Threats to the power grid
Threats to the power grid come in many flavors besides cyberattacks as was pointed out when the House Committee on Science, Space and Technology held an oversight hearing to examine vulnerabilities of America's power supply; it looked at threats to the national electric grid including physical threats, space weather, SCADA, EMP attacks and cybersecurity.
Daniel Baker, professor of planetary and space physics at the University of Colorado Boulder, testified that current technology only gives us a 45-minute heads-up before a solar flare. Electromagnetic energy released in a flare "could cause a disturbance resulting in widespread power blackouts that would disable everything that uses electricity." He said, "The total economic impact of such an event has been estimate to exceed $2 trillion."
Of course the Committee mentioned (pdf) cybersecurity. "As the electric grid continues to be modernized and become more interconnected, the threat of a potential cybersecurity breach significantly increases. While there has been no reported cyberattack that has resulted in widespread loss of power, there have been many attempted attacks." In 2014, the NSA "had tracked intrusions into [industrial control] systems by entities with the technical capability 'to take down control systems that operate U.S. power grids, water systems and other critical infrastructure'."
Nadya Bartol, vice president of industry affairs and cybersecurity strategist for the Utilities Telecom Council, testified that legacy electric grid infrastructure "was not designed to be secured because security was not a concern when that infrastructure was implemented." She added, "It is important to understand that security is a process and will never be completely resolved."
Utility companies fight off thousands of cyberattackers per month
The DOE may be over the power grid, but you pay a utility company for your electricity every month. Forbes reported that there are "about 5,800 major power plants and 450,000 high-voltage transmission lines in the United States. Because the system is now connected to the outside world through the Internet, it has been become subject to evermore attacks. Roughly 85% of that infrastructure is owned by private entities, which maintain that they have an inherent interest in protecting their assets from outside hazards."
Those companies are also being hammered by cyberattackers. As an example, Forbes said, "Xcel Energy is successfully fending off thousands of would-be attackers a month. A lot of other power companies are doing the same." Utility companies protect grid operations with "everything from frequent password changes to periodic patches to firewalls and upgrades. But it's a never-ending battle. Setting priorities by identifying high-value assets and then restricting access is a good start, all while ensuring employees are well-trained and well-vetted."
Sign up for Computerworld eNewsletters.