IAEA to meet with India on nuclear deal

IESO Fictitious Demand Error inflated HOEP in the Ontario electricity market, after embedded generation was mis-modeled; the OEB says double-counted load lifted wholesale prices and shifted costs via the Global Adjustment.

Key Points

An IESO modeling flaw that double-counted load, inflating HOEP and charges in Ontario's wholesale market.

✅ Double-counted unmetered load from embedded generation

✅ Inflated HOEP; shifted costs via Global Adjustment

✅ OEB flagged transparency; exporters paid more

For almost a year, the operator of Ontario’s electricity system erroneously counted enough phantom demand to power a small city, causing prices to spike and hundreds of millions of dollars in extra charges to consumers, according to the provincial energy regulator.

The Independent Electricity System Operator (IESO) also failed to tell anyone about the error once it noticed and fixed it.

The error likely added between $450 million and $560 million to hourly rates and other charges before it was fixed in April 2017, according to a report released this month by the Ontario Energy Board’s Market Surveillance Panel.

It did this by adding as much as 220 MW of “fictitious demand” to the market starting in May 2016, when the IESO started paying consumers who reduced their demand for power during peak periods. This involved the integration of small-scale embedded generation (largely made up of solar) into its wholesale model for the first time.

The mistake assumed maximum consumption at such sites without meters, and double-counted that consumption.

The OEB said the mistake particularly hurt exporters and some end-users, who did not benefit from a related reduction of a global adjustment rate applicable to other customers.

“The most direct impact of the increase in HOEP (Hourly Ontario Energy Price) was felt by Ontario consumers and exporters of electricity, who paid an artificially high HOEP, to the benefit of generators and importers,” the OEB said.

The mix-up did not result in an equivalent increase in total system costs, because changes to the HOEP are offset by inverse changes to a electricity cost allocation mechanism such as the Global Adjustment rate, the OEB noted.

A chart from the OEB's report shows the time of day when fictitious demand was added to the system, and its influence on hourly rates.

Peak time spikes
The OEB said that the fictitious demand “regularly inflated” the hourly price of energy and other costs calculated as a direct function of it.

For almost a year, Ontario's electricity system operator @IESO_Tweets erroneously counted enough phantom demand to power a small city, causing price spikes and hundreds of millions in charges to consumers, @OntEnergyBoard says. @5thEstate reports.

It estimated the average increase to the HOEP was as much as $4.50/MWh, but that price spikes, compounded by scheduled OEB rate changes, would have been much higher during busier times, such as the mid-morning and early evening.

“In times of tight supply, the addition of fictitious demand often had a dramatic inflationary impact on the HOEP,” the report said.

That meant on one summer evening in 2016 the hourly rate jumped to $1,619/MWh, it said, which was the fourth highest in the history of the Ontario wholesale electricity market.

“Additional demand is met by scheduling increasingly expensive supply, thus increasing the market price. In instances where supply is tight and the supply stack is steep, small increases in demand can cause significant increases in the market price.

The OEB questioned why, as of September this year, the IESO had failed to notify its customers or the broader public, amid a broader auditor-regulator dispute that drew political attention, about the mistake and its effect on prices.

“It's time for greater transparency on where electricity costs are really coming from,” said Sarah Buchanan, clean energy program manager at Environmental Defence.

“Ontario will be making big decisions in the coming years about whether to keep our electricity grid clean, or burn more fossil fuels to keep the lights on,” she added. “These decisions need to be informed by the best possible evidence, and that can't happen if critical information is hidden.”

In a response to the OEB report on Monday, the IESO said its own initial analysis found that the error likely pushed wholesale electricity payments up by $225 million. That calculation assumed that the higher prices would have changed consumer behaviour, while upcoming electricity auctions were cited as a way to lower costs, it said.

In response to questions, a spokesperson said residential and small commercial consumers would have saved $11 million in electricity costs over the 11-month period, even as a typical bill increase loomed province-wide, while larger consumers would have paid an extra $14 million.

