Kaspersky Lab Discovers Russian Hacker Infrastructure

CAISO Net Negative Emissions signal moments when greenhouse gas intensity of serving ISO demand drops below zero, driven by high renewable generation, low load, strong solar exports, and imports accounting in the California grid.

Key Points

Moments when CAISO's CO2 to serve demand is below zero, driven by renewables, exports, and import accounting.

✅ Calculated using imports and exports to serve ISO demand

✅ Occur during high solar output, low weekend load

✅ Coincide with curtailment and record renewable penetration

We’re a long way from the land of milk and honey, but on Easter Sunday – for about an hour – we got a taste.

On Sunday, at 1:55 PM Pacific Time the California Independent Systems Operator (CAISO) reported that greenhouse gas emissions necessary to serve its demand (~80% of California’s electricity demand on an annual basis), was measured at a rate -16 metric tons of CO2 per hour. Five minutes later, the value was -2 mTCO2/h, before it crept back up to 40 mTCO2/h at 2:05 PM PST. At 2:10 PST though it fell back to -86 mTCO2/h and stayed negative until 3:05 PM PST, even as global CO2 emissions flatlined in 2019 according to the IEA.

This information was brought to the attention of pv magazine via tweet from eagle eye Jon Pa after CAISO’s site first noted the negative values:

The region was still generating CO2 though, as natural gas, biogas, biomass, geothermal and even coal plants were running and pumping out emissions, even as potent greenhouse gases declined in the US under control efforts. CAISO’s Greenhouse Gas Emission Tracking Methodology, December 28, 2016 (pdf) notes the below calculations to create the value what it terms, “Total GHG emissions to serve ISO demand”:

Of importance to note is that to get to the net negative value, CAISO considered all electricity imports and exports, a reminder that climate policy shapes grid operations across North America. And as can be noted in the image below the CO2 intensity of imports during the day rapidly declined as the sun came up, first going negative around 9:05 AM PST, and mostly staying so until just before 6 PM PST.

During this same weekend, other records were noted (reiterating that we’re in record setting season and as the state pursues its 100% carbon-free mandate now in law) such as a new electricity export record of greater than 2 GW and total renewable electricity as part of total demand at greater than 70%.

At the peak negative moment of 2:15 PM PST, -112 mTCO2/h seen below, the total amount of clean instantaneous generation being used in the power grid region was 17 GW, a far cry from heat-driven reliability strains like rolling blackout warnings that arise during extreme demand, with renewables giving 76% of the total, hydro 14%, nuclear 13% and imports of -12% countering the CO2 coming from just over 1.4 GW of gas generation.

Also of importance are a few layers of nuance in the electricity demand charts. First off we’re in the shoulder seasons  of California – nice cool weather before the warmth of summer drives air conditioning demand. Additional the weekend electricity demand is always lower, as well, Easter Sunday might have had an affect, whereas in colder regions Calgary’s electricity use can soar during frigid snaps.

Lastly to note was the amount of electricity from solar and wind generation being curtailed. And while the Sunday numbers weren’t available yet, the below image noted Saturday with 10 GWh in total being curtailed (pdf) – peaking at over 3.2 GW of instantaneous mostly solar power even as solar is now the cheapest electricity according to the IEA, in the hours of 2 and 3 PM PST. On an annualized basis, less than 2% of total potential solar electricity was curtailed in 2018.

Related News

• Electricity Forum News

• Climate Change News

Russian cyberattacks on U.S. power grid exposed DHS warnings: Dragonfly/Energetic Bear breached control rooms, ICS networks, and could trigger blackouts via switch manipulation, phishing, and malware, threatening critical infrastructure and utility operations nationwide.

Key Points

State-backed breaches of utility ICS and control rooms enabled potential switch manipulation and blackouts.

✅ DHS: Dragonfly/Energetic Bear breached utility networks

✅ Access reached control rooms and ICS for switch control

✅ Ongoing campaign via phishing, malware, lateral movement

Russian hackers for a state-sponsored organization invaded hundreds of control rooms of U.S. electric utilities that could have led to blackouts, a new report says.

The group, known as Dragonfly or Energetic Bear, infiltrated networks of U.S. utilities as part of an effort that is likely ongoing, Department of Homeland Security officials told the Wall Street Journal.

