Quebec government and Cascades invest in two energy efficiency projects

U.S. power grid cyberattacks expose critical infrastructure to Russian hackers, DHS warns, targeting SCADA, smart grid sensors, and utilities; NERC CIP defenses, microgrids, and resilience planning aim to mitigate outages and supply chain disruptions.

Key Points

U.S. power grid cyberattacks target utility control systems, risking outages, disruption, requiring stronger defenses.

✅ Russian access to utilities and SCADA raises outage risk

✅ NERC CIP, DHS, and utilities expand cyber defenses

✅ Microgrids and renewables enhance resilience, islanding capability

The U.S. Department of Homeland Security has revealed that Russian government hackers accessed control rooms at hundreds of U.S. electrical utility companies, gaining far more access to the operations of many more companies than previously disclosed by federal officials.

Securing the electrical grid, upon which is built almost the entirety of modern society, is a monumental challenge. Several experts have explained aspects of the task, potential solutions and the risks of failure for The Conversation:

1. What’s at stake?

The scale of disruption would depend, in part, on how much damage the attackers wanted to do. But a major cyberattack on the electricity grid could send surges through the grid, much as solar storms have done.

Those events, explains Rochester Institute of Technology space weather scholar Roger Dube, cause power surges, damaging transmission equipment. One solar storm in March 1989, he writes, left “6 million people without power for nine hours … [and] destroyed a large transformer at a New Jersey nuclear plant. Even though a spare transformer was nearby, it still took six months to remove and replace the melted unit.”

More serious attacks, like larger solar storms, could knock out manufacturing plants that build replacement electrical equipment, gas pumps to fuel trucks to deliver the material and even “the machinery that extracts oil from the ground and refines it into usable fuel. … Even systems that seem non-technological, like public water supplies, would shut down: Their pumps and purification systems need electricity.”

In the most severe cases, with fuel-starved transportation stalled and other basic infrastructure not working, “[p]eople in developed countries would find themselves with no running water, no sewage systems, no refrigerated food, and no way to get any food or other necessities transported from far away. People in places with more basic economies would also be without needed supplies from afar.”

2. It wouldn’t be the first time

Russia has penetrated other countries’ electricity grids in the past, and used its access to do real damage. In the middle of winter 2015, for instance, a Russian cyberattack shut off the power to Ukraine’s capital in the middle of winter 2015.

Power grid scholar Michael McElfresh at Santa Clara University discusses what happened to cause hundreds of thousands of Ukrainians to lose power for several hours, and notes that U.S. utilities use software similar to their Ukrainian counterparts – and therefore share the same vulnerabilities.

3. Security work is ongoing

These threats aren’t new, write grid security experts Manimaran Govindarasu from Iowa State and Adam Hahn from Washington State University. There are a lot of people planning defenses, including the U.S. government, as substation attacks are growing across the country. And the “North American Electric Reliability Corporation, which oversees the grid in the U.S. and Canada, has rules … for how electric companies must protect the power grid both physically and electronically.” The group holds training exercises in which utility companies practice responding to attacks.

4. There are more vulnerabilities now

Grid researcher McElfresh also explains that the grid is increasingly complex, with with thousands of companies responsible for different aspects of generating, transmission, and delivery to customers. In addition, new technologies have led companies to incorporate more sensors and other “smart grid” technologies. He describes how that, as a recent power grid report card underscores, “has created many more access points for penetrating into the grid computer systems.”

5. It’s time to ramp up efforts

The depth of access and potential control over electrical systems means there has never been a better time than right now to step up grid security amid a renewed focus on protecting the grid among policymakers and utilities, writes public-utility researcher Theodore Kury at the University of Florida. He notes that many of those efforts may also help protect the grid from storm damage and other disasters.

6. A possible solution could be smaller grids

One protective effort was identified by electrical engineer Joshua Pearce at Michigan Technological University, who has studied ways to protect electricity supplies to U.S. military bases both within the country and abroad. He found that the Pentagon has already begun testing systems, as the military ramps up preparation for major grid hacks, that combine solar-panel arrays with large-capacity batteries. “The equipment is connected together – and to buildings it serves – in what is called a ‘microgrid,’ which is normally connected to the regular commercial power grid but can be disconnected and become self-sustaining when disaster strikes.”

