Cybersecurity

Could a Cyberattack Take Down the Power Grid?

Oct. 13, 2016
Depending on who you ask, the risk to the U.S. electrical grid is either not a big deal, disastrous, or somewhere in between.

It happened in Pakistan in January 2015. It happened in Ukraine less than a year later. It could happen in the U.S., too, and it could be catastrophic.

The prospect of a prolonged power outage that could shut down major metropolitan areas, even the entire East or West coasts, continues to raise alarms. It has fueled numerous reports, news articles, and meetings.

Former TV news reporter Ted Koppel was so concerned about what he perceived to be the lack of attention to the topic that he wrote a book about it called Lights Out.

The Department of Homeland Security reports that the energy sector is the target of more than 40% of all reported cyberattacks. The increasing autonomy of the computer systems that regulate how electricity flows through the grid poses a particular security threat, according to a recent report by security technologist Bruce Schneier on Motherboard.com.

“It means that the effects of attacks can take effect immediately, automatically, and ubiquitously,” writes Schneier, who is also CTO of IBM’s Resilient Systems, Inc. 

“The more we remove humans from the loop, (the) faster attacks can do their damage and the more we lose our ability to rely on actual smarts to notice something is wrong before it's too late.”

But is the U.S. as unprepared as Koppel, Schneier, and others fear? The IoT risk to the power grid will be one topic of a discussion at the upcoming Internet of Things Institute’s IoT Emerge conference coming up November 2 - 4 in Chicago.

Panelists in another recent panel discussion on the cyberthreat to the grid disagreed with the widespread catastrophic thinking about it.

“A nationwide blackout from a cyberattack is implausible,” said Caitlin Durkovich, assistant secretary for infrastructure protection at the Department of Homeland Security.

While vulnerabilities exist, the utility industry has been working with local, state and federal government bodies for several years on prevention, detection, and recovery plans for a power grid cyberattack, Durkovich told listeners to the discussion on the topic hosted by The Energy Times.

Utility companies deal with penetration attempts every day, said Gerry Cauley, CEO of the North American Electricity Reliability Corporation (NERC), an organization of U.S. electrical grid operators.

NERC’s third grid attack simulation in November 2015 included participants from electric utilities; regional and federal law enforcement, first response and intelligence agencies; information sharing and analysis centers and other utilities; and supply chain stakeholder organizations. NERC is planning its fourth grid attack simulation for November 2017.

In the event of an actual cyberattack on the grid, the National Cybersecurity and Communications Integration Center in Arlington, VA would be the government’s control center.

NERC has a representative at the center every day, according to a report by The Hill. In the event of a cyberattack that disabled large areas of the power grid, the person from NERC would be the liaison between the Department of Homeland Security and the electric industry. Working together will be key, according to Cauley.

“This is not anyone’s problem to address or be prepared for, but it is a unity of effort across different agencies at the federal government as well as a state role in terms of a crisis to be able to make sure that the public is safe,” he said.

Industry and government are focusing on real-time automated anomaly detection of cyber threats, according to Edna Conway, chief security officer of the global value chain for Cisco Systems, Inc.

“We’re seeing some of that in the age of the Internet of Things and Big Data calculations that allow an operational-level view (in) real time and awareness to things that may not yet mean a security breach but are anomalous and need further investigation.”

About the Author

Nancy Crotti

Nancy Crotti began her journalistic career as a teenager, and continued it at Syracuse University, writing for the Daily Orange. She landed her first newspaper job at a Philadelphia weekly called the Germantown Courier. She took first prize for investigative reporting among weekly newspapers in a Pennsylvania Newspaper Publishers Association contest for a story about alleged sexual harassment of teachers.

As one of eight staff writers for the daily Delaware State News in Dover, DE, she covered state, county and municipal government; crime, business, agriculture and real estate. She wrote many profiles and feature stories and wove colleagues’ coverage of Hurricane Gloria into a cohesive story.

Later, she had a staff writing position at the Asbury Park Press in New Jersey, where she covered municipal government, residential and commercial real estate, interior design, education and business. There, she won third prize for investigative reporting in a New Jersey Newspaper Publishers Association contest for a series on government disposal of properties seized from financial institutions.

In 1999, she moved with my family to St. Paul, MN, where I began my freelance career, writing about healthcare, residential and commercial real estate, business, law, medical technology, interior and landscape design, and gardening, as well as a wide variety of feature articles. Publications that have featured my work include the New York Daily News, the Minneapolis Star Tribune, the St. Paul Pioneer Press, the Minneapolis-St.PaulBusiness Journal, Commercial Property Executive, Qmed.com, Finance & Commerce,Minnesota Lawyer, Politics in Minnesota, Minnesota Medicine, Saint Paul Illustrated,The Line (an online news magazine), The Mix (the newsletter of the Twin Cities cooperative grocery stores) and the alumni magazines of St. Catherine University, William Mitchell College of Law, and St. Olaf College.