Jonathan Home, chief of industrial-control-system analysis for DHS, said the hackers “got to the point where they could have thrown switches” and upset power flows.

Although the agency did not disclose which companies were impacted, the officials at a briefing Monday said that there were “hundreds of victims” including breaches at power plants across the U.S., and that some companies may not be aware that hackers infiltrated their networks yet.

According to experts, Russia has been preparing for such attacks for some time now, prompting a renewed focus on protecting the grid among utilities and policymakers.

“They’ve been intruding into our networks and are positioning themselves for a limited or widespread attack,” said former Deputy Assistant Defense Secretary Michael Carpenter, now senior director at the Penn Biden Center at the University of Pennsylvania, per the Wall Street Journal. “They are waging a covert war on the West.”

Earlier this year, the Trump administration claimed Russia had staged a power grid hacking campaign against the U.S. energy grid and other U.S. infrastructure.

The report comes after President Trump told reporters last week during a joint press conference in Helsinki alongside Russian President Vladimir Putin that he had no reason not to believe the Russian leader's assurances to him that the Kremlin was not to blame for interference in the election.

Trump later admitted that he misspoke when he said he didn’t “see any reason why” Russia would have meddled in the 2016 election, and said he believes the U.S. intelligence community assessment that found that the Russian government did interfere in the electoral process.

Related News

• Electricity Forum News

• Grid Technologies News

PG&E property tax payments bolster counties, education, public safety, and infrastructure across Northern and Central California, reflecting semi-annual levies tied to utility assets, capital investments, and economic development that serve 16 million customers.

Key Points

PG&E property tax payments are semi-annual county taxes funding public services and linked to utility infrastructure.

✅ $230M paid for Jul-Dec 2017 across 50 California counties

✅ Estimated $461M for FY 2017-2018, up 12% year over year

✅ Investments: $5.9B in grid, Gas Safety Academy, control center

Pacific Gas and Electric Company (PG&E) paid property taxes of more than $230 million this fall to the 50 counties where the energy company owns property and operates gas and electric infrastructure that serves 16 million Californians. The tax payments help support essential public services like education and public health and safety actions across the region.

The semi-annual property tax payments made today cover the period from July 1 to December 31, 2017.

Total payments for the full tax year of July 1, 2017 to June 30, 2018 are estimated to total more than $461 million—an increase of $50 million, or 12 percent, compared with the prior fiscal year, even as customer rates are expected to stabilize in the years ahead.

“Property tax payments provide crucial resources to the many communities where we live and work, supporting everything from education to public safety. By continuing to make local investments in gas and electric infrastructure, we are not only creating one of the safest and most reliable energy systems in the country, including wildfire risk reduction programs and related efforts, we’re investing in the local economy and helping our communities thrive,” said Jason Wells, senior vice president and chief financial officer for PG&E.

PG&E invested more than $5.7 billion last year and expects to invest $5.9 billion this year to enhance and upgrade its gas and electrical infrastructure amid power line fire risks across Northern and Central California.

Some recent investments include the construction of PG&E’s $75 millionGas Safety Academy in Winters in Yolo County, which opened in September. Last year, PG&E opened a $36 million, state-of-the-art electric distribution control center in Rocklin.

PG&E supports the communities it serves in a variety of ways. In 2016, PG&E provided more than $28 million in charitable contributions to enrich local educational opportunities, preserve the environment, and support economic vitality and emergency preparedness and safety, including its Wildfire Assistance Program for impacted residents. PG&E employees provide thousands of hours of volunteer service in their local communities. The company also offers a broad spectrum of economic development services to help local businesses grow.

Related News

• Electricity Forum News

• Energy Policy News

Manitoba Hydro rate hikes face public hearings over electricity rates, utility bills, and debt, with impacts on low-income households, Indigenous communities, and Winnipeg services amid credit rating pressure and rising energy costs.

Key Points

Manitoba Hydro seeks 7.9% annual increases to stabilize finances and debt, impacting electricity costs for households.

✅ Proposed hikes: 7.9% yearly through 2023/24

✅ Driven by debt, credit rating declines, rising interest

✅ Disproportionate impact on low-income and Indigenous communities

Hearings began Monday into Manitoba Hydro’s request for consecutive annual rate hikes of 7.9 per cent.  The crown corporation is asking for the steep hikes to commence April 1, 2018.

