The U.S. electric grid is under attack. And it is an unfair fight because hostile nations are taking aim at individual electric utilities. The race is on to see whether the United States will properly coordinate its resources to mitigate such attacks before disaster strikes.
In December, the president’s National Infrastructure Advisory Council (NIAC), a group of senior executives from industry and from state and local governments who own and operate critical infrastructure, warned of these dangers in a report to the president and National Security Council.
Their report said, “Escalating cyber risk to America’s critical infrastructure present an existential threat to continuity of government, economic stability, social order, and national security. U.S. companies find themselves on the front lines of a cyber war they are ill-equipped to win against nation-states intent on disrupting or destroying our critical infrastructure. Bold action is needed to prevent the dire consequences of a catastrophic cyberattack.”
NIAC has also issued some compelling recommendations. This includes establishing a Critical Infrastructure Command Center (CICC) to improve real-time sharing and processing of private and public data between government and companies.
It also calls for a national exercise to launch the CICC by bringing together cleared private sector experts with intelligence officers and others in the government to collaboratively understand threats and the underlying consequences.
NIAC was formed soon after the September 11 attacks. The group’s leadership includes senior executives from such corporate stalwarts as Berkshire Hathaway, Constellation Energy and AIG. Its work is one of a series of major recent government reports about America’s electric grid cyber vulnerabilities.
In addition, Lloyd’s of London has warned that a concerted attack on the U.S. power grid could cost $1 trillion.
For electric utilities, the consequences of a cyberattack, which could disable large sections of the grid for weeks or longer, would be severe and unprecedented. Today it is difficult to obtain insurance to address this liability. This underscores the need for pre-emptive and proactive actions.
First, electric utilities need to have high quality programs in place to prevent cyberattacks. The good news is that world-class companies such as Raytheon, BAE Systems and Sierra Nevada Corp. are among those with cyber-fighting expertise. Sierra Nevada recently introduced Binary Armor, a system that focuses on addressing operational technologies.
Second, electric utilities need to aggressively implement programs whether the cost will be passed along to ratepayers or not. At a time of falling fuel prices it would be especially foolish to forgo such protections. Federal policymakers must continue to point out aggressively the need for such programs, while implementing recommendations like those that NIAC has proposed.
Third, utilities face potential wide-scale embarrassment if they violate federal reliability standards. A proposal from the grid’s principal regulators, the Federal Energy Regulatory Commission and the North American Electric Reliability Corp., would require public disclosure of utilities that violate grid reliability cyber protection standards.
Whether or not the proposal is implemented, a growing number of news outlets and activists are finding utilities that violate these standards and disclosing them.
Electric grid security is pivotally important for our economy to function and for people to be safe. The recent electric grid disruptions in Puerto Rico should be a chilling reminder for how much is at stake to keep our grid secure.