That is because residential and small commercial customers pay some costs via time-of-use rates, including a temporary recovery rate framework, the IESO said, while larger customers pay them in a way that reflects their share of overall electricity use during the five highest demand hours of the year.

The IESO said it could not compensate those that had paid too much, given the complexity of the system, and that the modelling error did not have a significant impact on ratepayers.

While acknowledging the effects of the mistake would vary among its customers, the IESO said the net market impact was less than $10 million, amid ongoing legislation to lower electricity rates in Ontario.

It said it would improve testing of its processes prior to deployment and agreed to publicly disclose errors that significantly affect the wholesale market in the future.

Related News

• Electricity Forum News

• Energy Policy News

Middle Tennessee Power Outages disrupt 100,000+ customers as severe thunderstorms, straight-line winds, downed trees, and debris challenge Nashville crews, slow restoration amid COVID-19, and threaten more hail, flash flooding, and damaging gusts.

Key Points

Blackouts across Nashville after severe storms and winds, leaving customers without power and facing restoration delays.

✅ Straight-line winds 60-80 mph toppled trees and power lines

✅ 130,000+ customers impacted; some outages may last 1-2 weeks

✅ Restoration slowed by debris, COVID-19 protocols, and new storms

Some middle Tennessee residents could be without electricity for up to two weeks after strong thunderstorms swept through the area Sunday, knocking out power for more than 100,000 customers, a scale comparable to Los Angeles outages after a station fire.

"Straight line winds as high as 60-80 miles per hour knocked down trees, power lines and power polls, interrupting power to 130,000 of our 400,000+ customers," Nashville Electric said in a statement Monday. The utility said the outage was one of the largest on record, though Carolina power outages recently left a quarter-million without power as well.

"Restoration times will depend on individual circumstances. In some cases, power could be out for a week or two" as challenges related to coronavirus and the need for utilities adapt to climate change complicated crews' responses and more storms were expected, the statement said. "This is unfortunate timing on the heels of a tornado and as we deal with battling COVID-19."

Metropolitan Nashville and Davidson County Mayor John Cooper also noted that the power outages were especially inconvenient, a challenge similar to Hong Kong families without power during Typhoon Mangkhut, as people were largely staying home to slow the spread of coronavirus. He also pointed out that the storms came on the two month anniversary of the Nashville tornado that left at least two dozen people dead.

"Crews are working diligently to restore power and clear any debris in neighborhoods," Cooper said.

He said that no fatalities were reported in the county but sent condolences to Spring Hill, whose police department reported that firefighter Mitchell Earwood died during the storm due to "a tragic weather-related incident" while at his home and off duty. He had served with the fire department for 10 years.

The Metro Nashville Department of Public Works said it received reports of more than 80 downed trees in Davidson County.

Officials also warn that copper theft can be deadly when electrical infrastructure is damaged after storms.

The National Weather Service Nashville said a 72 mph wind gust was measured at Nashville International Airport — the fifth fastest on record.

The weather service warned that strong storms with winds of up to 75 mph, large hail, record-long lightning bolt potential seen in the U.S., and isolated flash flooding could hit middle Tennessee again Monday afternoon and night.

"Treat Severe Thunderstorm Warnings the same way you would Tornado Warnings and review storm safety tips before you JUST TAKE SHELTER," the NWS instructs. "70 mph is 70 mph whether it's spinning around in a circle or blowing in a straight line."

Related News

• Electricity Forum News

• Overhead T&D News

Canadian Industrial IoT Cybersecurity Standards aim to unify device security for utilities, smart grids, SCADA, and OT systems, aligning with NERC CIP, enabling certification, trust marks, compliance testing, and safer energy sector deployments.

Key Points

National standards to secure industrial IoT for utilities and grids, enabling certification and NERC CIP alignment.

✅ Aligns with NERC CIP and NIST frameworks for energy sector security

✅ Defines certification, testing tools, and a trusted device repository

✅ Enhances OT, SCADA, and smart grid resilience against cyber threats

The Canadian energy sector has been buying Internet-connected sensors for monitoring a range of activities in generating plants, distribution networks facing harsh weather risks and home smart meters for several years. However, so far industrial IoT device makers have been creating their own security standards for devices, leaving energy producers and utilities at their mercy.