The increases would continue through 2023/2024, under a multi-year rate plan before dropping to what Hydro calls “sustainable” levels.

Patti Ramage, legal counsel for Hydro, said while she understands no one welcomes the “exceptional” rate increases, the company is dealing with exceptional circumstances.

It’s the largest rate increase Hydro has ever asked for, though a scaled-back increase was discussed later, saying rising debt and declining credit ratings are affecting its financial stability.

President and CEO Kelvin Shepherd said Hydro is borrowing money to fund its interest payments, and acknowledged that isn’t an effective business model.

Hydro’s application states that it will be spending up to 63 per cent of its revenue on paying financial expenses if the current request for rate hikes is not approved.

If it does get the increase it wants, that number could shrink to 45 per cent – which Ramage says is still quite high, but preferable to the alternative.

She cited the need to take immediate action to fix Hydro’s finances instead of simply hoping for the best.

“The worst thing we can do is defer action… that’s why we need to get this right,” Ramage said.

A number of intervenors presented varying responses to Hydro’s push for increased rates, with many focusing on how the hikes would affect Manitobans with lower incomes.

Senwung Luk spoke on behalf of the Assembly of Manitoba Chiefs, and said the proposed rates would hit First Nations reserves particularly hard.

He noted that 44.2 per cent of housing on reserves in the province needs significant improvement, which means electricity use tends to be higher to compensate for the lower quality of infrastructure.

Luk says this problem is compounded by the higher rates of poverty in Indigenous populations, with 76 per cent of children on reserves in Manitoba living below the poverty line.

If the increase goes forward, he said the AMC hopes to see a reduced rate for those living on reserves, despite a recent appeal court ruling on such pricing.

Byron Williams, speaking on behalf of the Consumers Coalition, said the 7.9 per cent increase unreasonably favours the interests of Hydro, and is unjustly biased against virtually everyone else.

In Saskatchewan, the NDP criticized an SaskPower 8 per cent rate hike as unfair to customers, highlighting regional concerns.

Williams said customers using electric space heating would be more heavily targeted by the rate increase, facing an extra $13.14 a month as opposed to the $6.88 that would be tacked onto the bills of those not using electric space heating.

Williams also called Hydro’s financial forecasts unreliable, bringing the 7.9 per cent figure into question.

Lawyer George Orle, speaking for the Manitoba Keewatinowi Okimakanak, said the proposed rate hikes would “make a mockery” of the sacrifices made by First Nations across the province, given that so much of Hydro’s infrastructure is on Indigenous land.

The city of Winnipeg also spoke out against the jump, saying property taxes could rise or services could be cut if the hikes go ahead to compensate for increased, unsustainable electricity costs.

In British Columbia, a BC Hydro 3 per cent increase also moved forward, drawing attention to affordability.

A common theme at the hearing was that Hydro’s request was not backed by facts, and that it was heading towards fear-mongering.

Manitoba Hydro’s CEO begged to differ as he plead his case during the first hearing of a process that is expected to take 10 weeks.

Related News

• Electricity Forum News

• Energy Policy News

Russian Cyberattacks on U.S. Critical Infrastructure target energy grids, nuclear plants, water systems, and aviation, DHS and FBI warn, using spear phishing, malware, and ICS/SCADA intrusion to gain footholds for potential sabotage and disruption.

Key Points

State-backed hacks targeting U.S. energy, nuclear, water and aviation via phishing and ICS access for sabotage.

✅ DHS and FBI detail multi-stage intrusion since 2016

✅ Targets include energy, nuclear, water, aviation, manufacturing

✅ TTPs: spear phishing, lateral movement, ICS reconnaissance

Russia is attacking the U.S. energy grid, with reported power plant breaches unfolding alongside attacks on nuclear facilities, water processing plants, aviation systems, and other critical infrastructure that millions of Americans rely on, according to a new joint analysis by the FBI and the Department of Homeland Security.

In an unprecedented alert, the US Department of Homeland Security (DHS) and FBI have warned of persistent attacks by Russian government hackers on critical US government sectors, including energy, nuclear, commercial facilities, water, aviation and manufacturing.

The alert details numerous attempts extending back to March 2016 when Russian cyber operatives targeted US government and infrastructure.

