Protect the nation’s electric grid from attack
I magine if during the recent polar vortex cold spell, when large sections of the nation's power grid were already operating under severe duress, a cyberattack was launched that shut off power.
Today, many bad actors are plotting and capable of such destruction. And it will take a concerted push by utilities, utility regulators and the national security community to thwart these acts.
Dan Coats, director of National Intelligence, was clear about these dangers in a Jan. 29 report and related testimony to the Senate Select Committee on Intelligence: “China has the ability to launch cyber attacks that cause localized, temporary disruptive effects on critical infrastructure — such as disruption of a natural gas pipeline for days to weeks — in the Unites States.”
Coats also said, “Russia has the ability to execute cyber attacks in the United States that generate localized, temporary disruptive effects on critical infrastructure — such as disrupting an electrical distribution network for at least a few hours.”
In November, Energy Secretary Rick Perry was even more blunt about the pending dangers, saying, “The threat of cyberattacks is growing, it's metastasizing. The warning lights are blinking and they're blinking red.”
Energy industry leaders agree with Perry and Coats. According to a KPMG Survey released in November, nearly half the chief executive officers of power and utility companies think a cyberattack on their business is a question of “when” and not “if.”
Much of the electric grid is now run via the internet. The vast number of electronic devices, switches and circuit breakers that regulate the grid and ensure that it operates reliably and efficiently also present a big challenge. Hackers are looking for the weakest links in the complex chain that is America's electric grid.
Power outages are not merely inconveniences. They are public safety crises. The elderly and the sick are especially vulnerable, unable to find medicines in the dark or to sufficiently heat or cool their homes. A study by Johns Hopkins found that the Northeast blackout of 2003, where 50 million lost power, caused 87 deaths.
To address the multiple, complex and ever-changing cyberattack threats, government and industry must work together. There have been some encouraging developments in this regard recently.
National Cyber Security Strategy: In September the White House released a National Cyber Strategy, the first of its kind in 15 years, to clarify the roles and responsibilities of federal agencies.
Simulated Exercises: In October and November, the Department of Energy conducted Liberty Eclipse, which looked at coping with a cyberattack after a severe blackout. This builds on widescale tests involving 450 organizations already being undertaken by the North American Electric Reliability Corporation.
Expanded Information Sharing is starting to occur: It is imperative that utilities share information so that all can be ready to thwart attacks.
The challenges in protecting the grid will grow, particularly as more technology is implemented to control power remotely and manage other aspects of electricity generation and distribution. It will require vigilance by local utilities, information sharing, national cooperation and relentless monitoring of our enemies.
Complacency allowing a catastrophic cyberattack on the grid, must simply not happen.