Consumers in Power Markets Will Soon Change the Industry

Massachusetts Solar Net Metering faces new demand charges and elimination of residential time-of-use rates under an MDPU order, as Eversource cites grid cost fairness while clean energy advocates warn of impacts on distributed solar growth.

Key Points

Policy letting solar customers net out usage with exports; MDPU now adds demand charges and ends TOU rates.

✅ New residential solar demand charges start Dec 31, 2018.

✅ Optional residential TOU rates eliminated by MDPU order.

✅ Eversource cites grid cost fairness; advocates warn slower solar.

A recent Massachusetts Department of Public Utilities' rate case order changes the way solar net metering works and eliminates optional residential time-of-use rates, stirring controversy between clean energy advocates and utility Eversource and potential consumer backlash over rate design.

"There is a lot of room to talk about what net-energy metering should look like, but a demand charge is an unfair way to charge customers," Mark LeBel, staff attorney at non-profit clean energy advocacy organization Acadia Center, said in a Tuesday phone call. Acadia Center is an intervenor in the rate case and opposed the changes.

The Friday MDPU order implements demand charges for new residential solar projects starting on December 31, 2018. Such charges are based on the highest peak hourly consumption over the course of a month, regardless of what time the power is consumed.

Eversource contends the demand charge will more fairly distribute the costs of maintaining the local power grid, echoing minimum charge proposals aimed at low-usage customers. Net metering is often criticized for not evenly distributing those costs, which are effectively subsidized by non-net-metered customers.

"What the demand charge will do is eliminate, to the extent possible, the unfair cross subsidization by non-net-metered customers that currently exists with rates that only have kilowatt-hour charges and no kilowatt demand, Mike Durand, Eversource spokesman, said in a Tuesday email. 

"For net metered facilities that use little kilowatt-hours, a demand charge is a way to charge them for their fair share of the cost of the significant maintenance and upgrade work we do on the local grid every day," Durand said. "Currently, their neighbors are paying more than their share of those costs."

It will not affect existing facilities, Durand said, only those installed after December 31, 2018.

Solar advocates are not enthusiastic about the change and see it slowing the growth of solar power, particularly residential rooftop solar, in the state.

"This is a terrible outcome for the future of solar in Massachusetts," Nathan Phelps, program manager of distributed generation and regulatory policy at solar power advocacy group Vote Solar, said in a Tuesday phone call.

"It's very inconsistent with DPU precedent and numerous pieces of legislation passed in the last 10 years," Phelps said. "The commonwealth has passed several pieces of legislation that are supportive of renewable energy and solar power. I don't know what the DPU was thinking."

 

TIME-OF-USE PRICING ELIMINATED

It does not matter when during the month peak demand occurs -- which could be during the week in the evening -- customers will be charged the same as they would on a hot summer day, LeBel said. Because an individual customer's peak usage does not necessarily correspond to peak demand across the utility's system, consumers are not being provided incentives to reduce energy usage in a way that could benefit the power system, Acadia Center said in a Tuesday statement.

However, Eversource maintains that residential customer distribution peaks based on customer load profiles do not align with basic service peak periods, which are based on Independent System Operator New England's peaks that reflect market-based pricing, even as a Connecticut market overhaul advances in the region, according to the MDPU order.

"The residential Time of Use rates we're eliminating are obsolete, having been designed decades ago when we were responsible for both the generation and the delivery of electricity," Eversource's Durand said.

"We are no longer in the generation business, having divested of our generation assets in Massachusetts in compliance with the law that restructured of our industry back in the late 1990s. Time Varying pricing is best used with generation rates, where the price for electricity changes based on time of day and electricity demand and can significantly alter electric bills for households," he said.

Additionally, only 0.02% of residential customers take service on Eversource's TOU rates and it would be difficult for residential customers to avoid peak period rates because they do not have the ability to shift or reduce load, according to the order.

"The Department allowed the Companies' proposal to eliminate their optional residential TOU rates in order to consolidate and align their residential rates and tariffs to better achieve the rate structure goal of simplicity," the MDPU said in the order.