The industry hopes to change that by creating national cybersecurity standards for industrial IoT devices, with the goal of improving its ability to predict, prevent, respond to and recover from cyber threats, such as emerging ransomware attacks across the grid.

To help, the federal government today announced an $818,000 grant support a CIO Strategy Council project oversee the setting of standards.

In an interview council executive director Keith Jansa said the money will help a three-year effort that will include holding a set of cross-country meetings with industry, government, academics and interest groups to create the standards, tools to be able to test devices against the standards and the development of product repository of IoT safe devices companies can consult before making purchases.

“The challenge is there are a number of these devices that will be coming online over the next few years,” Jansa said. “IoT devices are designed for convenience and not for security, so how do you ensure that a technology an electricity utility secures is in fact safeguarded against cyber threats? Currently, there is no associated trust mark or certification that gives confidence associated with these devices.”

He also said the council will work with the North American Electric Reliability Corporation (NERC), which sets North American-wide utility safety procedural standards and informs efforts on protecting the power grid across jurisdictions. The industrial IoT standards will be product standards.

According to Robert Wong, vice-president and CIO of Toronto Hydro, all the big provincial utilities are subject to adhering to NERC CIP standards which have requirements for both cyber and physical security. Ontario is different from most provinces in that it has local distribution companies — like Toronto Hydro — which buy electricity in bulk and resell it to customers.  These LDCs don’t own or operate critical infrastructure and therefore don’t have to follow the NERC CIP standards.

Regional reforms, such as regulatory changes in Atlantic Canada, aim to bring greener power options to the grid.

Electricity is considered around the world as one of a country’s critical national infrastructure. Threats to the grid can be used for ransom or by a country for political pressure. Ukraine had its power network knocked offline in 2015 and 2016 by what were believed to be Russian-linked attackers operating against utilities.

All the big provincial utilities operate “critical infrastructure” and are subject to adhering to NERC CIP (critical infrastructure protection) standards, which have requirements for both cyber and physical security, as similar compromises at U.S. electric utilities have highlighted recently.  There are audited on a regular basis for compliance and can face hefty fines if they fail to meet the requirements.  The LDCs in Ontario don’t own or operate “critical infrastructure” and therefore are not required to adopt NERC CIP standards (at least for now).

The CIO Strategy Council is a forum for chief information officers that is helping set standards in a number of areas. In January it announced a partnership with the Internet Society’s Canada Chapter to create standards of practice for IoT security for consumer devices. As part of the federal government’s updated national cybersecurity strategy it is also developing a national cybersecurity standard for small and medium-sized businesses. That strategy would allow SMBs to advertise to customers that they meet minimum security requirements.

“The security of Canadians and our critical infrastructure is paramount,” federal minister of natural resources Seamus O’Regan said in a statement with today’s announcement. “Cyber attacks are becoming more common and dangerous. That’s why we are supporting this innovative project to protect the Canadian electricity sector.”

The announcement was welcomed by Robert Wong, Toronto Hydro’s vice-president and CIO. “Any additional investment towards strengthening the safeguards against cyberattacks to Canada’s critical infrastructure is definitely good news.  From the perspective of the electricity sector, the convergence of IT and OT (operational technology) has been happening for some time now as the traditional electricity grid has been transforming into a Smart Grid with the introduction of smart meters, SCADA systems, electronic sensors and monitors, smart relays, intelligent automated switching capabilities, distributed energy resources, and storage technologies (batteries, flywheels, compressed air, etc.).

“In my experience, many OT device and system manufacturers and vendors are still lagging the traditional IT vendors in incorporating Security by Design philosophies and effective security features into their products.  This, in turn, creates greater risks and challenges for utilities to protecting their critical infrastructures and ensuring a reliable supply of electricity to its customers.”

