Twitter Facebook Google RSS
Homeland Security News 

Feds Fear Coordinated Physical, Cyber-Attacks on Electrical Grids 


By Stew Magnuson 

Electrical grids in the United States are vulnerable to both cyber-attacks and space weather, federal officials have said.

But an assault that combines the skills of a hacker with a physical attack on key parts of a grid’s infrastructure may result in hundreds of millions of U.S. homes and businesses losing electricity.

“I am most concerned about coordinated physical and cyber-attacks intended to disable elements of the power grid or deny electricity to specific targets, such as government or business centers, military installations, or other infrastructures,” Gerry Cauley, president and CEO of the North American Electric Reliability Corp., said at a recent Senate hearing.

Scott Pugh, of the Department of Homeland Security’s interagency program office, said at an energy conference in April that there are maps — not available for public viewing — that “show you a handful of substations — six or so —  [where] you could take out those six substations and black out most of the U.S. east of the Mississippi, if you knew which six [they] were. And in many cases you could do it with a hunting rifle from a couple hundred yards away.”

There are some 1,500 companies that generate electricity in the United States, and the hodgepodge of federal agencies that oversee them have limited statutory authorities to force them to protect themselves against attacks, the Senate Energy and Natural Resources Committee hearing revealed.

“Limitations in federal authority do not fully protect the grid against physical and cyberthreats,” Joseph McClelland, director of the office of reliability at the Federal Energy Regulatory Commission, said. 

Legislation passed in 2005 gave the agency the authority to impose reliability standards on “bulk,” or large-scale, power systems. That law excludes local distribution facilities, federal installations located inside grids, and major cities such as New York. Hawaii and Alaska also don’t fall under the commission’s jurisdiction.

Officials are concerned about two threats: electromagnetic pulses, which come from solar storms or weapons, and cyber-attacks, particularly on “smartgrids,” which it turns out, are not very “smart” when it comes to protecting against hackers.

“No single security asset, technique, procedure or standard — even if strictly followed — will protect an entity from all potential cyberthreats,” said Gregory Wilshusen, director of information security issues at the Government Accountability Office. “The cybersecurity threat environment is constantly changing and our defenses must keep up.”

However, in the case of smartgrids, utilities continue to employ them without the necessary safeguards, the GAO has found. There is a lack of security features consistently being integrated into smartgrids and the current regulatory environment makes it difficult to ensure that power companies are properly protecting them.

Physical attacks against the grid can cause equal or greater destruction than cyber-attacks, McClelland said. An electromagnetic pulse, or EMP event, could seriously degrade or shut down large swaths of the nation. Depending on the attack, a significant part of the infrastructure could be “out of service for periods measured in months to a year or more,” he said.

“The self-reporting requirements, the enforcement provisions under the existing standards are important,” he said. “But at the end of the day, if there’s no enforcement provisions, there’s no teeth behind the provisions.”

The National Institute of Standards and Technology has guidelines for utilities to gird themselves from physical and cyber-attacks, but they do not address coordinated attacks, said Wilshusen. NIST “guidelines did not address an important element essential to securing smartgrid systems — the risk of attacks using both cyber and physical means.”

Meanwhile, there have been three major studies that looked at the possible effects of a massive solar storm on U.S. electrical grids. They reached different conclusions, Pugh said at the National Defense Industrial Association Environment, Energy Security and Sustainability symposium in New Orleans.

Experts are trying to map the grid and figure out what would happen in the event of an attack or solar storm, Pugh said. But there is nothing that requires the 1,500 companies to share proprietary data about their equipment, so coming to firm conclusions is difficult.

Transformers — which number about 2,000 nationwide — are a key vulnerability. Strong electrical pulses caused by a weapon or solar storm can irreparably damage them, he said.
“If you need a dozen of those tomorrow because somebody attacked the grid, or we had a space weather event that took out a dozen, you might be waiting quite a while,” he said. They weigh about 300 tons, can only be delivered by special rail car, and most are now manufactured overseas.