He found that microgrid systems could make military bases more resilient in the face of cyberattacks, criminals or terrorists and natural disasters – and even help the military “generate all of its electricity from distributed renewable sources by 2025 … which would provide energy reliability and decrease costs, [and] largely eliminate a major group of very real threats to national security.”

Related News

• Electricity Forum News

• Grid Technologies News

US Electricity Sales Decline amid population growth and GDP gains, as DOE links reduced per capita consumption to energy efficiency, warmer winters, appliances, and bulbs, while hotter summers and rising AC demand may offset savings.

Key Points

US electricity sales fell 3% since 2010 despite population and GDP growth, driven by efficiency gains and warmer winters.

✅ DOE links drops to efficiency and warmer winters

✅ Per capita residential use fell about 7% since 2010

✅ Rising AC demand may offset winter heating savings

Since 2010, the United States has grown by 17 million people, and the gross domestic product (GDP) has increased by $3.6 trillion. Yet in that same time span, electricity sales in the United States actually declined by 3%, according to data released by the U.S. Department of Energy (DOE), even as electricity prices rose at a 41-year pace nationwide.

The U.S. decline in electricity sales is remarkable given that the U.S. population increased by 5.8% in that same time span. This means that per capita electricity use fell even more than that; indeed, the Department of Energy pegs residential electricity sales per capita as having declined by 7%, even as inflation-adjusted residential bills rose 5% in 2022 nationwide.

There are likely multiple reasons for this decline in electricity sales. Department of Energy analysts suggest that, at least in part, it is due to increased adoption of energy-efficient appliances and bulbs, like compact fluorescents. Indeed, the DOE notes that there is a correlation between consumer spending on “energy efficiency” and a reduction in per capita electricity sales, while utilities invest more in delivery infrastructure to modernize the grid.

Yet the DOE also notes that states with a greater increase in warm weather days had a corresponding decrease in electricity sales, as milder weather can reduce power demand across years. In southern states, the effect was most dramatic: for instance, from 2010 to 2016, Florida had a 56% decrease in cold weather days that would require heating and as a result, saw a 9% decrease in per capita electricity sales.

The moral is that warm winters save on electricity. But if global temperatures continue to rise, and summers become hotter, too, this decrease in winter heating spending may be offset by the increased need to run air conditioning in the summer, and given how electricity and natural gas prices interact, overall energy costs could shift. Indeed, it takes far more energy to cool a room than it does to heat it, for reasons related to the basic laws of thermodynamics. 

Related News

• Electricity Forum News

• Energy Policy News

Massachusetts Solar Net Metering faces new demand charges and elimination of residential time-of-use rates under an MDPU order, as Eversource cites grid cost fairness while clean energy advocates warn of impacts on distributed solar growth.

Key Points

Policy letting solar customers net out usage with exports; MDPU now adds demand charges and ends TOU rates.

✅ New residential solar demand charges start Dec 31, 2018.

✅ Optional residential TOU rates eliminated by MDPU order.

✅ Eversource cites grid cost fairness; advocates warn slower solar.

A recent Massachusetts Department of Public Utilities' rate case order changes the way solar net metering works and eliminates optional residential time-of-use rates, stirring controversy between clean energy advocates and utility Eversource and potential consumer backlash over rate design.

"There is a lot of room to talk about what net-energy metering should look like, but a demand charge is an unfair way to charge customers," Mark LeBel, staff attorney at non-profit clean energy advocacy organization Acadia Center, said in a Tuesday phone call. Acadia Center is an intervenor in the rate case and opposed the changes.

The Friday MDPU order implements demand charges for new residential solar projects starting on December 31, 2018. Such charges are based on the highest peak hourly consumption over the course of a month, regardless of what time the power is consumed.

Eversource contends the demand charge will more fairly distribute the costs of maintaining the local power grid, echoing minimum charge proposals aimed at low-usage customers. Net metering is often criticized for not evenly distributing those costs, which are effectively subsidized by non-net-metered customers.

