Report Ponders What Follows a Cyber Attack on Electric Grid

The question is, what comes next?

A report by the Bipartisan Policy Center, “Cybersecurity and the North American Electric Grid: New Policy Approaches to Address an Evolving Threat,” devoted a chapter to what authorities may need to do in the event that a terrorist group, nation state or insider successfully switches off electricity in a major U.S. city.

“In the early phases [of the attack], it may not be possible to identify either the origins of an attack or its implications for the broader system,” said the report.

The example experts cite most often had nothing to do with terrorism. The 2003 multiday blackout in the Northeast that affected some 55 million customers in the United States and Canada was caused by a software bug in an Ohio control room and some unpruned trees. But it took almost a year for investigators to find out exactly what happened.

“Ten years ago we would have this conversation and say, ‘What if?’ Today … I think the question is, ‘When?’” Curt Hebert, former chair of the Federal Energy Regulatory Commission, and co-chair of the committee that wrote the report, said of a cyber attack on a grid.

More recently, Hurricane Sandy in 2012 pointed out further shortcomings in power delivery recovery efforts. Since then, utilities and other companies with grid assets have been working to strengthen their recovery plans, the report said.

“That said, the disruptions associated with a large-scale cyber attack are likely to challenge utilities’ operational abilities,” the report said.

There are two frameworks in place that are intended to guide federal agencies in such an event. One is the National Response Framework, developed by the Department of Homeland Security and the other is the 2010 Interim National Cyber Incident Response Plan.

“It is incumbent on policymakers to clarify how these two response systems can operate in a mutually supportive manner and to resolve ambiguities that may exist under the two frameworks with respect to roles, responsibilities and authorities for federal agencies,” the report said.

In the aftermath of an attack, a hacker could further manipulate monitoring tools and data, and cause more disruptions on command-and-control centers and to communications systems, the report said.

Actions to safeguard utilities from such an attack are needed, said retired Air Force general and former CIA director Michael Hayden, because agents have already infiltrated computer systems that control the nation’s power grids.

The supervisory control and data acquisition computer programs that run power plants do not contain trade secrets or information of interest to a cyber spy. Infiltration could only be for two purposes: a recreational hacker in there just for the challenge; or some agent who wants to conduct what the military calls IPB — intelligence preparation of the battlespace.

Topics: Cyber, Cybersecurity, Homeland Security, DHS Policy