DHS’ Science and Technology Directorate, in partnership with the Department of Energy, has developed a “recovery transformer.” It is made of lighter materials, and is compact enough to be transported by truck. It can also be shipped without the hundreds of gallons of cooling oil it needs to function. The coolant would be inserted onsite. There are three U.S.-made transformers being tested now. To show how quickly they could be deployed, they were moved from a factory in St. Louis to a site in Houston, where they were up and running all within one week. Operational tests are ongoing and conclude next year. If the transformers are shown to be reliable, then utilities can decide whether they want to purchase them and have them on hand.

But that would be optional unless federal laws are passed that require companies to keep rapidly deployable transformers at the ready, Pugh noted.
Reader Comments

Re: Feds Fear Coordinated Physical, Cyber-Attacks on Electrical Grids

Im just a regular person who worries about the elctrical grid being attacked. I do live in the country, so I am greatful I wont have to flee the city when it happens, I have a garden and a lake for water, animals for meat and milk, and plenty of weapons, but I also have something in my plane view about 4 miles from me, a very big power plant, not only do I worry about the harmful emmisons it puts out I worry about it being a target, I can tell u that there is hardly any security I think a person could sneak in today with very lil planing and to make it even worse it has railroad cars that go right into to power plant carring the lignite. does anyone else worry like I do? I find myself doomsday prepping daily and looking out my window each day at that power plant is a constant reminder how vulenerable we all are.

Paige on 04/08/2013 at 13:18

Re: Feds Fear Coordinated Physical, Cyber-Attacks on Electrical Grids

I'm scared anarchy will ensue if the power grid goes down for more than 3 days... no gas, no water and no food.

blake on 03/15/2013 at 01:51

Re: Feds Fear Coordinated Physical, Cyber-Attacks on Electrical Grids

and were still not talking about sun storms. what ever it take,s i,m for it! still on insulation on our power lines. let,s just hope people get thinking.

j.mackey on 01/30/2013 at 20:49

Re: Feds Fear Coordinated Physical, Cyber-Attacks on Electrical Grids

As long as the electrical grid is online, it will never be safe. Anything online can and will be hacked. If the Pentagon has trouble keeping hackers out, do you honestly believe that electrical utilities will succeed? Who, in their infinite wisdom, decided to put our electrical grid controls online in the first place?

"Free trade" is wonderful, isn't it? Now we're not even making critical pieces of our infrastructure. How long can you remain a world leader when you don't make anything anymore? Eventually, someone will realize the emperor has no clothes.

James Corbin on 09/02/2012 at 21:55

Re: Feds Fear Coordinated Physical, Cyber-Attacks on Electrical Grids

I have been writing, teaching, and hectoring about this for the past -plus. W cover it in or courses for students at the DoD's schools and war colleges, but the recent debacle in Congress over the cyber security bill is yet another indication that our senior leaders still don't appreciate the threat. What is described here is what I and my colleagues have called I2O, or Infrastructure and Information Operations. It is a real threat, and someday it will happen...then watch Congress close the barn door after the house is long gone.

dr dan kuehl on 08/06/2012 at 20:11

Submit Your Reader's Comment Below
The content of this field is kept private and will not be shown publicly.
Please enter the text displayed in the image.
The picture contains 6 characters.
*Legal Notice

NDIA is not responsible for screening, policing, editing, or monitoring your or another user's postings and encourages all of its users to use reasonable discretion and caution in evaluating or reviewing any posting. Moreover, and except as provided below with respect to NDIA's right and ability to delete or remove a posting (or any part thereof), NDIA does not endorse, oppose, or edit any opinion or information provided by you or another user and does not make any representation with respect to, nor does it endorse the accuracy, completeness, timeliness, or reliability of any advice, opinion, statement, or other material displayed, uploaded, or distributed by you or any other user. Nevertheless, NDIA reserves the right to delete or take other action with respect to postings (or parts thereof) that NDIA believes in good faith violate this Legal Notice and/or are potentially harmful or unlawful. If you violate this Legal Notice, NDIA may, in its sole discretion, delete the unacceptable content from your posting, remove or delete the posting in its entirety, issue you a warning, and/or terminate your use of the NDIA site. Moreover, it is a policy of NDIA to take appropriate actions under the Digital Millennium Copyright Act and other applicable intellectual property laws. If you become aware of postings that violate these rules regarding acceptable behavior or content, you may contact NDIA at 703.522.1820.

  Bookmark and Share