"What the demand charge will do is eliminate, to the extent possible, the unfair cross subsidization by non-net-metered customers that currently exists with rates that only have kilowatt-hour charges and no kilowatt demand, Mike Durand, Eversource spokesman, said in a Tuesday email. 

"For net metered facilities that use little kilowatt-hours, a demand charge is a way to charge them for their fair share of the cost of the significant maintenance and upgrade work we do on the local grid every day," Durand said. "Currently, their neighbors are paying more than their share of those costs."

It will not affect existing facilities, Durand said, only those installed after December 31, 2018.

Solar advocates are not enthusiastic about the change and see it slowing the growth of solar power, particularly residential rooftop solar, in the state.

"This is a terrible outcome for the future of solar in Massachusetts," Nathan Phelps, program manager of distributed generation and regulatory policy at solar power advocacy group Vote Solar, said in a Tuesday phone call.

"It's very inconsistent with DPU precedent and numerous pieces of legislation passed in the last 10 years," Phelps said. "The commonwealth has passed several pieces of legislation that are supportive of renewable energy and solar power. I don't know what the DPU was thinking."

 

TIME-OF-USE PRICING ELIMINATED

It does not matter when during the month peak demand occurs -- which could be during the week in the evening -- customers will be charged the same as they would on a hot summer day, LeBel said. Because an individual customer's peak usage does not necessarily correspond to peak demand across the utility's system, consumers are not being provided incentives to reduce energy usage in a way that could benefit the power system, Acadia Center said in a Tuesday statement.

However, Eversource maintains that residential customer distribution peaks based on customer load profiles do not align with basic service peak periods, which are based on Independent System Operator New England's peaks that reflect market-based pricing, even as a Connecticut market overhaul advances in the region, according to the MDPU order.

"The residential Time of Use rates we're eliminating are obsolete, having been designed decades ago when we were responsible for both the generation and the delivery of electricity," Eversource's Durand said.

"We are no longer in the generation business, having divested of our generation assets in Massachusetts in compliance with the law that restructured of our industry back in the late 1990s. Time Varying pricing is best used with generation rates, where the price for electricity changes based on time of day and electricity demand and can significantly alter electric bills for households," he said.

Additionally, only 0.02% of residential customers take service on Eversource's TOU rates and it would be difficult for residential customers to avoid peak period rates because they do not have the ability to shift or reduce load, according to the order.

"The Department allowed the Companies' proposal to eliminate their optional residential TOU rates in order to consolidate and align their residential rates and tariffs to better achieve the rate structure goal of simplicity," the MDPU said in the order.

Related News

• Electricity Forum News

• Energy Policy News

US Electricity Demand Stagnation reflects decoupling from GDP as TVA's IRP revises outlook, with energy efficiency, distributed generation, renewables, and cheap natural gas undercutting coal, reshaping utility business models and accelerating grid modernization.

Key Points

US electricity demand stagnation is flat load growth driven by efficiency, DG, and decoupling from GDP.

✅ Flat sales pressure IOU profits and legacy baseload investments.

✅ Efficiency and rooftop solar reduce load growth and capacity needs.

✅ Utilities must pivot to services, DER orchestration, and grid software.

The US electricity sector is in a period of unprecedented change and turmoil, with emerging utility trends reshaping strategies across the industry today. Renewable energy prices are falling like crazy. Natural gas production continues its extraordinary surge. Coal, the golden child of the current administration, is headed down the tubes.

In all that bedlam, it’s easy to lose sight of an equally important (if less sexy) trend: Demand for electricity is stagnant.

Thanks to a combination of greater energy efficiency, outsourcing of heavy industry, and customers generating their own power on site, demand for utility power has been flat for 10 years, with COVID-19 electricity demand underscoring recent variability and long-run stagnation, and most forecasts expect it to stay that way. The die was cast around 1998, when GDP growth and electricity demand growth became “decoupled”:

This historic shift has wreaked havoc in the utility industry in ways large and small, visible and obscure. Some of that havoc is high-profile and headline-making, as in the recent requests from utilities (and attempts by the Trump administration) to bail out large coal and nuclear plants amid coal and nuclear industry disruptions affecting power markets and reliability.

