Until recently, the general public had little awareness about threats to the American power grid. More recently, there have been article discussing how Russia and other unfriendly countries are “in our grid.” Experts in the Government scrambled to assure the public that the grid is safe, and we will not be in the dark. Cyber experts acknowledge vulnerabilities, but advise concerned citizens that the cyber issues being discovered are being mitigated.
As a result, politicians and power system engineers are more aware of the threats than ever before. So, at least the potential issues are front and center; with operations to secure the grid more visible.
How could it be that the grid is not the most protected entity in the nation? Partly it is because the grid is heavily reliant on automated computer systems and these remotely accessed systems are expanding. This makes the grid continuously more vulnerable and a prime target for those looking to create nationwide disruptions.
The many networks within the grid and timing requirements make this critical infrastructure highly susceptible to cybersecurity risks. The grid is a series of 7,000 power plants; 55,000 substations; 160,000 miles of high-voltage transmission lines and hundreds of thousands of low-voltage distribution lines. High-voltage transmissions consist of power plants, while low-voltage distribution lines power individual homes and businesses. That covers a lot of ground. And, there is plenty of room for malicious actors to disrupt any part of the system with even a simple exploit.
Developing and adding new equipment to the power grid can fend off intruders for only a limited time. But, sooner than later they will familiarize themselves with the system’s weakest points and strike when least expected. The response time in addressing a problem can differ across cities and state borders, throwing off the grid’s equilibrium. It is imperative for companies to implement and analyze strategic security protocols from start to finish.
For years we have known and prepared for weather-related incidents and their detrimental effects on the grid. Even a small incident in Wyoming can result in hours or even days of chaos in the following weeks. However, we always have assurance the issue will be rectified at some point. With cyber related disruption we don’t have that same confidence. A cyber-attack could fry those hard to obtain components, and corrupt computer code not easily restored. We have only recently started to understand upstream and downstream affects from a massive outage. Hopefully, we will never find out what a long-term outage will do to our civility in cities with millions of residents.
Threats to the power grid range from highly technical malicious attacks on industrial control systems to insider threats. These attacks, if successful, are capable of seriously damaging a country’s physical infrastructure, economy, and society. In the winter of 2015, Ukraine fell victim to a cyberattack on its power grid. Using a combination of high-level security credentials and software vulnerabilities, hackers gained access to circuit breakers and managed to shut off the power to hundreds of people. Though this lasted for only a few hours, a bustling society suddenly froze in time, quite literally. With no access to any source of heat, Ukrainians were struggling to keep warm in near-freezing temperatures. Imaging if the systems were permanently damaged. We can’t afford to ever face this in the United States and should do everything to avoid it.
As we continue to automate the electrical the opportunities for hackers to disrupt critical systems is continuously multiplied. A digitalized network gives hackers the flexibility to manipulate computer systems remotely. Using any type of malware on these aging systems a hacker has the potential to interfere with their proper functions. Therefore, upgrading the entire system with state-of-the-art and cyber safe systems is not an option.
Let’s us take Christmas lights as an example. When one of the lights goes out, the entire string becomes inactive, forcing us to go through each bulb until we find the culprit. It is time consuming and you don’t always find the bad bulb. Similarly, the power grid has a plethora of vulnerabilities that can cause outages. Think about the “loose bulbs” over 160,000 miles.
The hacking of smart meters is an example of how newer and connected technologies can be vulnerable. The old unconnected systems were antiquated, but their mechanical functions were sound and dependable. The new meters simplify the workload for us, but are a gateway for malware, ransomware, and other software vulnerabilities. And, it only takes one meter to be hacked in the interconnected systems to potentially infect a lot of others. A skilled hacker can crawl through the light at the end of the digital tunnel and trigger disruptions that leave us all in the dark.