Related News

• Electricity Forum News

• Energy Policy News

California Ports Electric Truck Leasing accelerates zero-emission logistics, cutting diesel pollution at Los Angeles and Long Beach. A $250 million nonprofit plan funds heavy-duty EVs and charging infrastructure to improve air quality and community health.

Key Points

A nonprofit's $250M plan to lease EV trucks at LA/Long Beach ports to cut diesel emissions and improve air quality.

✅ $250M lease program for heavy-duty EVs at LA/Long Beach ports

✅ Cuts diesel emissions; improves air quality in nearby communities

✅ Requires robust charging infrastructure and OEM partnerships

In a significant move towards sustainable transportation, a prominent U.S. nonprofit has announced plans to invest $250 million in leasing electric trucks for operations at California ports. This initiative aims to reduce air pollution and promote greener logistics, responding to the urgent need for environmentally friendly solutions in the transportation sector.

Addressing Environmental Concerns

California’s ports, particularly the Port of Los Angeles and the Port of Long Beach, are among the busiest in the United States. However, they also contribute significantly to air pollution due to the heavy reliance on diesel trucks for cargo transport. These ports are essential for the economy, facilitating trade and commerce, but the environmental toll is considerable. Diesel emissions are linked to respiratory issues and other health problems in nearby communities, which often bear the brunt of pollution.

The nonprofit's investment in electric trucks is a critical step towards mitigating these environmental challenges. By transitioning to electric vehicles (EVs), the project aims to significantly cut emissions from port operations, contributing to California's broader goals of reducing greenhouse gas emissions and improving air quality.

The Scale of the Initiative

This ambitious initiative involves leasing a fleet of electric trucks that will operate within the ports and surrounding areas. The $250 million investment is expected to facilitate the acquisition of hundreds of electric vehicles, which will replace conventional diesel trucks used for cargo transport. This fleet will help demonstrate the viability and effectiveness of electric trucks in heavy-duty applications, paving the way for broader adoption.

The plan includes partnerships with established electric truck manufacturers, such as the Volvo VNR Electric platform, and local logistics companies to ensure seamless integration of these vehicles into existing operations. By collaborating with industry leaders, the initiative seeks to establish a model that can be replicated in other major logistics hubs across the country.

Economic and Community Benefits

The introduction of electric trucks is expected to yield multiple benefits, not only in terms of environmental impact but also economically. As these trucks begin operations, and as other fleets adopt electric mail trucks, they will create jobs within the green technology sector, from manufacturing to maintenance and charging infrastructure development. The project is anticipated to stimulate local economies, providing new opportunities in communities that have historically been disadvantaged by pollution.

Moreover, the initiative is poised to enhance public health. By reducing diesel emissions, the nonprofit aims to improve air quality for residents living near the ports, and emerging research links EV adoption to fewer asthma-related ER visits in local communities. This could lead to decreased healthcare costs associated with pollution-related illnesses, benefiting both the community and the healthcare system.

Challenges Ahead

While the initiative is promising, challenges remain. The successful implementation of electric trucks at scale requires a robust charging infrastructure capable of supporting the significant power needs of a large fleet. Additionally, the transition from diesel to electric vehicles involves significant upfront costs, even with leasing arrangements. Ensuring that logistics companies can manage these costs effectively will be crucial for the project's success.

Furthermore, electric trucks currently face limitations in terms of range and payload capacity compared to their diesel counterparts. Continued advancements in battery technology and infrastructure development will be necessary to fully realize the potential of electric vehicles in heavy-duty applications.

The Bigger Picture

This investment in electric trucks aligns with broader national and global efforts to combat climate change. As governments and organizations commit to reducing carbon emissions, initiatives like this one represent crucial steps toward achieving sustainability goals, and ports worldwide are also piloting complementary technologies like hydrogen-powered cranes to decarbonize cargo handling.

California has set ambitious targets for reducing greenhouse gas emissions, including a mandate for all new trucks to be zero-emission by 2045. The nonprofit’s investment not only supports these goals, amid ongoing debates over funding priorities in the state, but also serves as a pilot program that could inform future policies and investments in clean transportation.

