'Isolated' parts of BC Hydro grid vulnerable to cyberattacks, auditor general says

BC Hydro is vulnerable to cyber attacks on smaller, localized parts of the grid, according to a report released Tuesday by B.C. Auditor General Carol Bellringer.

Bellringer warns cyberattackers are persistent and will eventually succeed.

"It is only a matter of time until the advanced attackers get in," said Bellringer in her report, Detection and Response to Cybersecurity Threats on BC Hydro's Industrial Control Systems.

The auditor general commends BC Hydro for its overall ability to defend and respond to cyber threats to the majority of its electrical power system. Those parts are all covered by mandatory reliability standards designed to protect the power supply.

But Bellringer has identified vulnerabilities — in BC Hydro equipment in more localized areas with lower power or voltage capacity. She says cyberattacks on these small portions of the grid would cause local outages in isolated communities but could also trigger cascading blackouts and cause widespread problems across the system..

"The degree of impact may range from minor disruptions to life threatening," said Bellringer.

Few details of BC Hydro's vulnerabilities were released for security reasons, but the company has agreed to improve its cybersecurity across the board..

'Dramatic increase' in global cyberattacks

BC Hydro provides power to 95 per cent of the people in British Columbia and is also linked to the power grids in Alberta, 14 American states and part of northern Mexico.

"Cybersecurity attacks against the energy sector have increased dramatically around the globe," said Bellringer.

"There are no immediate alarm bells but a lot of concern," said Bellringer.