The DHS and FBI said: “DHS and FBI characterise this activity as a multi-stage intrusion campaign by Russian government cyber-actors who targeted small commercial facilities’ networks, where they staged malware, conducted spear phishing and gained remote access into energy sector networks.

“After obtaining access, the Russian government cyber-actors conducted network reconnaissance, moved laterally and collected information pertaining to industrial control systems.”

The Trump administration has accused Russia of engineering a series of cyberattacks that targeted American and European nuclear power plants and water and electric systems, and could have sabotaged or shut power plants off at will.

#google#

United States officials and private security firms saw the attacks as a signal by Moscow that it could disrupt the West’s critical facilities in the event of a conflict.

They said the strikes accelerated in late 2015, at the same time the Russian interference in the American election was underway. The attackers had compromised some operators in North America and Europe by spring 2017, after President Trump was inaugurated.

In the following months, according to the DHS/FBI report, Russian hackers made their way to machines with access to utility control rooms and critical control systems at power plants that were not identified. The hackers never went so far as to sabotage or shut down the computer systems that guide the operations of the plants.

Still, new computer screenshots released by the Department of Homeland Security have made clear that Russian state hackers had the foothold they would have needed to manipulate or shut down power plants.

“We now have evidence they’re sitting on the machines, connected to industrial control infrastructure, that allow them to effectively turn the power off or effect sabotage,” said Eric Chien, a security technology director at Symantec, a digital security firm.

“From what we can see, they were there. They have the ability to shut the power off. All that’s missing is some political motivation,” Mr. Chien said.

American intelligence agencies were aware of the attacks for the past year and a half, and the Department of Homeland Security and the F.B.I. first issued urgent warnings to utility companies in June, 2017. Both DHS/FBI have now offered new details as the Trump administration imposed sanctions against Russian individuals and organizations it accused of election meddling and “malicious cyberattacks.”

It was the first time the administration officially named Russia as the perpetrator of the assaults. And it marked the third time in recent months that the White House, departing from its usual reluctance to publicly reveal intelligence, blamed foreign government forces for attacks on infrastructure in the United States.

In December, the White House said North Korea had carried out the so-called WannaCry attack that in May paralyzed the British health system and placed ransomware in computers in schools, businesses and homes across the world. Last month, it accused Russia of being behind the NotPetya attack against Ukraine last June, the largest in a series of cyberattacks on Ukraine to date, paralyzing the country’s government agencies and financial systems.

But the penalties have been light. So far, President Trump has said little to nothing about the Russian role in those attacks.

The groups that conducted the energy attacks, which are linked to Russian intelligence agencies, appear to be different from the two hacking groups that were involved in the election interference.

That would suggest that at least three separate Russian cyberoperations were underway simultaneously. One focused on stealing documents from the Democratic National Committee and other political groups. Another, by a St. Petersburg “troll farm” known as the Internet Research Agency, used social media to sow discord and division. A third effort sought to burrow into the infrastructure of American and European nations.

For years, American intelligence officials tracked a number of Russian state-sponsored hacking units as they successfully penetrated the computer networks of critical infrastructure operators across North America and Europe, including in Ukraine.

Some of the units worked inside Russia’s Federal Security Service, the K.G.B. successor known by its Russian acronym, F.S.B.; others were embedded in the Russian military intelligence agency, known as the G.R.U. Still others were made up of Russian contractors working at the behest of Moscow.

Russian cyberattacks surged last year, starting three months after Mr. Trump took office.

American officials and private cybersecurity experts uncovered a series of Russian attacks aimed at the energy, water and aviation sectors and critical manufacturing, including nuclear plants, in the United States and Europe. In its urgent report in June, the Department of Homeland Security and the F.B.I. notified operators about the attacks but stopped short of identifying Russia as the culprit.

By then, Russian spies had compromised the business networks of several American energy, water and nuclear plants, mapping out their corporate structures and computer networks.

They included that of the Wolf Creek Nuclear Operating Corporation, which runs a nuclear plant near Burlington, Kan. But in that case, and those of other nuclear operators, Russian hackers had not leapt from the company’s business networks into the nuclear plant controls.