Some of it, however, is unfolding in more obscure quarters. A great example recently popped up in Tennessee, where one utility is finding its 20-year forecasts rendered archaic almost as soon as they are released.

Falling demand has TVA moving up its planning process

Every five years, the Tennessee Valley Authority (TVA) — the federally owned regional planning agency that, among other things, supplies electricity to Tennessee and parts of surrounding states — develops an Integrated Resource Plan (IRP) meant to assess what it requires to meet customer needs for the next 20 years.

The last IRP, completed in 2015, anticipated that there would be no need for major new investment in baseload (coal, nuclear, and hydro) power plants; it foresaw that energy efficiency and distributed (customer-owned) energy generation would hold down demand.

Even so, TVA underestimated. Just three years later, the Times Free Press reports, “TVA now expects to sell 13 percent less power in 2027 than it did two decades earlier — the first sustained reversal in the growth of electricity usage in the 85-year history of TVA.”

TVA will sell less electricity in 10 years than it did 10 years ago. That is bonkers.

This startling shift in prospects has prompted the company to accelerate its schedule. It will now develop its next IRP a year early, in 2019.

Think for a moment about why a big utility like TVA (serving 9 million customers in seven states, with more than $11 billion in revenue) sets out to plan 20 years ahead. It is investing in extremely large and capital-intensive infrastructure like power plants and transmission lines, which cost billions of dollars and last for decades. These are not decisions to make lightly; the utility wants to be sure that they will still be needed, and will still pay off, for many years to come.

Now think for a moment about what it means for the electricity sector to be changing so fast that TVA’s projections are out of date three years after its last IRP, so much so that it needs to plunge back into the multimillion-dollar, year-long process of developing a new plan.

TVA wanted a plan for 20 years; the plan lasted three.

The utility business model is headed for a reckoning

TVA, as a government-owned, fully regulated utility, has only the goals of “low cost, informed risk, environmental responsibility, reliability, diversity of power and flexibility to meet changing market conditions,” as its planning manager told the Times Free Press. (Yes, that’s already a lot of goals!)

But investor-owned utilities (IOUs), which administer electricity for well over half of Americans, face another imperative: to make money for investors. They can’t make money selling electricity; monopoly regulations forbid it, raising questions about utility revenue models as marginal energy costs fall. Instead, they make money by earning a rate of return on investments in electrical power plants and infrastructure.

The problem is, with demand stagnant, there’s not much need for new hardware. And a drop in investment means a drop in profit. Unable to continue the steady growth that their investors have always counted on, IOUs are treading water, watching as revenues dry up

Utilities have been frantically adjusting to this new normal. The generation utilities that sell into wholesale electricity markets (also under pressure from falling power prices; thanks to natural gas and renewables, wholesale power prices are down 70 percent from 2007) have reacted by cutting costs and merging. The regulated utilities that administer local distribution grids have responded by increasing investments in those grids, including efforts to improve electricity reliability and resilience at lower cost.

But these are temporary, limited responses, not enough to stay in business in the face of long-term decline in demand. Ultimately, deeper reforms will be necessary.

As I have explained at length, the US utility sector was built around the presumption of perpetual growth. Utilities were envisioned as entities that would build the electricity infrastructure to safely and affordably meet ever-rising demand, which was seen as a fixed, external factor, outside utility control.

But demand is no longer rising. What the US needs now are utilities that can manage and accelerate that decline in demand, increasing efficiency as they shift to cleaner generation. The new electricity paradigm is to match flexible, diverse, low-carbon supply with (increasingly controllable) demand, through sophisticated real-time sensing and software.

That’s simply a different model than current utilities are designed for. To adapt, the utility business model must change. Utilities need newly defined responsibilities and new ways to make money, through services rather than new hardware. That kind of reform will require regulators, politicians, and risky experiments. Very few states — New York, California, Massachusetts, a few others — have consciously set off down that path.

Flat or declining demand is going to force the issue

Even if natural gas and renewables weren’t roiling the sector, the end of demand growth would eventually force utility reform.

