60 Minutes gave us a taste of current thinking about the vulnerability of the U.S. power grid to hostile action. It ain’t pretty: Cyber War: Sabotaging the System.
First, we learn that Internet attacks on private financial systems and secure government computer systems are now routine, significant and ongoing.
We also learn that the top concern of national-security officials is the power grid. Here, the danger is that unauthorized access could be used not merely to monitor or steal data, but to take control of physical systems like large generators or transformers to make them malfunction and self-destruct.
The destruction of such hard-to-replace assets could leave parts of the country without power for long periods of time. Building new, unneeded high-voltage transmission projects like the proposed PATH power line would leave us even more vulnerable to attack.
The 60 Minutes report concludes by highlighting the work of the House Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology which has been stymied by the “private sector” in its efforts to draw more attention to the problem. In a statement, Representative Bennie Thompson, chairman of the Committee on Homeland Security, said:
Most of the electric industry had not completed the recommended mitigations, despite being advised to do so by the Federal Energy Regulatory Commission and the North American Electric Reliability Corporation. This effectively left many utilities vulnerable to attacks. Furthermore, in spite of existing mandatory cybersecurity standards, the North American Electric Reliability Corporation (“NERC”) recently reported that many utilities are underreporting their critical cyber assets, potentially to avoid compliance requirements.
How many remember the days before 9-11, when the airline industry stonewalled efforts to improve airport security? And after 9-11, that same industry was bailed out by the federal government and protected from liability. The power industry probably expects to get the same deal from Washington in the event of a cyber-attack or other hazard that takes out parts of the grid.
One key point was missing from the 60 Minutes story. The impression was created that only foreign governments were capable of launching attacks on our critical infrastructure. That’s comforting. After all, the Chinese are pretty rational and probably won’t attack our grid so long as we don’t attack them. (They like selling us televisions.)
A more insidious danger comes from non-state actors, including terrorist groups or criminal gangs. The unpleasant truth is that these unpredictable non-state actors may also have the capability to inflict serious harm on our power grid. The 60 Minutes story does mention cases of blackouts in Brazil that were probably caused by criminal gangs. (The Brazilian government is disputing the report.)
No wonder the Pentagon is so anxious to get off the grid.