A Threat No One Is Talking About - Attack On the Power Grid

If an US adversary has as its goal inflicting maximum damage and pain on the largest number of Americans, there may not be a more productive target than one of the electric power grids.

The US power grid is highly vulnerable to an attack by an EMP weapon or a solar event. Such an attack on the power grid could throw the US back into the dark ages. It would take years to build the system back up. Some experts believe that a year without power would kill as many as 9 out of 10 Americans.

Electricity is what keeps society tethered to modern times. There are three power grids that generate and distribute electricity throughout the United States, and taking down all or any part of a grid would scatter millions of Americans in a desperate search for light, while those unable to travel would tumble back into something approximating the mid-nineteenth century.

The very structure that keeps electricity flowing throughout the United States depends absolutely on computerized systems designed to maintain perfect balance be­tween supply and demand. Maintaining that balance is not an accounting measure, it is an operational imperative. The point needs to be restated: for the grid to remain fully operational, the supply and demand of electricity have to be kept in perfect balance.
 
It is the Internet that provides the instant access to the computerized systems that maintain that equilibrium. If a sophisticated hacker gained access to one of those systems and succeeded in throwing that precarious balance out of kilter, the consequences would be devastating. We can take limited comfort in the knowledge that such an attack would require painstaking preparation and a highly sophisticated understanding of how the system works and where its vulnerabilities lie. Less reassuring is the knowledge that several nations already have that expertise, and—even more unsettling—that criminal and terrorist organizations are in the process of acquiring it.

It would be comforting to report that those agencies charged with responding to disaster are adequately prepared to deal with the consequences of a cyberattack on the grid. They are not.

For all the warnings from high-ranking members of the military and intelligence establishments, and despite the known vulnerabilities of the transformers critical to the viability of the grid, there remains a determination among many government officials to stress the grid’s resilience. They invariably cite as evidence the manner in which electric power has been restored in the wake of one natural disaster after another. Absent a crippling example to the contrary, the presumed consequences of a cyberattack on a power grid are bundled into the same general category as blizzards, floods, hurricanes, and earthquakes.

This approach falters, however, when relevant federal agencies fail to provide for (or in some cases even contemplate) the difference in magnitude between the effects on the grid of any recorded natural disaster and the potential effects of a massive cyberattack. For one thing, the affected area could be much greater. Even the partial blackout of a grid could leave half a dozen or more states without electricity. Also, unless one credits the Old Testament–style intervention of an angry deity, storms do not deliberately target a system’s critical weaknesses. Cyberattacks do, and if we assume that the attackers are predisposed to inflict maximum damage, they will try to conceal what they are doing.
 
That’s not the sort of message that would inspire widespread confidence in a concerned public, but it has the ring of authenticity to it.

This piece has been adapted from Ted Koppel's new book, "Lights Out: A Cyberattack, a Nation Unprepared, Surviving the Aftermath," 
Sentinel: http://bit.ly/1L6F666
Ted Koppel: http://bit.ly/1KLipnK

 

« Waging Cyberwar In Peacetime
British Police Want Access to UK's Entire Web Browsing History »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

VMworld

VMworld

VMworld is a global conference for virtualization and cloud computing, including associated security issues.

ISO Quality Services Ltd

ISO Quality Services Ltd

ISO Quality Services is an independent organisation that specialises in the implementation, certification and continued auditing of ISO and BS EN Management Standards including ISO 27001..

BetterCloud

BetterCloud

BetterCloud puts IT in control of the modern workplace through user lifecycle management, data discovery, and IT and security automation purpose-built for SaaS.

ThreatAdvice

ThreatAdvice

ThreatAdvice is a provider of cybersecurity education, awareness and threat intelligence.

adaware

adaware

adaware is an award-winning security and privacy software provider, empowering users to connect with confidence.

Optra Security

Optra Security

Optra Security specializes in information security with a focus on Application Security.

Department of Justice & Equality - Cybercrime Division

Department of Justice & Equality - Cybercrime Division

The Cybercrime division is responsible for developing policy in relation to the criminal activity and coordinating a range of different cyber initiatives at national and international level.

GoCyber

GoCyber

GoCyber is a new, highly innovative cyber security training app that uses action based learning to significantly improve the online behaviour of all employees in less than a month.

ACROS Security

ACROS Security

ACROS Security is a leading provider of security research, real penetration testing and code review for customers with the highest security requirements.

TechRate

TechRate

Techrate is an analytics agency focused on blockchain technology and engineering. Or expertise includes security and technical audits of projects.

AXELOS

AXELOS

AXELOS develops best practice frameworks and methodologies used globally by professionals working primarily in IT management and cyber resilience.

Startups.be

Startups.be

Startups.be helps tech entrepreneurs to be successful by providing quality access to service providers, business partners, customers and investors.

Etonwood

Etonwood

Etonwood specialises in infrastructure and vendor technology recruitment in areas including cloud platforms, cyber security and service management.

Maltego Technologies

Maltego Technologies

Maltego is a comprehensive tool for graphical link analyses that offers real-time data mining and information gathering. Applications include cybersecurity threat intelligence and incident response.

Crispmind

Crispmind

Crispmind creates innovative solutions to some of today’s most challenging technology problems.

GeoComply

GeoComply

GeoComply provides fraud prevention and cybersecurity solutions that detect location fraud and help verify a user's true digital identity.