recommended reading

Why the Smart Grid Might Be a Dumb Idea

Foreign hackers don't just pose a threat to classified material, corporate secrets, and individual pri­vacy. Security experts say the greatest cyberthreat to the United States is the fact that the Chinese and Russian governments—and possibly other players—have succeeded in hacking into the nation's electric grid, giving them the ability, if they wish, to bring the U.S. economy to a screeching halt with the click of a mouse. 

Such an attack—executed not by gun-wielding terrorists on planes but by hackers activating software programs from thousands of miles away—could "deny large regions of the country access to bulk-system power for weeks or even months," concluded a National Academies of Science study declassified late last year. "An event of this magnitude and duration could lead to turmoil, widespread public fear, and an image of helplessness that would play directly into the hands of the terrorists. If such large extended outages were to occur during times of extreme weather, they could also result in hundreds or even thousands of deaths due to heat stress or extended exposure to extreme cold."

And the cyberthreat is growing as U.S. utilities seek to modernize aging electric infrastructure. When power companies invest in updating the 20th-century power grid with 21st-century "smart-grid" technology—particularly digital tools that increase the efficiency of electricity distribution while cutting global-warming pollution—they're also making the grid more vulnerable to devastating cyberattacks.  

"The modernization of electric utilities nationwide has left security loopholes that can be fairly easily exploited by hackers. It's created more efficiencies for utilities and convenience for consumers. But it's come at the expense of security," said Michael Dubose, managing director at Kroll, a risk-management firm, and a former chief of the Justice Department's Computer Crime and Intellectual Property Division.

"A few years ago, the grid was routinely being hacked by the Chinese and Russians.... They mapped the lay of the land, and now we have to assume they're inside the firewall," Dubose said.

Government officials say there's plenty of evidence that hackers have made their way into the 200,000 miles of transmission lines that provide electricity to more than 300 million people. In May, the Homeland Security Department told a House panel that between 2011 and 2012, DHS processed 68 percent more cyber incidents involving federal agencies critical infrastructure, including the electric grid, than it had the previous year.  

And power companies are making it easier for hackers with the advent of the so-called smart grid. Experts say that the more the electric grid is integrated with the Internet, the easier it is for hackers to break in.  President Obama has championed smart-grid technology as a way to address global warming. His 2009 stimulus law included $4.5 billion to increase smart-grid investment.

On Wednesday, the State Department announced a U.S.-China partnership in promoting smart-grid development—in both countries—to help reduce carbon pollution from power plants. That's good news for global warming, but potentially bad news for cybersecurity. "If your primary focus is reducing vulnerability, then a smart grid doesn't seem like a very good idea," said Adam Segal, an expert in China studies and cybersecurity at the Council on Foreign Relations.

Segal said that for now, the fact that hackers likely possess the capability to take down the U.S. grid doesn't mean they'll act. Bringing down major infrastructure is tougher than simply snooping on e-mails, he said, and it appears that only a few state actors—China, Russia, and the U.S.—have that capability. "It's hard to imagine a scenario where the Russians or the Chinese would turn off our grid for no reason," Segal said. "I suspect the Chinese have mapped these grids in case there's an escalation that spins out of control and they want to send a message that the U.S. is vulnerable." But, he added, "the Iranians are spending more on cyber [warfare], and al-Qaida has expressed an interest—we know this is something terrorists are interested in."

The threat of a terrorist attack even inspired the plot of a thriller novel. Retired Sen. Byron Dorgan of North Dakota has just released Gridlock, in which the Iranian and Venezuelan governments team up to attack the U.S. electric grid, leading to rolling blackouts that shut down 14 major U.S. cities. "This is fiction, but the threat to our electric grid system—it could happen," Dorgan, a former member of the Energy Committee, told National Journal

Dorgan and other policymakers lament the lack of coordination among the entities that manage the electric grid. Electricity transmission is overseen by a patchwork of federal, state, and local agencies; public and private electric utilities; and regional managers. "We need leadership on this," Dorgan said. "There's no one running the signals."

In February, President Obama signed an executive order requiring government agencies to re-evaluate and improve their oversight of cybersecurity risks. But the order didn't provide agencies with additional statuatory authority to address cyber risks—that authority can only be granted through an act of Congress.   

This spring, the House passed a cybersecurity bill aimed at reducing the vulnerability of the grid, in part by requiring electric utilities to share more information with the federal government. But the bill's backers say that, for now, its prospects of Senate passage are nil: In the wake of former National Security Agency contractor Edward Snowden's leaks about the U.S. government's surveillance of civilians, there's no chance the upper chamber will take up a bill that would result in private companies turning over customer information to the government.  

"We need close coordination between the government and the private sector on this. We need the government's intelligence-gathering ability, and they need our electric-utility operations expertise," said Scott Aaronsen, director of national security at the Edison Electric Institute, a trade association representing privately owned electric utilities. "I lament that … the NSA saga is hampering that," he said. "It now means there's greater mistrust of government and corporations sharing information." And continued vulnerability to an attack.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.