recommended reading

Why the Smart Grid Might Be a Dumb Idea

Foreign hackers don't just pose a threat to classified material, corporate secrets, and individual pri­vacy. Security experts say the greatest cyberthreat to the United States is the fact that the Chinese and Russian governments—and possibly other players—have succeeded in hacking into the nation's electric grid, giving them the ability, if they wish, to bring the U.S. economy to a screeching halt with the click of a mouse. 

Such an attack—executed not by gun-wielding terrorists on planes but by hackers activating software programs from thousands of miles away—could "deny large regions of the country access to bulk-system power for weeks or even months," concluded a National Academies of Science study declassified late last year. "An event of this magnitude and duration could lead to turmoil, widespread public fear, and an image of helplessness that would play directly into the hands of the terrorists. If such large extended outages were to occur during times of extreme weather, they could also result in hundreds or even thousands of deaths due to heat stress or extended exposure to extreme cold."

And the cyberthreat is growing as U.S. utilities seek to modernize aging electric infrastructure. When power companies invest in updating the 20th-century power grid with 21st-century "smart-grid" technology—particularly digital tools that increase the efficiency of electricity distribution while cutting global-warming pollution—they're also making the grid more vulnerable to devastating cyberattacks.  

"The modernization of electric utilities nationwide has left security loopholes that can be fairly easily exploited by hackers. It's created more efficiencies for utilities and convenience for consumers. But it's come at the expense of security," said Michael Dubose, managing director at Kroll, a risk-management firm, and a former chief of the Justice Department's Computer Crime and Intellectual Property Division.

"A few years ago, the grid was routinely being hacked by the Chinese and Russians.... They mapped the lay of the land, and now we have to assume they're inside the firewall," Dubose said.

Government officials say there's plenty of evidence that hackers have made their way into the 200,000 miles of transmission lines that provide electricity to more than 300 million people. In May, the Homeland Security Department told a House panel that between 2011 and 2012, DHS processed 68 percent more cyber incidents involving federal agencies critical infrastructure, including the electric grid, than it had the previous year.  

And power companies are making it easier for hackers with the advent of the so-called smart grid. Experts say that the more the electric grid is integrated with the Internet, the easier it is for hackers to break in.  President Obama has championed smart-grid technology as a way to address global warming. His 2009 stimulus law included $4.5 billion to increase smart-grid investment.

On Wednesday, the State Department announced a U.S.-China partnership in promoting smart-grid development—in both countries—to help reduce carbon pollution from power plants. That's good news for global warming, but potentially bad news for cybersecurity. "If your primary focus is reducing vulnerability, then a smart grid doesn't seem like a very good idea," said Adam Segal, an expert in China studies and cybersecurity at the Council on Foreign Relations.

Segal said that for now, the fact that hackers likely possess the capability to take down the U.S. grid doesn't mean they'll act. Bringing down major infrastructure is tougher than simply snooping on e-mails, he said, and it appears that only a few state actors—China, Russia, and the U.S.—have that capability. "It's hard to imagine a scenario where the Russians or the Chinese would turn off our grid for no reason," Segal said. "I suspect the Chinese have mapped these grids in case there's an escalation that spins out of control and they want to send a message that the U.S. is vulnerable." But, he added, "the Iranians are spending more on cyber [warfare], and al-Qaida has expressed an interest—we know this is something terrorists are interested in."

The threat of a terrorist attack even inspired the plot of a thriller novel. Retired Sen. Byron Dorgan of North Dakota has just released Gridlock, in which the Iranian and Venezuelan governments team up to attack the U.S. electric grid, leading to rolling blackouts that shut down 14 major U.S. cities. "This is fiction, but the threat to our electric grid system—it could happen," Dorgan, a former member of the Energy Committee, told National Journal

Dorgan and other policymakers lament the lack of coordination among the entities that manage the electric grid. Electricity transmission is overseen by a patchwork of federal, state, and local agencies; public and private electric utilities; and regional managers. "We need leadership on this," Dorgan said. "There's no one running the signals."

In February, President Obama signed an executive order requiring government agencies to re-evaluate and improve their oversight of cybersecurity risks. But the order didn't provide agencies with additional statuatory authority to address cyber risks—that authority can only be granted through an act of Congress.   

This spring, the House passed a cybersecurity bill aimed at reducing the vulnerability of the grid, in part by requiring electric utilities to share more information with the federal government. But the bill's backers say that, for now, its prospects of Senate passage are nil: In the wake of former National Security Agency contractor Edward Snowden's leaks about the U.S. government's surveillance of civilians, there's no chance the upper chamber will take up a bill that would result in private companies turning over customer information to the government.  

"We need close coordination between the government and the private sector on this. We need the government's intelligence-gathering ability, and they need our electric-utility operations expertise," said Scott Aaronsen, director of national security at the Edison Electric Institute, a trade association representing privately owned electric utilities. "I lament that … the NSA saga is hampering that," he said. "It now means there's greater mistrust of government and corporations sharing information." And continued vulnerability to an attack.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.