The $250 million investment in electric trucks for California ports marks a significant milestone in the push for sustainable transportation solutions. By addressing the urgent need for cleaner logistics, this initiative stands to benefit the environment, public health, and the economy. As the project unfolds, it will be closely watched as a potential model for similar efforts across the country and beyond, with developments such as the all-electric berth at London Gateway illustrating parallel advances, highlighting the critical intersection of innovation, sustainability, and community well-being in the modern logistics landscape.

Related News

• Electricity Forum News

• EV Infrastructure News

U.S. Power Grid Cybersecurity combats DHS-FBI flagged threats to energy infrastructure, with PJM Interconnection using ICS/SCADA segmentation, phishing defenses, incident response, and resilience exercises against Russia-linked attacks and pipeline intrusions.

Key Points

Strategies, controls, and training that protect U.S. electric infrastructure from cyber threats and disruptions.

✅ ICS/SCADA network segmentation and zero-trust architecture

✅ Employee phishing drills and incident response playbooks

✅ DOE-led grid exercises and threat intelligence sharing

The joint alert from the FBI and Department of Homeland Security last month warning that Russia was hacking into critical U.S. energy infrastructure, as outlined in six essential reads on Russian hacks from recent coverage, came as no surprise to the nation’s largest grid operator, PJM Interconnection.

“You will never stop people from trying to get into your systems. That isn’t even something we try to do.” said PJM Chief Information Officer, Tom O’Brien. “People will always try to get into your systems. The question is, what controls do you have to not allow them to penetrate? And how do you respond in the event they actually do get into your system?”

PJM is the regional transmission organization for 65 million people, covering 13 states, including Pennsylvania, and Washington D.C.

On a rainy day in early April, about 10 people were working inside PJM’s main control center, outside Philadelphia, closely monitoring floor-to-ceiling digital displays showing real-time information from the electric power sector throughout PJM’s territory in the mid-Atlantic and parts of the midwest, amid reports that hackers accessed control rooms at U.S. utilities.

#google#

Donnie Bielak, a reliability engineering manager, was overseeing things from his office, perched one floor up.

“This is a very large, orchestrated effort that goes unnoticed most of the time,” Bielak said. “That’s a good thing.”

But the industry certainly did take notice in late 2015 and early 2016, when hackers successfully disrupted power to the Ukrainian grid. The outages lasted a few hours and affected about 225,000 customers. It was the first publicly-known case of a cyber attack causing major disruptions to a power grid. It was widely blamed on Russia.

One of the many lessons of the Ukraine attacks was a reminder to people who work on critical infrastructure to keep an eye out for odd communications.

“A very large percentage of entry points to attacks are coming through emails,” O’Brien said. “That’s why PJM, as well as many others, have aggressive phishing campaigns. We’re training our employees.”

O’Brien doesn’t want to get into specifics about how PJM deals with cyber threats. But one common way to limit exposure is by having separate systems: For example, industrial controls in a power plant are not connected to corporate business networks, a separation underscored after breaches at U.S. power plants prompted reviews across the sector.

Since 2011, North American grid operators and government agencies have also done large, security exercises every two years. Thousands of people practice how they’d respond to a coordinated physical or cyber event, including rising substation attacks that highlight resilience gaps.

So far, nothing like that has happened in the U.S. It’s possible, but not likely, according to Robert M. Lee, a former military intelligence analyst, who runs the industrial cybersecurity firm Dragos.

“The more complex the system, the harder it is to have a scalable attack,” said Lee, who co-authored a report analyzing the Ukraine attacks. “If you wanted to take out a power generation station– that isn’t the most complex thing. Let’s say you cause an hour of outage. But now you want to cause two months of outages? That’s an exponential increase in effort required.”

For example, he said, it would very difficult for hackers to knock out power to the entire east coast for a long time. But briefly disrupting a major city is easier. That’s the sort of thing that keeps him up at night.

“I worry about an adversary getting into, maybe, Washington D.C.’s portion of the grid, taking down power for 30 minutes,” he said.

The Department of Energy is creating a new office focused on cybersecurity and emergency response, following the U.S. government’s condemnation of power grid hacking by Russia.

Deterrence may be one reason why there has not yet been a major attack on the U.S. grid, said John MacWilliams, a former senior DOE official who’s now a fellow at Columbia University’s Center on Global Energy Policy.