The Ontario Energy Board, which regulates the industry in the province, has led an initiative for all utilities to adopt the National Institute of Standards and Technology (NIST) Cybersecurity Framework, along with the ES-C2M2 maturity and Privacy By Design models, he noted.  Toronto Hydro has been managing its cybersecurity practice in adherence to these standards, as the city addresses growing electricity needs as well, he said.

“Other jurisdictions, such as Israel, have invested heavily on a national level in developing its cybersecurity capabilities and are seen as global leaders.  I am confident that given the availability of talent, capabilities and resources in Canada (especially around the GTA) if we get strong support and leadership at a federal level we can also emerge as a leader in this area as well.”

Related News

• Electricity Forum News

• Grid Technologies News

Saskatchewan Solar Net Metering Program lets rooftop solar users offset at retail rate while earning 7.5 cents/kWh credits for excess energy; rebates are removed, SaskPower balances grid costs with a 100 kW cap.

Key Points

An updated SaskPower plan crediting rooftop solar at 7.5 cents/kWh, offsetting usage at retail rate, without rebates.

✅ Excess energy credited at 7.5 cents/kWh

✅ Offsets on-site use at retail electricity rates

✅ Up to 100 kW generation; no program capacity cap

Saskatchewan has unveiled a new program that credits electricity customers for generating their own solar power, but it won’t pay as much as an older program did or reimburse them with rebates for their costs to buy and install equipment.

The new net metering program takes effect Nov. 1, and customers will be able to use solar to offset their own power use at the retail rate, similar to UK households' right to sell power in comparable schemes, though program details differ.

But they will only get 7.5 cents per kilowatt hour credit on their bills for excess energy they put back into the grid, as seen in Duke Energy payment changes in other jurisdictions, rather than the 14 cents in the previous program.

Dustin Duncan, the minister responsible for Crown-owned SaskPower, says the utility had to consider the interests of people wanting to use rooftop solar and everyone else who doesn’t have or can’t afford the panels, who he says would have to make up for the lost revenue.

Duncan says the idea is to create a green energy option, with wind power gains highlighting broader competitiveness, while also avoiding passing on more of the cost of the system to people who just cannot afford solar panels of their own.

Customers with solar panels will be allowed to generate up to 100 kilowatts of power against their bills.

“It’s certainly my hope that this is going to provide sustainability for the industry, as illustrated by Alberta's renewable surge creating jobs, that they have a program that they can take forward to their potential customers, while at the same time ensuring that we’re not passing onto customers that don’t have solar panels more cost to upkeep the grid,” Duncan said Tuesday.

Saskatchewan NDP leader Ryan Meili said he believes eliminating the rebate and cutting the excess power credit will kill the province’s solar energy, a concern consistent with lagging solar demand in Canada in recent national reports, he said.

“(Duncan) essentially made it so that any homeowner who wants to put up panels would take up to twice as long to pay it back, which effectively prices everybody in the small part of the solar production industry — the homeowners, the farms, the small businesses, the small towns — out of the market,” Meili said.

The province’s old net metering program hit its 16 megawatt capacity ahead of schedule, forcing the program to shut down, while disputes like the Manitoba Hydro solar lawsuit have raised questions about program management elsewhere. It also had a rebate of 20 per cent of the cost of the system, but that rebate has been discontinued.

The new net metering program won’t have any limit on program capacity, or an end date.

According to Duncan, the old program would have had a net negative impact to SaskPower of about $54 million by 2025, but this program will be much less — between $4 million and $5 million.

Duncan said other provinces either have already or are in the process of moving away from rebates for solar equipment, including Nova Scotia's proposed solar charge and similar reforms, and away from the one-to-one credits for power generation.

Related News

• Electricity Forum News

• Renewable Energy News

Electrification Potential Study for Canada evaluates NRCan's decarbonization roadmap, assessing electrification of end uses and replacements for fossil fuels across transportation, buildings, and industry, including propane, diesel, natural gas, and coal, to guide energy policy.

Key Points

An NRCan study assessing electrification to replace fossil fuels across sectors and guide deep decarbonization R&D.

