Cyber security: Power grid grows more vulnerable to attack, report finds
'Smart grid' features and Internet-based connections to the US power grid are proliferating, increasing pathways for would-be cyber attackers, says a study from MIT. What to do?
America's electricity grid is a big, juicy target for cyberattacks – and it's getting more vulnerable as interactive "smart grid" features and other Internet-based connections are grafted onto an old, insecure system, a major new study reports.Skip to next paragraph
Subscribe Today to the Monitor
Despite development of new cybersecurity standards, the electric utility industry is creating more new vulnerabilities than it is patching and, thus, losing ground to attackers, the Massachusetts Institute of Technology "Future of the Electric Grid" study found.
"Millions of new communicating electronic devices ... will introduce attack vectors – paths that attackers can use to gain access to computer systems or other communicating equipment," the report states. "That increase[s] the risk of intentional and accidental communications disruptions," including "loss of control over grid devices, loss of communications between grid entities or control centers, or blackouts."
Every new "smart meter," as well as new sensors and major equipment at generating plants, will soon be connected to communications modules – resulting in millions of components from hundreds of manufacturers and software from many developers. The presence of "so many interfaced components increases system complexity as well as the number of potential cyber vulnerabilities," the study found.
Shoring up cybersecurity for the power grid would cost about $3.7 billion, a relatively small amount compared with the $476 billion that a "smart grid" upgrade could cost, according to a report earlier this year by the Electric Power Research Institute.
Even so, it is "difficult to make the business case" for cybersecurity investments because the probability of a devastating attack is so low. One problem: Regulations that mandate action often end up as a mere checklist for utilities – without actually improving security, because cyberthreats keep evolving.
Cybersecurity for the power grid is of concern to many. The Federal Energy Regulatory Commission (FERC) and North American Electric Reliability Corp. jointly oversee development of cybersecurity standards for power companies in the bulk power system. The National Institute of Standards and Technology is working on another set of standards. The Department of Homeland Security (DHS) and the Department of Energy (DOE) are weighing in, too.