“That’s obviously an act of war,” he said. “We have the capability of responding either through cyber mechanisms or kinetic military.”

In the meantime, small-scale incidents keep happening.

This spring, another cyber attack targeted natural gas pipelines. Four companies shut down their computer systems, just in case, but they say no service was disrupted.

Related News

• Electricity Forum News

• Grid Technologies News

Smart solar inverters anchor DER communications and control, meeting IEEE 1547 and California Rule 21 for volt/VAR, reactive power, and ride-through, expanding hosting capacity and enabling grid services via secure real-time telemetry and commands.

Key Points

Smart solar inverters use IEEE 1547, volt/VAR and reactive power to stabilize circuits and integrate DER safely.

✅ Meet IEEE 1547, Rule 21 ride-through and volt/VAR functions

✅ Support reactive power to manage voltage and hosting capacity

✅ Enable utility communications, telemetry, and grid services

Advanced solar inverters could be one of the biggest distributed energy resource communications and control points out there someday. With California now requiring at least early-stage “smart” capabilities from all new solar projects — and a standards road map for next-stage efforts like real-time communications and active controls — this future now has a template.

There are still a lot of unanswered questions about how smart inverters will be used.

That was the consensus at Intersolar this week, where experts discussed the latest developments on the U.S. smart solar inverter front. After years of pilot projects, multi-stakeholder technical working groups, and slow and steady standards development, solar smart inverters are finally starting to hit the market en masse — even if it’s not yet clear just what will be done with them once they’re installed.

“From the technical perspective, the standards are firm,” Roger Salas, distribution engineering manager for Southern California Edison, said. In September of last year, his utility started requiring that all new solar installations come with “Phase 1" advanced inverter functionality, as defined under the state’s Rule 21.

Later this month, it’s going to start requiring “reactive power priority” for these inverters, and in February 2019, it’s going to start requiring that inverters support the communications capabilities described in “Phase 2,” as well as some more advanced “Phase 3” capabilities.

Increasing hosting capacity: A win-win for solar and utilities

Each of these phases aligns with a different value proposition for smart inverters. The first phase is largely preventative, aimed at solving the kinds of problems that have forced costly upgrades to how inverters operate in solar-heavy Germany and Hawaii.

The key standard in question in the U.S. is IEEE 1547, which sets the rules for what grid-connected DERs must do to stay safe, such as trip offline when the grid goes down, or avoid overloading local transformers or circuits.

The old version of the standard, however, had a lot of restrictive rules on tripping off during relatively common voltage excursions, which could cause real problems on circuits with a lot of solar dropping off all at once.

Phase 1 implementation of IEEE 1547 is all about removing these barriers, Salas said. “They need to be stable, they need to be connected, they need to be able to support the grid.”

This should increase hosting capacity on circuits that would have otherwise been constrained by these unwelcome behaviors, he said.

Reactive power: Where utility and solar imperatives collide

The old versions of IEEE 1547 also didn’t provide rules for how inverters could use one of their more flexible capabilities: the ability to inject or absorb reactive power to mitigate voltage fluctuations, including those that may be caused by the PV itself. The new version opens up this capability, which could allow for an active application of reactive power to further increase hosting capacity, as well as solve other grid edge challenges for utilities.

But where utilities see opportunity, the solar industry sees a threat. Every unit of reactive power comes at the cost of a reduction in the real power output of solar inverters — and almost every solar installation out there is paid based on the real power it produces.

“If you’re tasked to do things that rob your energy sales, that will reduce compensation,” noted Ric O'Connell, executive director of the Oakland, Calif.-based GridLab. “And a lot of systems have third-party owners — the Sunruns, the Teslas — with growing Powerwall fleets — that have contracts, performance guarantees, and they want to get those financed. It’s harder to do that if there’s uncertainty in the future with curtailment."

“That’s the bottleneck right now,” said Daniel Munoz-Alvarez, a GTM Research grid edge analyst. “As we develop markets on the retail end for ...volt/VAR control to be compensated on the grid edge and that is compensated back to the customer, then the customer will be more willing to allow the utility to control their smart inverters or to allow some automation.”

But first, he said, “We need some agreed-upon functions.”

