Security of the electric grid's computer systems from a cyberattack
US Power Grid Vulnerable to Just About Everything
Comments | Print friendly | Subscribe | Email Us
As Washington hunts ill-defined al-Qaeda groups in the Middle East and Africa, and concerns itself with Iran’s eventual nuclear potential, it has a much more pressing problem at home: Its energy grid is vulnerable to anyone with basic weapons and know-how.
Forget about cyber warfare and highly organized terrorist attacks, a lack of basic physical security on the US power grid means that anyone with a gun—like disgruntled Michigan Militia types, for instance—could do serious damage.
For the past two months, the US Federal Energy Regulatory Commission (FERC) has been tasked with creating a security strategy for the electric grid and hydrocarbon facilities through its newly created Office of Energy Infrastructure Security. So far, it’s not good news.
“There are ways that a very few number of actors with very rudimentary equipment could take down large portions of our grid,” warns FERC Chairman Jon Wellinghoff. This, he says, “is an equal if not greater issue” than cyber security.
FERC’s gloom-and-doom risk assessment comes on the heels of the recent declassification of a 2007 report by the National Academy of Sciences.
The National Academy of Sciences on 14 November warned that a terrorist attack on the US power grid could wreak more damage than Hurricane Sandy. It could cause massive blackouts for weeks or months at a time. But this would only be the beginning, the Academy warns, spelling out an “end of days” scenario in which blackouts lead to widespread fear, panic and instability.
What they are hinting at is revolution—and it wouldn’t take much.
So what is being done to mitigate risk? According to FERC, utility companies aren’t doing enough. Unfortunately, FERC does not have the power to order utilities to act in the name of protecting the country’s energy infrastructure. Security is expensive, and more than 90% of the country’s grid is privately owned and regulated by state governments. Private utilities are not likely to feel responsible for footing the bill for security, and states may not be able to afford it.
One key problem is theoretically a simple one to resolve: a lack of spare parts. According to the National Academy of Sciences, the grid is particularly vulnerable because it is spread out across hundreds of miles with key equipment not sufficiently guarded or antiquated and unable to prevent outages from cascading.
We are talking about some 170,000 miles of voltage transmission line miles fed by 2,100 high-voltage transformers delivering power to 125 million households.
“We could easily be without power across a multistate region for many weeks or months, because we don’t have many spare transformers,” according to the Academy.
High-voltage transformers are vulnerable both from within and from outside the substations in which they are housed. Complicating matters, these transformers are huge and difficult to remove. They are also difficult to replace, as they are custom built primarily outside the US. So what is the solution? Perhaps, says the Academy, to design smaller portable transformers that could be used temporarily in an emergency situation.
Why was the Academy’s 2007 report only just declassified? Well, its authors were worried that it would be tantamount to providing terrorists with a detailed recipe for attacking and destabilizing America, or perhaps for starting a revolution.
The military at least is preparing to protect its own power supplies. Recently, the US Army Corps of Engineers awarded a $7 million contract for research that demonstrates the integration of electric vehicles, generators and solar arrays to supply emergency power for Fort Carson, Colorado. This is the SPIDERS (Smart Power Infrastructure Demonstration for Energy Reliability and Security), and the Army hopes it will be the answer to more efficient and secure energy.
Back in the civilian world, however, things are moving rather slowly, and the focus remains on the sexier idea of an energy-crippling cyberattack.
Last week, Senator Ed Markey (D-Mass.) urged House Energy and Commerce Committee chairman Rep. Fred Upton (R-Mich.) to pass a bill—the GRID Act—which would secure the grid against cyberattacks.
“As the widespread and, in some cases, still ongoing power outages from Superstorm Sandy have shown us, our electric grid is too fragile and its disruption is too devastating for us to fail to act,” Markey wrote. “Given this urgency, it is critical that the House act immediately in a bipartisan manner to ensure our electrical infrastructure is secure.”
This bill was passed by the House, but has failed to gain any traction in the Senate.
FERC, of course, is all for the bill, which would give it the authority to issue orders and regulations to boost the security of the electric grid’s computer systems from a cyberattack.
But it’s only a small piece of the security puzzle, and FERC remains concerned that authorities are overlooking the myriad simpler threats to the electricity grid. These don’t make for the easy headlines, especially since they are not necessarily foreign in nature.