A year-long survey of the US power utility infrastructure revealed that it is woefully insecure, and something needs to be done.
Near the end of World War II, the Department of War undertook a massive project called Allied Strategic Bombing Survey. The purpose of the survey was to decide the effectiveness of Allied bombing on German and Japanese industry. One interesting outcome of the report: Allied bombing would have been more effective if they had focused on the German and Japanese electrical grids.
Extrapolate that information to today, and all sorts of alarms should be going off since our reliance on electricity has jumped several orders of magnitude. Moreover, alarms are going off. The Center for the Study of the President and Congress, whose mission is "Apply the lessons of history to the challenges of today" launched a year-long project in July 2013 to learn how best to secure the US electrical grid from threats. The project employed representatives from Congress, the executive branch and private industry.
A year later, survey members released recommendations in the report Securing the U.S. Electrical Grid. The report said the US power grid provides electricity to more than 300 million people using 200,000 miles of transmission lines. For our purposes, it might be best to start with the report's definition of electrical grid.
Ten power markets constitute the electrical grid. Each power market has various power-generation plants, high-voltage transmission lines, and step up/down transformer stations. Also, in each market are a dizzying number of private utility providers that range in size from the Tennessee Valley Authority to small rural electric cooperatives.
Having so many companies working in the power-generation industry complicates matters. The report explained, "The multitude of actors involved in the generation and delivery of power, combined with the various governmental and industry-based organizations responsible for insuring the reliability and security of the electrical grid, requires careful examination in ensuring that the US grid is protected from a number of man-made and natural threats."
A closer look at the threats
Power utilities have a lot to worry about when it comes to what might disrupt power generation and distribution. Let's take a closer look at what the report considers to be security threats.
Cyber attack: With the move towards "smart grid" technology, the digital and physical gap between the public internet and Supervisory Control and Data Acquisition (SCADA) networks has all but disappeared. Affording nation-states, terrorist groups, crime organizations, and hackers all the chance to probe SCADA network-edges looking for weaknesses and potential ways to disrupt power generation and distribution.
Physical attacks: This type of attack is a real concern. How does one protect 200,000 miles of transmission lines? After talking to several electrical engineers who work in the power-generation industry, one seems grateful that losing electrical power is an infrequent occurrence.
Radiation bursts: Either a man-made or natural event where a burst of electromagnetic energy is released. This attack is broken down further into two man-made attacks and one natural-occurring phenomenon:
● An ElectroMagnetic Pulse (EMP) results when a nuclear weapon explodes at high altitude. The pulse destroys electronic devices, including equipment that controls the electrical grid. The good news: there are few organizations capable of this type of attack.
● A Directed Energy Weapon is similar to an EMP. However, the energy burst is more focused and does not need a nuclear detonation. Being portable and less a technological challenge, this type of attack is a concern.
● Geomagnetically-Induced Currents are the results of a Coronal Mass Ejection or a severe solar storm. The radiation emitted alters the Earth's magnetic field and can induce currents in transmission lines that can destroy electrical equipment. With enough lead time, power utility operators can protect key grid components.
Severe weather: Living in Minnesota, we are used to severe weather (winter and summer) wreaking havoc on power utilities. Major events like hurricanes or earthquakes exacerbate the problem.
The report also mentions besides threats leading to disruption of service; the power-generation community faces legislative and regulatory challenges from government agencies, industry groups, and other utility operators.
Cooperation is paramount due to the nature of the electrical grid. The report stated, "A single line outage or system failure: whether due to severe weather, natural or human-made EMP attack, or cyber and/or a physical attack can cause cascading power outages affecting millions of people and impinging enormous costs on the economy."
It is hard to argue with the report considering what happened during Hurricane Sandy. This Time report mentioned over 8 million homes lost power in 17 states as far west as Michigan.
Due to the nature of the electrical grid, the survey concluded it was impossible to protect the grid from every type of threat. What that leaves is an approach based on risk assessment that balances protection with the need to deliver affordable energy to consumers and businesses.
With that in mind, the report came up with several recommendations. The report divided the recommendations into short term and long term. First, the short-term recommendations:
● The Obama Administration needs to continue pressure to improve grid and infrastructure security: similar to Executive Order 13636 on cybersecurity and critical infrastructure and the National Institute of Standards and Technology framework for cybersecurity with an emphasis on preventative measures as well as improving service-restoration capabilities.
● Congress must legislate legal frameworks that address liability and privacy concerns.
● Government organizations dealing with power utilities should begin an exchange program. Allowing employees to work temporarily at private utility companies. And the opposite, allow members of power utilities to learn how government bodies work. The report feels this will open communication avenues needed during emergencies.
● Set up automatic reporting systems to share security information. During emergencies is not the time to be asking for information needed to restore power.
● The insurance industry and financial sector must be involved in the business model for electrical-grid security. Both are experts at risk assessment and can provide incentives to companies if they adapt suggested security practices.
The long-term recommendations
● The Department of Energy already works with the power utilities and should continue to address grid security issues. However, the Department of Homeland Security should be the lead on protecting critical infrastructure and cyber security.
● Power generation and distribution relies on other infrastructure and supply chains: including water, gas, and telecommunications. They need to have the same resiliency and access to service-restoration capabilities given the electrical grid.
Looking towards the future
The report's authors feel "smart-grid technologies," if secure, will improve the US electrical grid's chance of surviving a security threat, but smart or not, there is a lot wrong with the current system.
Read more about the smart grid in these TechRepublic articles, State of the smart grid: Solving the storage and transmission problem for clean energy, and 10 facts about the smart grid: IT's role in unlocking clean energy.