Forensic analysis suggested that Russian spies were looking for inroads — although it was not clear whether the goal was to conduct espionage or sabotage, or to trigger an explosion of some kind.

In a report made public in October, Symantec noted that a Russian hacking unit “appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so.”

The United States sometimes does the same thing. It bored deeply into Iran’s infrastructure before the 2015 nuclear accord, placing digital “implants” in systems that would enable it to bring down power grids, command-and-control systems and other infrastructure in case a conflict broke out. The operation was code-named “Nitro Zeus,” and its revelation made clear that getting into the critical infrastructure of adversaries is now a standard element of preparing for possible conflict.

Reconstructed screenshot fragments of a Human Machine Interface that the threat actors accessed, according to DHS

Sanctions Announced

The US treasury department has imposed sanctions on 19 Russian people and five groups, including Moscow’s intelligence services, for meddling in the US 2016 presidential election and other malicious cyberattacks.

Russia, for its part, has vowed to retaliate against the new sanctions.

The new sanctions focus on five Russian groups, including the Russian Federal Security Service, the country’s military intelligence apparatus, and the digital propaganda outfit called the Internet Research Agency, as well as 19 people, some of them named in the indictment related to election meddling released by special counsel Robert Mueller last month.

In announcing the sanctions, which will generally ban U.S. people and financial institutions from doing business with those people and groups, the Treasury Department pointed to alleged Russian election meddling, involvement in the infrastructure hacks, and the NotPetya malware, which the Treasury Department called “the most destructive and costly cyberattack in history.”

The new sanctions come amid ongoing criticism of the Trump administration’s reluctance to punish Russia for cyber and election meddling. Sen. Mark Warner (D-Va.) said that, ahead of the 2018 mid-term elections, the administration’s decision was long overdue but not enough. “Nearly all of the entities and individuals who were sanctioned today were either previously under sanction during the Obama Administration, or had already been charged with federal crimes by the Special Counsel,” Warner said.

Warning: The Russians Are Coming

In an updated warning to utility companies, DHS/FBI officials included a screenshot taken by Russian operatives that proved they could now gain access to their victims’ critical controls, prompting a renewed focus on protecting the U.S. power grid among operators.

American officials and security firms, including Symantec and CrowdStrike, believe that Russian attacks on the Ukrainian power grid in 2015 and 2016 that left more than 200,000 citizens there in the dark are an ominous sign of what the Russian cyberstrikes may portend in the United States and Europe in the event of escalating hostilities.

Private security firms have tracked the Russian government assaults on Western power and energy operators — conducted alternately by groups under the names Dragonfly campaigns alongside Energetic Bear and Berserk Bear — since 2011, when they first started targeting defense and aviation companies in the United States and Canada.

By 2013, researchers had tied the Russian hackers to hundreds of attacks on the U.S. power grid and oil and gas pipeline operators in the United States and Europe. Initially, the strikes appeared to be motivated by industrial espionage — a natural conclusion at the time, researchers said, given the importance of Russia’s oil and gas industry.

But by December 2015, the Russian hacks had taken an aggressive turn. The attacks were no longer aimed at intelligence gathering, but at potentially sabotaging or shutting down plant operations.

At Symantec, researchers discovered that Russian hackers had begun taking screenshots of the machinery used in energy and nuclear plants, and stealing detailed descriptions of how they operated — suggesting they were conducting reconnaissance for a future attack.

Eventhough the US government enacted sanctions, cybersecurity experts are still questioning where the Russian attacks could lead, given that the United States was sure to respond in kind.

“Russia certainly has the technical capability to do damage, as it demonstrated in the Ukraine,” said Eric Cornelius, a cybersecurity expert at Cylance, a private security firm, who previously assessed critical infrastructure threats for the Department of Homeland Security during the Obama administration.

“It is unclear what their perceived benefit would be from causing damage on U.S. soil, especially given the retaliation it would provoke,” Mr. Cornelius said.

Though a major step toward deterrence, publicly naming countries accused of cyberattacks still is unlikely to shame them into stopping. The United States is struggling to come up with proportionate responses to the wide variety of cyberespionage, vandalism and outright attacks.

Lt. Gen. Paul Nakasone, who has been nominated as director of the National Security Agency and commander of United States Cyber Command, the military’s cyberunit, said during his recent Senate confirmation hearing, that countries attacking the United States so far have little to worry about.