The future: Communications, controls and DER integration

The next stage of smart inverter functionality is establishing communications with the utility. After that, utilities will be able use them to monitor key DER data, or issue disconnect and reconnect commands in emergencies, as well as actively orchestrate other utility devices and systems through emerging virtual power plant strategies across their service areas.

This last area is where Salas sees the greatest opportunity to putting mass-market smart solar inverters to use. “If you want to maximize the DERs and what they can do, the need information from the grid. And DERs provide operational and capability information to the utility.”

Inverter makers have already been forced by California to enable the latest IEEE 1547 capabilities into their existing controls systems — but they are clearly embracing the role that their devices can play on the grid as well. Microinverter maker Enphase leveraged its work in Hawaii into a grid services business, seeking to provide data to utilities where they already had a significant number of installations. While Enphase has since scaled back dramatically, its main rival SolarEdge has taken up the same challenge, launching its own grid services arm earlier this summer.

Inverters have been technically capable of doing most of these things for a long time. But utilities and regulators have been waiting for the completion of IEEE 1547 to move forward decisively. Patrick Dalton, senior engineer for Xcel Energy, said his company’s utilities in Colorado and Minnesota are still several years away from mandating advanced inverter capabilities and are waiting for California’s energy transition example in order to choose a path forward.

In the meantime, it’s possible that Xcel's front-of-meter volt/VAR optimization investments in Colorado, including grid edge devices from startup Varentec, could solve many of the issues that have been addressed by smart inverter efforts in Hawaii and California, he noted.

The broader landscape for rolling out smart inverters for solar installations hasn’t changed much, with Hawaii and California still out ahead of the pack, while territories such as Puerto Rico microgrid rules evolve to support resilience. Arizona is the next most important state, with a high penetration of distributed solar, a contentious policy climate surrounding its proper treatment in future years, and a big smart inverter pilot from utility Arizona Public Service to inform stakeholders.

All told, eight separate smart inverter pilots are underway across eight states at present, according to GTM Research: Pacific Gas & Electric and San Diego Gas & Electric in California; APS and Salt River Project in Arizona; Hawaiian Electric in Hawaii; Duke Energy in North Carolina; Con Edison in New York; and a three-state pilot funded by the Department of Energy’s SunShot program and led by the Electric Power Research Institute.

Related News

• Electricity Forum News

• Grid Technologies News

Russia Bitcoin Mining Ban highlights electricity deficits, grid stability concerns, and sustainability challenges, prompting stricter cryptocurrency regulation as mining operations in Siberia face shutdowns, relocations, and renewed focus on energy efficiency and resource allocation.

Key Points

Policy halting Bitcoin mining in key regions to ease electricity deficits, stabilize the grid, and prioritize energy.

✅ Targets high-load regions like Siberia facing electricity deficits

✅ Protects residential and industrial energy security, limits outages

✅ Prompts miner relocations, regulation, and potential renewables

In a significant shift in its stance on cryptocurrency, Russia has announced plans to ban Bitcoin mining in several key regions, primarily due to rising electricity deficits. This move highlights the ongoing tensions between energy management and the growing demand for cryptocurrency mining, which has sparked a robust debate about sustainability and resource allocation in the country.

Background on Bitcoin Mining in Russia

Russia has long been a major player in the global cryptocurrency landscape, particularly in Bitcoin mining. The country’s vast and diverse geography offers ample opportunities for mining, with several regions boasting low electricity costs and cooler climates that are conducive to operating the high-powered computers used for mining, similar to Iceland's mining boom in cold regions.

However, the boom in mining activities has put a strain on local electricity grids, as seen with BC Hydro suspensions in Canada, particularly as demand for energy continues to rise. This situation has become increasingly untenable, leading government officials to reconsider the viability of allowing large-scale mining operations.

Reasons for the Ban

The decision to ban Bitcoin mining in certain regions stems from a growing electricity deficit that has been exacerbated by both rising temperatures and increased energy consumption. Reports indicate that some regions are struggling to meet domestic energy needs, and jurisdictions like Manitoba's pause on crypto connections reflect similar grid concerns, particularly during peak consumption periods. Officials have expressed concern that continuing to support cryptocurrency mining could lead to blackouts and further strain on the electrical infrastructure.