✅ Evaluates non-electric alternatives alongside electrification paths

✅ Covers propane, diesel, natural gas, and coal end uses

✅ Guides NRCan R&D priorities for deep decarbonization

The federal government wants to spend up to $300,000 on a study aimed at understanding whether existing electrical technologies can “reduce or eliminate” fossil fuels used for virtually every purpose other than generating electricity.

The proposal has caused consternation within the Saskatchewan government, whose premier has criticized a 2035 net-zero grid target as shifting the goalposts, and which has spent months attacking federal policies it believes will harm the Western Canadian energy sector without meaningfully addressing climate change.

Procurement documents indicate the “Electrification Potential Study for Canada” will provide “strategic guidance on the need to pursue both electric and non-electric energy research and development to enable deep decarbonisation scenarios.”

“It is critical that (Natural Resources Canada) as a whole have a cross-sectoral, consistent, and comprehensive understanding of the viability of electric technologies as a replacement for fossil fuels,” the documents state.

The study proponent will be asked to examine possible replacements for a range of fuels, including propane, transportation fuel, fuel oil, diesel, natural gas and coal, even as Alberta maps a path to clean electricity for its grid. Only international travel fuel and electricity generation are outside the scope of the study.

“To be clear, the consultant should not answer these questions directly, but should conduct the analysis with them in mind. The goal … is to collate data which can be used by (Natural Resources Canada) to conduct analysis related to these questions,” the documents state.

Natural Resources Canada issued the request for proposals one week before Prime Minister Justin Trudeau officially launched a 40-day election campaign in which climate and energy policy, including debates over Alberta's power market like a Calgary retailer's challenge, is expected to play a defining role.

It also comes as the federal government works to complete the controversial Trans Mountain Pipeline Expansion project through British Columbia, amid tariff threats boosting support for Canadian energy projects, which it bought last year for $4.5 billion and is currently bogged down in the court system.

A Natural Resources Canada spokeswoman said the ministry would not be able to respond to questions until sometime on Thursday.

While the documents make clear that the study aims to answer unresolved questions about what the International Energy Agency calls an increasingly-electric future, with clean grid and storage trends emerging, without a specific timeline, the provincial government is far from thrilled.

Energy and Resources Minister Bronwyn Eyre said the document reflects the federal government’s “hostility” to the energy sector, even as Alberta's electricity sector faces profound change, because government ministries like Natural Resources Canada don’t do anything without political direction.

Asked whether a responsible government should consider every option before taking a decision, Eyre said a government that was not interested in eliminating fossil fuels entirely would not have used such “strong” language in a public document, noting that provinces like Ontario are grappling with hydro system problems as well.

“I think it’s a real wake-up call to what (Ottawa’s) endgame really is here,” she said, adding that the document does not ask the proponent to conduct an economic impact analysis or consider potential job losses in the energy sector.

The study is organized by Natural Resources Canada’s office of energy research and development, which is tasked with accelerating energy technology “in order to produce and use energy in … more clean and efficient ways,” the documents state.

Bidding on the proposal closes Oct. 14, one week before the federal election. The successful proponent must deliver a final report in April 2020, according to the documents.

Related News

• Electricity Forum News

• Energy Policy News

US Power Grid Cyberattacks target utilities and nuclear plants, probing SCADA, ICS, and business networks at sites like Wolf Creek; suspected Russian actors, malware, and spear-phishing trigger DHS and FBI alerts on critical infrastructure resilience.

Key Points

Intrusions on energy networks probing ICS and SCADA, seeking persistence and elevating risks to critical infrastructure.

✅ Wolf Creek nuclear plant targeted; no operational systems breached

✅ Attackers leveraged stolen credentials, malware, and spear-phishing

✅ DHS and FBI issued alerts; utilities enhance cyber resilience

Hackers working for a foreign government recently breached at least a dozen US power plants, including the Wolf Creek nuclear facility in Kansas, according to current and former US officials, sparking concerns the attackers were searching for vulnerabilities in the electrical grid.