To be clear: For both economic and environmental reasons, it is good that US power demand has decoupled from GDP growth. As long as we’re getting the energy services we need, we want overall demand to decline. It saves money, reduces pollution, and avoids the need for expensive infrastructure.

But the way we’ve set up utilities, they must fight that trend. Every time they are forced to invest in energy efficiency or make some allowance for distributed generation (and they must always be forced), demand for their product declines, and with it their justification to make new investments.

Only when the utility model fundamentally changes — when utilities begin to see themselves primarily as architects and managers of high-efficiency, low-emissions, multidirectional electricity systems rather than just investors in infrastructure growth — can utilities turn in earnest to the kind planning they need to be doing.

In a climate-aligned world, utilities would view the decoupling of power demand from GDP growth as cause for celebration, a sign of success. They would throw themselves into accelerating the trend.

Instead, utilities find themselves constantly surprised, caught flat-footed again and again by a trend they desperately want to believe is temporary. Unless we can collectively reorient utilities to pursue rather than fear current trends in electricity, they are headed for a grim reckoning.

Related News

• Electricity Forum News

• Energy Policy News

Dragonfly energy sector cyberattacks target ICS and SCADA across critical infrastructure, including the power grid and nuclear facilities, using spearphishing, watering-hole sites, supply-chain compromises, malware, and VPN exploits to gain operational access.

Key Points

Dragonfly APT campaigns target energy firms and ICS to gain grid access, risking manipulation and service disruption.

✅ Breaches leveraged spearphishing, watering-hole sites, and supply chains.

✅ Targeted ICS, SCADA, VPNs to pivot into operational networks.

✅ Aimed to enable power grid manipulation and potential outages.

An October, 2017 report by researchers at Symantec Corp., cited by the U.S. government, has linked recent US power grid cyber attacks to a group of hackers it had code-named "Dragonfly", and said it found evidence critical infrastructure facilities in Turkey and Switzerland also had been breached.

The Symantec researchers said an earlier wave of attacks by the same group starting in 2011 was used to gather intelligence on companies and their operational systems. The hackers then used that information for a more advanced wave of attacks targeting industrial control systems that, if disabled, leave millions without power or water.

U.S. intelligence officials have long been concerned about the security of the country’s electrical grid. The recent attacks, condemned by the U.S. government, striking almost simultaneously at multiple locations, are testing the government’s ability to coordinate an effective response among several private utilities, state and local officials, and industry regulators.

#google#

While the core of a nuclear generator is heavily protected, a sudden shutdown of the turbine can trigger safety systems. These safety devices are designed to disperse excess heat while the nuclear reaction is halted, but the safety systems themselves may be vulnerable to attack.

The operating systems at nuclear plants also tend to be legacy controls built decades ago and don’t have digital control systems that can be exploited by hackers.

“Since at least March 2016, Russian government cyber actors… targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors,” according to Thursday’s FBI and Department of Homeland Security report. The report did not say how successful the attacks were or specify the targets, but said that the Russian hackers “targeted small commercial facilities’ networks where they staged malware, conducted spearphishing, and gained remote access into energy sector networks.” At least one target of a string of infrastructure attacks last year was a nuclear power facility in Kansas.

Symantec doesn’t typically point fingers at particular nations in its research on cyberattacks, said Eric Chien, technical director of Symantec’s Security Technology and Response division, though he said his team doesn’t see anything it would disagree with in the new federal report. The government report appears to corroborate Symantec’s research, showing that the hackers had penetrated computers and accessed utility control rooms that would let them directly manipulate power systems, he says.

“There were really no more technical hurdles for them to do something like flip off the power,” he said.

And as for the group behind the attacks, Chien said it appears to be relatively dormant for now, but it has gone quiet in the past only to return with new hacks.

“We expect they’re sort of retooling now, and they likely will be back,”

In some cases, Dragonfly successfully broke into the core systems that control US and European energy companies, Symantec revealed.

“The energy sector has become an area of increased interest to cyber-attackers over the past two years,” Symantec said in its report.

