The U.S. electrical power grid is vulnerable to cyber and physical attacks that could cause devastating disruptions throughout the country, federal and industry officials told Congress recently.
Gerry Cauley, president of the North American Electric Reliability Corp., said that several — if not all — other critical U.S. infrastructures depend on electricity, and that he is “deeply concerned” about attacks, extreme weather and equipment failures causing power outages.
“I am most concerned about coordinated physical and cyber attacks intended to disable elements of the power grid or deny electricity to specific targets, such as government or business centers, military installations, or other infrastructures,” Mr. Cauley told the Senate Energy and Natural Resources Committee last Thursday.
Mr. Cauley said the April 2013 attack on a California electrical power substation by unidentified gunmen did not result in power outages, but highlighted the vulnerability of the country’s three-sector power grid.
The incident at the Metcalf substation in Northern California “demonstrates that attacks are possible and have the potential to cause significant damage to assets and disrupt customer service,” he said.
Cheryl A. LaFleur, acting chairman of the Federal Energy Regulatory Commission who testified at the Senate hearing, said the Metcalf attack led federal authorities to conduct a 13-city campaign to warn utilities about the need for better security.
Ms. LaFleur said cyber threats to electrical infrastructure are “fast-changing,” as she called for better information-sharing about threats between government and industry.
Sue Kelly, head of the American Public Power Association of more than 2,000 U.S. electric utilities, testified about the growing danger of cyberattacks against the power grid.
“The threat of cyberattack is relatively new compared to long-known physical threats, but an attack with operational consequences could occur and cause disruptions in the flow of power if malicious actors are able to hack into the data and control systems used to operate our electric generation and transmission infrastructure,” Ms. Kelly said.
To date, security measures have prevented a successful cyberattack on the bulk electric system, she said.
An Energy Department-sponsored study published last fall said the U.S. power grid is vulnerable to catastrophic disruption by nation states like China and North Korea, terrorist groups like al Qaeda, and non-state criminals.
The 269-page study “Electric Sector Failure Scenarios and Impact Analyses” was published in September by the National Electric Sector Cybersecurity Organization Resource, a non-government group of industry and security specialists.
A malicious software cyberattack on the power grid’s Distributed Energy Resource Management System (DERMS), which manages requests and commands for the power system, would damage transformers that are costly and difficult to replace.
Cyberattacks against computers that distribute electrical power over wide areas could be jammed or disrupted through wireless signals.
And cyber attackers could cause widespread power outages or cascading power failures by gaining access to distribution systems and equipment via remote hacking.