America’s most important infrastructure is also our most vulnerable–the electric grid.
Without electricity, there is no water or sewage service, vast amounts of food go bad, and modern life comes to a halt. Chaos ensues.
The electric grid faces two formidable challenges. Like other infrastructure, much of it is old and needs to be replaced. The average age of transmission infrastructure in the United States is 40 years old, with 25 percent of the grid at least 50 years old.
Second, the electric grid is literally on the screens of foreign adversaries (e.g., China, Russia, and Iran) who have been attacking it. They are also developing new and more penetrating techniques to bring it down at will via cyberattacks.
“Our adversaries and strategic competitors will increasingly use cyber capabilities – including cyber espionage, attack, and influence – to seek political, economic, and military advantage over the United States and its allies and partners,” said Dan Coats, former Director of National Intelligence, during Senate testimony in January 2019.
The wave of warnings has continued in reports from government agencies and others.
One of the most recent, a March 2021 report from the independent Government Accountability Office warned: “The U.S. grid’s distribution systems – which carry electricity from transmission systems to consumers and are regulated primarily by states – are increasingly at risk from cyberattacks. Distribution systems are growing more vulnerable, in part because their industrial control systems increasingly allow remote access and connect to business networks.”
Fixing this complex problem is much harder than doling out large amounts of pork barrel spending. The private sector owns and needs to make major investments in large segments of the grid. That should be encouraged.
There needs to be enhanced reporting requirements about cyber events and violations so that all electric utilities can better guard against intrusions.
Public-private cooperation is also imperative. As nation-states attack individual utilities, the full support of America’s government and tech sector needs to be available to stop dangerous attacks before they cascade into widespread outages that could lead to electricity losses for weeks or even months.
The Biden and Trump administrations have placed added emphasis on electric grid cybersecurity. The Biden administration has included a funding increase for the Cybersecurity and Infrastructure Agency and is looking to strengthen Department of Energy cybersecurity programs over the next 100 days.
With a robust information technology industry, the United States has the capability to fight cyberattacks and stay ahead of developments. This cyber-fighting expertise includes world-class companies such as Raytheon Technologies, Forescout, and Sierra Nevada Corporation.
There is strong bipartisan support for strengthening cybersecurity. State governments can also play a role in protecting the grid, according to an April paper published by the National Governors Association. The GAO report also outlines vulnerabilities that can best be addressed by states.
Unlike with bridges, roads, or sewers, keeping the electric grid secure requires continuous, perennial work.
In the years ahead, it will be important for electric utilities to make fuller disclosures to their investors and regulators about cyber vulnerabilities. Credit rating agencies should also weigh in on this as they evaluate creditworthiness.
This is essential as both a preventative measure and to ensure that the taxpayers will not be on the hook when there is a catastrophic grid outage requiring hundreds of billions of dollars to fix.
The challenges to the electric grid are serious, dangerous, and growing. Through ongoing resolve and commitment, we will be able to not only preserve but improve the electric grid, our most vital form of infrastructure for modern living.