The rivals could be positioning themselves to eventually disrupt the nation’s power supply, warned the officials, who noted that a general alert, prompting a renewed focus on protecting the U.S. power grid, was distributed to utilities a week ago. Adding to those concerns, hackers recently infiltrated an unidentified company that makes control systems for equipment used in the power industry, an attack that officials believe may be related.

The chief suspect is Russia, according to three people familiar with the continuing effort to eject the hackers from the computer networks. One of those networks belongs to an ageing nuclear generating facility known as Wolf Creek -- owned by Westar Energy Inc, Great Plains Energy Inc, and Kansas Electric Power Cooperative Inc -- on a lake shore near Burlington, Kansas.

The possibility of a Russia connection is particularly worrying, former and current official s say, because Russian hackers have previously taken down parts of the electrical grid in Ukraine and appear to be testing increasingly advanced tools, including cyber weapons to disrupt power grids, to disrupt power supplies.

The hacks come as international tensions have flared over US intelligence agencies’ conclusion that Russia tried to influence the 2016 presidential election, and amid U.S. government condemnation of Russian power-grid hacking in recent advisories. The US, which has several continuing investigations into Russia’s activities, is known to possess digital weapons capable of disrupting the electricity grids of rival nations.

“We don’t pay attention to such anonymous fakes,” Kremlin spokesman Dmitry Peskov said, in response to a request to comment on alleged Russian involvement.

It was unclear whether President Donald Trump was planning to address the cyber attacks at his meeting on Friday with Russian President Vladimir Putin. In an earlier speech in Warsaw, Trump called out Russia’s “destabilising activities” and urged the country to join “the community of responsible nations.”

The Department of Homeland Security and Federal Bureau of Investigation said they are aware of a potential intrusion in the energy sector. The alert issued to utilities cited activities by hackers since May.

“There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks,” the government agencies said in a joint statement.

The Department of Energy also said the impact appears limited to administrative and business networks and said it was working with utilities and grid operators to enhance security and resilience.

“Regardless of whether malicious actors attempt to exploit business networks or operational systems, we take any reports of malicious cyber activity potentially targeting our nation’s energy infrastructure seriously and respond accordingly,” the department said in an emailed statement.

Representatives of the National Security Council, the Director of National Intelligence and the Nuclear Regulatory Commission declined to comment. While Bloomberg News was waiting for responses from the government, the New York Times reported that hacks were targeting nuclear power stations.

The North American Electric Reliability Corp, a nonprofit that works to ensure the reliability of the continent’s power system, said it was aware of the incident and was exchanging information with the industry through a secure portal.

“At this time, there has been no bulk power system impact in North America,” the corporation said in an emailed statement.

In addition, the operational controls at Wolf Creek were not pierced, according to government officials, even as attackers accessed utility control rooms elsewhere in the U.S., according to separate reports. “There was absolutely no operational impact to Wolf Creek,” Jenny Hageman, a spokeswoman for the nuclear plant, said in a statement to Bloomberg News.

“The reason that is true is because the operational computer systems are completely separate from the corporate network.”

Determining who is behind an attack can be tricky. Government officials look at the sophistication of the tools, among other key markers, when gauging whether a foreign government is sponsoring cyber activities.

Several private security firms, including Symantec researchers, are studying data on the attacks, but none has linked the work to a particular hacking team or country.

“We don’t tie this to any known group at this point,” said Sean McBride, a lead analyst for FireEye Inc, a global cyber security firm. “It’s not to say it’s not related, but we don’t have the evidence at this point.”

US intelligence officials have long been concerned about the security of the country’s electrical grid. The recent attack, striking almost simultaneously at multiple locations, is testing the government’s ability to coordinate an effective response among several private utilities, state and local officials, and industry regulators.

Specialised teams from Homeland Security and the FBI have been scrambled to help extricate the hackers from the power stations, in some cases without informing local and state officials. Meanwhile, the US National Security Agency is working to confirm the identity of the hackers, who are said to be using computer servers in Germany, Italy, Malaysia and Turkey to cover their tracks.

