The planned blackouts that left 2 million California residents without power should be a wake-up call to modernize and protect America’s power grid.
Step one is to upgrade the grid, much of which is old and worn out. In California and elsewhere, this leads to wildfires. But it is unplanned outages from grid malfunctions, particularly during storms, that also threaten public safety while disrupting economic and personal activity.
According to the Department of Energy, 70 percent of power transformers are 25 years or older, along with 60 percent of circuit breakers and 70 percent of transmission lines. Utilities are already spending $50 billion annually to improve the grid and these costs are likely to rise.
Step two is to address a more pernicious and growing challenge: cyberattacks. National security and other officials have been warning about these dangers from nation states for years. An August U.S. Government Accountability Office report found, “Nations, criminal groups, terrorists, and others are increasingly capable of attacking the grid.”
America’s electric grid is large and diffuse. According to the Energy Department, there are more than 5,700 private and government-owned entities involved in the generation and transmission of electricity. This provides bad actors with many avenues to enter the grid, and they are looking for the weakest links.
In recent years, there has been much progress made in sharing information about threats and the best practices to prevent attacks. This information is usually cloaked in secrecy to not let adversaries know the preventive steps that are being taken.
But the culture of secrecy and has gone too far and needs to change.
Today it is next to impossible to know the degree to which a utility has been attacked and how robust its efforts are to fight cyberattacks. As utilities perform a public function, providing electric power, and a loss of power is often catastrophic, citizens and regulators should know the general cyber preparedness of their utilities.
The grid’s regulators, the Federal Energy Regulatory Commission and the North American Electric Reliability Corporation have made a modest but important proposal in this regard. An August 27 white paper recommends that those utilities that violate critical infrastructure protection standards be named, along with the violated reliability standard and the penalty amount.
It is not just the public that needs and is entitled to this basic information. Congress needs to know the extent of violations, for both policymaking and to help address the situation with utilities in their districts. Investors should also be aware of the basic risks and cyber quality at companies.
Despite the many foreign threats and challenges to the grid, the United States should be able to marshal the technological resources to preempt and mitigate such threats. World-class companies like Raytheon, BAE Systems and Sierra Nevada Corporation are among those with such cyber-fighting expertise.
As difficult as it may be for utilities and others to discuss publicly threats to the grid, this must be done. So too must there be a continuous commitment to gearing up to prevent cyberattacks.
Our adversaries are counting on passivity as they seek to disrupt the grid, while hoping to one day to be able to take it down at will. This must not happen.