“Most notably, disruptions to Ukraine’s power system in 2015 and 2016 were attributed to a cyberattack and led to power outages affecting hundreds of thousands of people. In recent months, there have also been media reports of attempted attacks on the electricity grids in some European countries, as well as reports of companies that manage nuclear facilities in the US being compromised by hackers.

“The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so. Symantec customers are protected against the activities of the Dragonfly group.”

In recent weeks, senior US intelligence officials said that the Kremlin believes it can launch hacking operations against the West with impunity, including a cyber weapon that can disrupt power grids, according to assessments.

The DHS and FBI report further elaborated: “This campaign comprises two distinct categories of victims: staging and intended targets. The initial victims are peripheral organisations such as trusted third-party suppliers with less-secure networks, referred to as ‘staging targets’ throughout this alert.

“The threat actors used the staging targets’ networks as pivot points and malware repositories when targeting their final intended victims. National Cybersecurity and Communications Integration Center and FBI judge the ultimate objective of the actors is to compromise organisational networks, also referred to as the ‘intended target’.”

According to the US alert, hackers used a variety of attack methods, including spear-phishing emails, watering-hole domains, credential gathering, open source and network reconnaissance, host-based exploitation, and deliberate targeting of ICS infrastructure.

The attackers also targeted VPN software and used password cracking tools.

Once inside, the attackers downloaded tools from a remote server and then carried out a number of actions, including modifying key systems to store plaintext credentials in memory, and built web shells to gain command and control of targeted systems.

“This actors’ campaign has affected multiple organisations in the energy, nuclear, water, aviation, construction and critical manufacturing sectors, with hundreds of victims across the U.S. power grid confirmed,” the DHS said, before outlining a number of steps that IT managers in infrastructure organisations can take to cleanse their systems and defend against Russian hackers. he said.
 

Related News

• Electricity Forum News

• Grid Technologies News

Russian cyberattacks on U.S. power grid exposed DHS warnings: Dragonfly/Energetic Bear breached control rooms, ICS networks, and could trigger blackouts via switch manipulation, phishing, and malware, threatening critical infrastructure and utility operations nationwide.

Key Points

State-backed breaches of utility ICS and control rooms enabled potential switch manipulation and blackouts.

✅ DHS: Dragonfly/Energetic Bear breached utility networks

✅ Access reached control rooms and ICS for switch control

✅ Ongoing campaign via phishing, malware, lateral movement

Russian hackers for a state-sponsored organization invaded hundreds of control rooms of U.S. electric utilities that could have led to blackouts, a new report says.

The group, known as Dragonfly or Energetic Bear, infiltrated networks of U.S. utilities as part of an effort that is likely ongoing, Department of Homeland Security officials told the Wall Street Journal.

Jonathan Home, chief of industrial-control-system analysis for DHS, said the hackers “got to the point where they could have thrown switches” and upset power flows.

Although the agency did not disclose which companies were impacted, the officials at a briefing Monday said that there were “hundreds of victims” including breaches at power plants across the U.S., and that some companies may not be aware that hackers infiltrated their networks yet.

According to experts, Russia has been preparing for such attacks for some time now, prompting a renewed focus on protecting the grid among utilities and policymakers.

“They’ve been intruding into our networks and are positioning themselves for a limited or widespread attack,” said former Deputy Assistant Defense Secretary Michael Carpenter, now senior director at the Penn Biden Center at the University of Pennsylvania, per the Wall Street Journal. “They are waging a covert war on the West.”

Earlier this year, the Trump administration claimed Russia had staged a power grid hacking campaign against the U.S. energy grid and other U.S. infrastructure.

The report comes after President Trump told reporters last week during a joint press conference in Helsinki alongside Russian President Vladimir Putin that he had no reason not to believe the Russian leader's assurances to him that the Kremlin was not to blame for interference in the election.

Trump later admitted that he misspoke when he said he didn’t “see any reason why” Russia would have meddled in the 2016 election, and said he believes the U.S. intelligence community assessment that found that the Russian government did interfere in the electoral process.

Related News

• Electricity Forum News

• Grid Technologies News