Many of the power plants are conventional, but the targeting of a nuclear facility adds to the pressure. While the core of a nuclear generator is heavily protected, a sudden shutdown of the turbine can trigger safety systems. These safety devices are designed to disperse excess heat while the nuclear reaction is halted, but the safety systems themselves may be vulnerable to attack.

Homeland Security and the FBI sent out a general warning about the cyber attack to utilities and related parties on June 28, though it contained few details or the number of plants affected. The government said it was most concerned about the “persistence” of the attacks on choke points of the US power supply. That language suggests hackers are trying to establish backdoors on the plants’ systems for later use, according to a former senior DHS official who asked not to be identified.

Those backdoors can be used to insert software specifically designed to penetrate a facility’s operational controls and disrupt critical systems, according to Galina Antova, co-founder of Claroty, a New York firm that specialises in securing industrial control systems.

“We’re moving to a point where a major attack like this is very, very possible,” Antova said. “Once you’re into the control systems -- and you can get into the control systems by hacking into the plant’s regular computer network -- then the basic security mechanisms you’d expect are simply not there.”

The situation is a little different at nuclear facilities. Backup power supplies and other safeguards at nuclear sites are meant to ensure that “you can’t really cause a nuclear plant to melt down just by taking out the secondary systems that are connected to the grid,” Edwin Lyman, a nuclear expert with the Union of Concerned Scientists, said in a phone interview.

The operating systems at nuclear plants also tend to be legacy controls built decades ago and don’t have digital control systems that can be exploited by hackers. Wolf Creek, for example, began operations in 1985. “They’re relatively impervious to that kind of attack,” Lyman said.

The alert sent out last week inadvertently identified Wolf Creek as one of the victims of the attack. An analysis of one of the tools used by the hackers had the stolen credentials of a plant employee, a senior engineer. A US official acknowledged the error was not caught until after the alert was distributed.

According to a security researcher who has seen the report, the malware that activated the engineer’s username and password was designed to be used once the hackers were already inside the plant’s computer systems.

The tool tries to connect to non-public computers, and may have been intended to identify systems related to Wolf Creek’s generation plant, a part of the facility typically more modern than the nuclear reactor control room, according to a security expert who asked to note be identified because the alert is not public.

Even if there is no indication that the hackers gained access to those control systems, the design of the malware suggests they may have at least been looking for ways to do so, the expert said.

Stan Luke, the mayor of Burlington, the largest community near Wolf Creek, which is surrounded by corn fields and cattle pastures, said he learned about a cyber threat at the plant only recently, and then only through golfing buddies.

With a population of just 2,700, Burlington boasts a community pool with three water slides and a high school football stadium that would be the envy of any junior college. Luke said those amenities lead back to the tax dollars poured into the community by Wolf Creek, Coffey County’s largest employer with some 1,000 workers, 600 of whom live in the county.

E&E News first reported on digital attacks targeting US nuclear plants, adding it was code-named Nuclear 17. A senior US official told Bloomberg that there was a bigger breach of conventional plants, which could affect multiple regions.

Industry experts and US officials say the attack is being taken seriously, in part because of recent events in Ukraine. Antova said that the Ukrainian power grid has been disrupted at least twice, first in 2015, and then in a more automated attack last year, suggesting the hackers are testing methods.

Scott Aaronson, executive director for security and business continuity at the Edison Electric Institute, an industry trade group, said utilities, grid operators and federal officials were already dissecting the attack on Ukraine’s electric sector to apply lessons in North America before the US government issued the latest warning to “energy and critical manufacturing sectors”. The current threat is unrelated to recently publicised ransomware incidents or the CrashOverride malware, Mr Aaronson said in an emailed statement.

Neither attack in Ukraine caused long-term damage. But with each escalation, the hackers may be gauging the world’s willingness to push back.

“If you think about a typical war, some of the acts that have been taken against critical infrastructure in Ukraine and even in the US, those would be considered crossing red lines,” Antova said.

Related News

• Electricity Forum News

• Grid Technologies News