5 million customers in Virginia and parts of North Carolina. Appalachian Power in Roanoke


shapes security strategy in conjunction with American Electric Power Co., its Columbus, Ohio-based corporate parent. Appalachian provides electricity to 1 million consumers in Virginia and West Virginia. “We have very large assets, in Virginia


and around the country. Preparing for cyberattacks is part of our business now … If a threat becomes a reality, we’re prepared to make sure we can continue delivering power,” says Appalachian Power spokesman John Shepelwich. Member-owned electricity coopera-


tives also are a crucial piece in this jigsaw puzzle, helping Virginia better understand the rapidly expanding threat matrix. So says Maxie Rozell, the manager of safety, security and risk management at Rappah-


18 AUGUST 2016


annock Electric Cooperative in Spotsylva- nia County, which distributes electricity to 161,000 Virginia customers. “We’re cooperatives, so we cooperate


to share information constantly with each other and with our state utilities. Were we regularly talking to DHS and the FBI 15 or 20 years ago? No, we weren’t, but in this day and time, being vigilant requires us to stay engaged with a variety of partners in order to mitigate any risks,” Rozell says. Dominion plans to spend up to $500 million over the next five to seven years on a variety of security initiatives. The strategy is to harden its transmis- sion substations and other critical infra- structure, add more mobile transmission equipment and boost stockpiles of backup gear. It plans to bolster perimeter security with ultramodern construction and use sophisticated technologies to pre-empt intruders. The moves coincide with stiffer


regulations handed down to the electricity industry by the Federal Energy Regula- tory Commission (FERC). The new rules address concerns that nation-states or ter-


ror groups might sabotage power facilities and/or the computer-based information systems that manage them. Sound far-fetched? Consider the


outage in Ukraine in December. Two days before Christmas, seven electricity substations there were rendered power- less in what experts have described as the first confirmed cyberspace attack on civilian infrastructure. Debate exists regarding the culprit, but alarm bells sounded across the global energy indus- try as the attack cut power to 230,000 customers in three different service areas for several hours. While the power wasn’t out long, a U.S. report found that the substations’ control centers were not fully operational more than two months after the attack. That’s because the attackers overwrote firmware, leaving the substations unresponsive to remote com- mands, with workers having to resort to manual power to turn the power back on. The Ukraine hack showed astonish-


ing chutzpah. Phishing emails, malware and other tricks were deployed to “gain a foothold and harvest credentials” needed to compromise sensor-based industrial-


Rendering courtesy Dominion


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82  |  Page 83  |  Page 84  |  Page 85  |  Page 86  |  Page 87  |  Page 88  |  Page 89  |  Page 90  |  Page 91  |  Page 92  |  Page 93  |  Page 94  |  Page 95  |  Page 96  |  Page 97  |  Page 98  |  Page 99  |  Page 100  |  Page 101  |  Page 102  |  Page 103  |  Page 104