Additionally, this ban is seen as a measure to redirect energy resources toward more critical sectors, including residential heating and industrial needs. By curbing Bitcoin mining, the government aims to prioritize the energy security of its citizens and maintain stability within its energy markets and the wider global electricity market dynamics.

Regional Impact

The regions targeted by the ban include areas that have seen a significant influx of mining operations, often attracted by the low costs of electricity. For instance, Siberia, known for its abundant natural resources and inexpensive power, has become a major center for miners. The ban is likely to have profound implications for local economies that have come to rely on the influx of investments from cryptocurrency companies.

Many miners are expected to be affected financially as they may have to halt operations or relocate to regions with more favorable regulations. This could lead to job losses and a decline in local business activities that have sprung up around the mining industry, such as hardware suppliers and tech services.

Broader Implications for Cryptocurrency in Russia

This ban reflects a broader trend within Russia’s approach to cryptocurrencies. While the government has been cautious about outright banning digital currencies, it has simultaneously sought to regulate the industry more stringently. Recent legislation has aimed to establish a legal framework for cryptocurrencies, focusing on taxation and oversight while navigating the balance between innovation and regulation.

As other countries around the world grapple with the implications of cryptocurrency mining, Russia’s decision adds to the narrative of the challenges associated with energy consumption in this sector. The international community is increasingly aware of the environmental impact of Bitcoin mining, which has come under fire for its significant energy use and carbon footprint.

Future of Mining in Russia

Looking ahead, the future of Bitcoin mining in Russia remains uncertain. While some regions may implement strict bans, others could potentially embrace a more regulated approach to mining, provided it aligns with energy availability and environmental considerations. The country’s vast landscape offers opportunities for innovative solutions, such as utilizing renewable energy sources, even as India's solar growth slows amid rising coal generation, to power mining operations.

As global attitudes toward cryptocurrency evolve, Russia will likely continue to adapt its policies in response to both domestic energy needs and international pressures, including Europe's shift away from Russian energy that influence policy choices. The balance between fostering a competitive cryptocurrency market and ensuring energy sustainability will be a key challenge for Russian policymakers moving forward.

Russia’s decision to ban Bitcoin mining in key regions marks a pivotal moment in the intersection of cryptocurrency and energy management. As the nation navigates its energy deficits, the implications for the mining industry and the broader cryptocurrency landscape will be significant. This move not only underscores the need for responsible energy consumption in the digital age but also reflects the complexities of integrating emerging technologies within existing frameworks of governance and infrastructure. As the situation unfolds, all eyes will be on how Russia balances innovation with sustainability in its approach to cryptocurrency.

Related News

• Electricity Forum News

• Renewable Energy News

Russian Cyberattacks on U.S. Critical Infrastructure target energy grids, nuclear plants, water systems, and aviation, DHS and FBI warn, using spear phishing, malware, and ICS/SCADA intrusion to gain footholds for potential sabotage and disruption.

Key Points

State-backed hacks targeting U.S. energy, nuclear, water and aviation via phishing and ICS access for sabotage.

✅ DHS and FBI detail multi-stage intrusion since 2016

✅ Targets include energy, nuclear, water, aviation, manufacturing

✅ TTPs: spear phishing, lateral movement, ICS reconnaissance

Russia is attacking the U.S. energy grid, with reported power plant breaches unfolding alongside attacks on nuclear facilities, water processing plants, aviation systems, and other critical infrastructure that millions of Americans rely on, according to a new joint analysis by the FBI and the Department of Homeland Security.

In an unprecedented alert, the US Department of Homeland Security (DHS) and FBI have warned of persistent attacks by Russian government hackers on critical US government sectors, including energy, nuclear, commercial facilities, water, aviation and manufacturing.

The alert details numerous attempts extending back to March 2016 when Russian cyber operatives targeted US government and infrastructure.

The DHS and FBI said: “DHS and FBI characterise this activity as a multi-stage intrusion campaign by Russian government cyber-actors who targeted small commercial facilities’ networks, where they staged malware, conducted spear phishing and gained remote access into energy sector networks.

