Bracing for a Big Power Grid Attack: ‘One is Too Many’

About once every four days, part of the nation’s power grid — a system whose failure could leave millions in the dark — is struck by a cyber or physical attack, a USA TODAY analysis of federal energy records finds.

Although the repeated security breaches have never resulted in the type of cascading outage that swept across the Northeast in 2003, they have sharpened concerns about vulnerabilities in the electric system. A widespread outage lasting even a few days could disable devices ranging from ATMs to cellphones to traffic lights, and could threaten lives if heating, air conditioning and health care systems exhaust their backup power supplies.

Some experts and officials fear the rash of smaller-scale incidents may point to broader security problems, raising questions about what can be done to safeguard the electrical grid from an attack that could leave millions without power for days or weeks, with potentially devastating consequences.

“It’s one of those things: One is too many, so that’s why we have to pay attention,” said Federal Energy Regulatory Commission Chairman Cheryl LaFleur. “The threats continue to evolve, and we have to continue to evolve as well.”

An examination by USA TODAY and affiliated newspapers and TV stations across the country, drawing on thousands of pages of government records, federal energy data and a survey of more than 50 electric utilities, finds:

  • More often than once a week, the physical and computerized security mechanisms intended to protect Americans from widespread power outages are affected by attacks, with less severe cyberattacks happening even more often.
  • Transformers and other critical equipment often sit in plain view, protected only by chain-link fencing and a few security cameras.
  • Suspects have never been identified in connection with many of the 300-plus attacks on electrical infrastructure since 2011.
  • An organization funded by the power industry writes and enforces the industry’s own guidelines for security, and decreased the number of security penalties it issued by 30 percent from 2013 to 2014, leading to questions about oversight.

Jon Wellinghoff, former chairman of the Federal Energy Regulatory Commission, said the power grid is currently “too susceptible to a cascading outage” because of its reliance on a small number of critical substations and other physical equipment.

Because the nation’s electrical grid operates as an interdependent network, the failure of any one element requires energy to be drawn from other areas. If multiple parts fail at the same time, there is the potential for a cascading effect that could leave millions in the darks for days, weeks or longer.

“Those critical nodes can, in fact, be attacked in one way or another,” Wellinghoff said. “You have a very vulnerable system that will continue to be vulnerable until we figure out a way to break it out into more distributed systems.”

Read more here.

Facebooktwitter