“I would say right now they do not think much will happen to them,” General Nakasone said. He later added, “They don’t fear us.”

Related News

• Electricity Forum News

• Grid Technologies News

Massachusetts Solar Net Metering faces new demand charges and elimination of residential time-of-use rates under an MDPU order, as Eversource cites grid cost fairness while clean energy advocates warn of impacts on distributed solar growth.

Key Points

Policy letting solar customers net out usage with exports; MDPU now adds demand charges and ends TOU rates.

✅ New residential solar demand charges start Dec 31, 2018.

✅ Optional residential TOU rates eliminated by MDPU order.

✅ Eversource cites grid cost fairness; advocates warn slower solar.

A recent Massachusetts Department of Public Utilities' rate case order changes the way solar net metering works and eliminates optional residential time-of-use rates, stirring controversy between clean energy advocates and utility Eversource and potential consumer backlash over rate design.

"There is a lot of room to talk about what net-energy metering should look like, but a demand charge is an unfair way to charge customers," Mark LeBel, staff attorney at non-profit clean energy advocacy organization Acadia Center, said in a Tuesday phone call. Acadia Center is an intervenor in the rate case and opposed the changes.

The Friday MDPU order implements demand charges for new residential solar projects starting on December 31, 2018. Such charges are based on the highest peak hourly consumption over the course of a month, regardless of what time the power is consumed.

Eversource contends the demand charge will more fairly distribute the costs of maintaining the local power grid, echoing minimum charge proposals aimed at low-usage customers. Net metering is often criticized for not evenly distributing those costs, which are effectively subsidized by non-net-metered customers.

"What the demand charge will do is eliminate, to the extent possible, the unfair cross subsidization by non-net-metered customers that currently exists with rates that only have kilowatt-hour charges and no kilowatt demand, Mike Durand, Eversource spokesman, said in a Tuesday email. 

"For net metered facilities that use little kilowatt-hours, a demand charge is a way to charge them for their fair share of the cost of the significant maintenance and upgrade work we do on the local grid every day," Durand said. "Currently, their neighbors are paying more than their share of those costs."

It will not affect existing facilities, Durand said, only those installed after December 31, 2018.

Solar advocates are not enthusiastic about the change and see it slowing the growth of solar power, particularly residential rooftop solar, in the state.

"This is a terrible outcome for the future of solar in Massachusetts," Nathan Phelps, program manager of distributed generation and regulatory policy at solar power advocacy group Vote Solar, said in a Tuesday phone call.

"It's very inconsistent with DPU precedent and numerous pieces of legislation passed in the last 10 years," Phelps said. "The commonwealth has passed several pieces of legislation that are supportive of renewable energy and solar power. I don't know what the DPU was thinking."

 

TIME-OF-USE PRICING ELIMINATED

It does not matter when during the month peak demand occurs -- which could be during the week in the evening -- customers will be charged the same as they would on a hot summer day, LeBel said. Because an individual customer's peak usage does not necessarily correspond to peak demand across the utility's system, consumers are not being provided incentives to reduce energy usage in a way that could benefit the power system, Acadia Center said in a Tuesday statement.

However, Eversource maintains that residential customer distribution peaks based on customer load profiles do not align with basic service peak periods, which are based on Independent System Operator New England's peaks that reflect market-based pricing, even as a Connecticut market overhaul advances in the region, according to the MDPU order.

"The residential Time of Use rates we're eliminating are obsolete, having been designed decades ago when we were responsible for both the generation and the delivery of electricity," Eversource's Durand said.

"We are no longer in the generation business, having divested of our generation assets in Massachusetts in compliance with the law that restructured of our industry back in the late 1990s. Time Varying pricing is best used with generation rates, where the price for electricity changes based on time of day and electricity demand and can significantly alter electric bills for households," he said.

Additionally, only 0.02% of residential customers take service on Eversource's TOU rates and it would be difficult for residential customers to avoid peak period rates because they do not have the ability to shift or reduce load, according to the order.

"The Department allowed the Companies' proposal to eliminate their optional residential TOU rates in order to consolidate and align their residential rates and tariffs to better achieve the rate structure goal of simplicity," the MDPU said in the order.

Related News

• Electricity Forum News

• Energy Policy News