“After obtaining access, the Russian government cyber-actors conducted network reconnaissance, moved laterally and collected information pertaining to industrial control systems.”

The Trump administration has accused Russia of engineering a series of cyberattacks that targeted American and European nuclear power plants and water and electric systems, and could have sabotaged or shut power plants off at will.

#google#

United States officials and private security firms saw the attacks as a signal by Moscow that it could disrupt the West’s critical facilities in the event of a conflict.

They said the strikes accelerated in late 2015, at the same time the Russian interference in the American election was underway. The attackers had compromised some operators in North America and Europe by spring 2017, after President Trump was inaugurated.

In the following months, according to the DHS/FBI report, Russian hackers made their way to machines with access to utility control rooms and critical control systems at power plants that were not identified. The hackers never went so far as to sabotage or shut down the computer systems that guide the operations of the plants.

Still, new computer screenshots released by the Department of Homeland Security have made clear that Russian state hackers had the foothold they would have needed to manipulate or shut down power plants.

“We now have evidence they’re sitting on the machines, connected to industrial control infrastructure, that allow them to effectively turn the power off or effect sabotage,” said Eric Chien, a security technology director at Symantec, a digital security firm.

“From what we can see, they were there. They have the ability to shut the power off. All that’s missing is some political motivation,” Mr. Chien said.

American intelligence agencies were aware of the attacks for the past year and a half, and the Department of Homeland Security and the F.B.I. first issued urgent warnings to utility companies in June, 2017. Both DHS/FBI have now offered new details as the Trump administration imposed sanctions against Russian individuals and organizations it accused of election meddling and “malicious cyberattacks.”

It was the first time the administration officially named Russia as the perpetrator of the assaults. And it marked the third time in recent months that the White House, departing from its usual reluctance to publicly reveal intelligence, blamed foreign government forces for attacks on infrastructure in the United States.

In December, the White House said North Korea had carried out the so-called WannaCry attack that in May paralyzed the British health system and placed ransomware in computers in schools, businesses and homes across the world. Last month, it accused Russia of being behind the NotPetya attack against Ukraine last June, the largest in a series of cyberattacks on Ukraine to date, paralyzing the country’s government agencies and financial systems.

But the penalties have been light. So far, President Trump has said little to nothing about the Russian role in those attacks.

The groups that conducted the energy attacks, which are linked to Russian intelligence agencies, appear to be different from the two hacking groups that were involved in the election interference.

That would suggest that at least three separate Russian cyberoperations were underway simultaneously. One focused on stealing documents from the Democratic National Committee and other political groups. Another, by a St. Petersburg “troll farm” known as the Internet Research Agency, used social media to sow discord and division. A third effort sought to burrow into the infrastructure of American and European nations.

For years, American intelligence officials tracked a number of Russian state-sponsored hacking units as they successfully penetrated the computer networks of critical infrastructure operators across North America and Europe, including in Ukraine.

Some of the units worked inside Russia’s Federal Security Service, the K.G.B. successor known by its Russian acronym, F.S.B.; others were embedded in the Russian military intelligence agency, known as the G.R.U. Still others were made up of Russian contractors working at the behest of Moscow.

Russian cyberattacks surged last year, starting three months after Mr. Trump took office.

American officials and private cybersecurity experts uncovered a series of Russian attacks aimed at the energy, water and aviation sectors and critical manufacturing, including nuclear plants, in the United States and Europe. In its urgent report in June, the Department of Homeland Security and the F.B.I. notified operators about the attacks but stopped short of identifying Russia as the culprit.

By then, Russian spies had compromised the business networks of several American energy, water and nuclear plants, mapping out their corporate structures and computer networks.

They included that of the Wolf Creek Nuclear Operating Corporation, which runs a nuclear plant near Burlington, Kan. But in that case, and those of other nuclear operators, Russian hackers had not leapt from the company’s business networks into the nuclear plant controls.

Forensic analysis suggested that Russian spies were looking for inroads — although it was not clear whether the goal was to conduct espionage or sabotage, or to trigger an explosion of some kind.

In a report made public in October, Symantec noted that a Russian hacking unit “appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so.”

