 |
| In this file image from video released by the Department of Homeland Security, smoke pours from an expensive diesel electric
generator during a March 2007 demonstration by the Idaho National Laboratory, which was simulating a hacker attack against
the US electrical grid. Dept. of Homeland Security/AP/file |
New U.S. tack to defend power grid
Lawmakers are on alert as hackers increase attacks on US infrastructure.
from the October 30, 2007 edition
Page 3 of 3
In March 2005, security experts in the electric utility industry reported hackers were targeting the grid and had gained access to control systems, the GAO said last year. In a few cases, the cyberintrusions "caused an impact," although no serious damage occurred, it said.
Even so, a video released last month illustrates the potential danger to the power grid, experts say. While in the past, most had imagined a cyberattack might shut down patches of the US grid for a few days at worst, But the video – which shows a demonstration by the Idaho National Laboratory – depicts a large electric generator shaking violently, spraying metal parts, and spewing smoke before grinding to a stop.
The method of attack used in that demonstration could be replicated to destroy more and larger equipment, several experts say. Damage from such an attack would not be easy to repair quickly, because parts such as turbines are often huge, take a long time to build, and are made mostly overseas.
"There's a great danger right now that government will spend a lot of money trying to provide better perimeter defenses around the e-mail systems of government, when they should be thinking a lot more about critical infrastructure like the grid," Borg says.
A destructive attack could darken parts of the US for months, costing hundreds of billions of dollars and many lives, Borg's group estimates.
As soon as the vulnerability was identified, DHS alerted electric utilities nationwide and provided a fix. But it is not clear how widely the utilities applied the "mitigation measures" in the six months since the video, or even whether the NERC has the power to order a mandatory patch, says an Oct. 17 letter to the Federal Energy Regulatory Commission from Reps. James Langevin (D) of Rhode Island, Michael McCaul (R) of Texas, and Sheila Jackson-Lee (D) of Texas.
"We got the information into the hands of people that needed to know it," says Robert Jamison, DHS undersecretary for National Protection & Programs. "Currently, [utilities] are not a required [to respond], but industry does have a vested interest in these mitigations. We'll continue to monitor to see if we need to make it a requirement."
A spokesman for the electric industry says the industry is working hard on the cybersecurity issue and is moving at full speed to implement necessary fixes.
"Anytime we're adding something that's important enough to have effects on the system, reliability is the key issue," says Ed Legg, a spokesman for the Edison Electric Institute, which represents investor-owned utilities that supply 70 percent of the nation's power. "There is every incentive to do this. Our members are taking it very seriously."
RSS feed