The United States sometimes does the same thing. It bored deeply into Iran’s infrastructure before the 2015 nuclear accord, placing digital “implants” in systems that would enable it to bring down power grids, command-and-control systems and other infrastructure in case a conflict broke out. The operation was code-named “Nitro Zeus,” and its revelation made clear that getting into the critical infrastructure of adversaries is now a standard element of preparing for possible conflict.

Reconstructed screenshot fragments of a Human Machine Interface that the threat actors accessed, according to DHS

Sanctions Announced

The US treasury department has imposed sanctions on 19 Russian people and five groups, including Moscow’s intelligence services, for meddling in the US 2016 presidential election and other malicious cyberattacks.

Russia, for its part, has vowed to retaliate against the new sanctions.

The new sanctions focus on five Russian groups, including the Russian Federal Security Service, the country’s military intelligence apparatus, and the digital propaganda outfit called the Internet Research Agency, as well as 19 people, some of them named in the indictment related to election meddling released by special counsel Robert Mueller last month.

In announcing the sanctions, which will generally ban U.S. people and financial institutions from doing business with those people and groups, the Treasury Department pointed to alleged Russian election meddling, involvement in the infrastructure hacks, and the NotPetya malware, which the Treasury Department called “the most destructive and costly cyberattack in history.”

The new sanctions come amid ongoing criticism of the Trump administration’s reluctance to punish Russia for cyber and election meddling. Sen. Mark Warner (D-Va.) said that, ahead of the 2018 mid-term elections, the administration’s decision was long overdue but not enough. “Nearly all of the entities and individuals who were sanctioned today were either previously under sanction during the Obama Administration, or had already been charged with federal crimes by the Special Counsel,” Warner said.

Warning: The Russians Are Coming

In an updated warning to utility companies, DHS/FBI officials included a screenshot taken by Russian operatives that proved they could now gain access to their victims’ critical controls, prompting a renewed focus on protecting the U.S. power grid among operators.

American officials and security firms, including Symantec and CrowdStrike, believe that Russian attacks on the Ukrainian power grid in 2015 and 2016 that left more than 200,000 citizens there in the dark are an ominous sign of what the Russian cyberstrikes may portend in the United States and Europe in the event of escalating hostilities.

Private security firms have tracked the Russian government assaults on Western power and energy operators — conducted alternately by groups under the names Dragonfly campaigns alongside Energetic Bear and Berserk Bear — since 2011, when they first started targeting defense and aviation companies in the United States and Canada.

By 2013, researchers had tied the Russian hackers to hundreds of attacks on the U.S. power grid and oil and gas pipeline operators in the United States and Europe. Initially, the strikes appeared to be motivated by industrial espionage — a natural conclusion at the time, researchers said, given the importance of Russia’s oil and gas industry.

But by December 2015, the Russian hacks had taken an aggressive turn. The attacks were no longer aimed at intelligence gathering, but at potentially sabotaging or shutting down plant operations.

At Symantec, researchers discovered that Russian hackers had begun taking screenshots of the machinery used in energy and nuclear plants, and stealing detailed descriptions of how they operated — suggesting they were conducting reconnaissance for a future attack.

Eventhough the US government enacted sanctions, cybersecurity experts are still questioning where the Russian attacks could lead, given that the United States was sure to respond in kind.

“Russia certainly has the technical capability to do damage, as it demonstrated in the Ukraine,” said Eric Cornelius, a cybersecurity expert at Cylance, a private security firm, who previously assessed critical infrastructure threats for the Department of Homeland Security during the Obama administration.

“It is unclear what their perceived benefit would be from causing damage on U.S. soil, especially given the retaliation it would provoke,” Mr. Cornelius said.

Though a major step toward deterrence, publicly naming countries accused of cyberattacks still is unlikely to shame them into stopping. The United States is struggling to come up with proportionate responses to the wide variety of cyberespionage, vandalism and outright attacks.

Lt. Gen. Paul Nakasone, who has been nominated as director of the National Security Agency and commander of United States Cyber Command, the military’s cyberunit, said during his recent Senate confirmation hearing, that countries attacking the United States so far have little to worry about.

“I would say right now they do not think much will happen to them,” General Nakasone said. He later added, “They don’t fear us.”

Related News

• Electricity Forum News

• Grid Technologies News