What would happen if the electric grid was cyberattacked?

Almost every aspect of American life depends on electricity—from producing goods to saving lives, from defending the country to conducting electronic banking and commerce, from simple communications to feeding our families safely.

It could take 1 to 2 years before the grid could be brought back up if transformers were damaged.

There are lots of potential targets.   Our power grid has 6,413 power plants that produces 1,075 gigawatts, which moves from power plants to 143 million customers via 203,9300 miles of high-voltage AC transmission lines & 6,222 miles of high-voltage DC transmission lines, thousands of substations, and millions of miles of lower-voltage distribution lines.

If we link the entire grid to people’s homes that makes the entire grid vulnerable to hackers.  Smart meters are vulnerable to computer worms that could spread over wide areas, turnoff off smart meters as they went — hackers could bring down the entire grid, according to Mike Davis of IOActive, a Seattle security company.

Scenario 1

Imagine that cyber criminals have been gaining access to various parts of the power grid for years. They have infiltrated enough systems to make it possible to knock out power for the entire Northeast grid. They launch an attack in winter and power goes down throughout the area. Not only do people lose heat, light, refrigeration, cooking facilities, communication, and entertainment, but the systems that pump our water from reservoirs—and those that purify the water in the reservoirs—are affected. No potable water, perhaps no water at all, and no capacities for managing sewage.

Even if stores have back-up generators, they cannot order the inventory because their systems are electronic. Banking comes to a halt because funds can no longer move electronically. Gas stations can no longer sell gasoline. Commerce effectively ends because order fulfillment systems are down, payment systems are down, and communication is down. Those consumers with phone service through the internet— including those triple play plans offered by major providers—are out of luck because their service is no longer over the traditional land-line telephone network. Hospitals and medical centers, which might also have independent generators, can care for only the most critical patients, as they cannot check on patients’ insurance status or connect with the outside world electronically. While many of these sectors have emergency back-up systems to enable them to maintain operations during a power failure, those back-up systems are meant to be temporary—not long-term.

Yet the systems used to manage our electricity, the supervisory control and data acquisition, or SCADA systems, are antiquated, running on commonly available operating systems, and with their design having changed little since their introduction decades ago. They were never designed or built securely, and they certainly were not meant to be connected to the internet. And even today, we find that many electric companies still use vendor-supplied default passwords because they allow easy access in times of crisis or for maintenance and repair.

A report by CSIS and McAfee interviewing executives in the energy and power sector found that a large majority of them had reported cyber attacks, and about 55% of these attacks targeted SCADA. In 2009, nearly half of the respondents said that they had never faced large-scale denial of service attacks or network infiltrations. By 2010, those numbers had changed dramatically; 80 percent had faced a large-scale denial-of-service attack, and 85 percent had experienced network infiltrations. Meanwhile, a quarter of the interviewees reported daily or weekly denial-ofservice attacks on a large scale. A similar number reported that they had been the victim of extortion through network attacks or the threat of network attacks. Nearly two-thirds reported they frequently (at least monthly) found malware designed for sabotage on their system.

Attacks on systems like SCADA can give hackers direct control of operational systems, creating the potential for large-scale power outages or man-made environmental disasters. Yet in the United States, many companies have not adopted security measures for their SCADA systems, and many report their SCADA systems connected to IP networks or the internet, making these systems even more susceptible to attacks.

What happens when there are multiple, simultaneous failures or system manipulations in the electric grid? Industry experts acknowledge that the grid is not currently equipped to handle this situation.

Scenario 2 (developed by the National Institute of Standards and Technology)

Using simple computer programs that dial consecutive phone numbers looking for modems, an adversary finds modems connected to programmable breakers of the electric power transmission control systems, then crack the passwords that control access to the breakers and change the control settings to cause local power outages and damage equipment. The adversary lowers the settings from 500 amps to 200 amps on some circuit breakers, taking those lines out of service, and then diverts power to neighboring lines, at the same time raising the settings on the neighboring lines to 900 amps which prevents the circuit breakers from tripping, and overloading the lines.

This causes significant damage to transformers and other critical equipment, resulting in lengthy repair outages.

This is not a particularly sophisticated attack and it can be carried out remotely by anybody with anonymity. The harm it could cause will be far beyond the disruption of service and the loss of data. When you can successfully disable a portion of the power grid, you can generate cascading consequences.

When transformers fail, so too will water distribution, waste management, transportation, communications, and many emergency Government services. People who take medicines that require refrigeration will quickly face the prospect of going without those drugs. Given the average of a 12-month lead that is required to replace a damaged transformer today with a new one if we had a mass damage of that scale in a local regional level, the economic and societal disruption would be enormous.

Electricity Grid in U.S. Penetrated By Spies.

8 Apr 2009. Gorman, Siobhan. Wall Street Journal.

Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven’t sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.

“The Chinese have attempted to map our infrastructure, such as the electrical grid,” said a senior intelligence official. “So have the Russians.”

The espionage appeared pervasive across the U.S. and doesn’t target a particular company or region, said a former Department of Homeland Security official. “There are intrusions, and they are growing,” the former official said, referring to electrical systems. “There were a lot last year.”

Many of the intrusions were detected not by the companies in charge of the infrastructure but by U.S. intelligence agencies, officials said. Intelligence officials worry about cyber attackers taking control of electrical facilities, a nuclear power plant or financial networks via the Internet.

Authorities investigating the intrusions have found software tools left behind that could be used to destroy infrastructure components, the senior intelligence official said. He added, “If we go to war with them, they will try to turn them on.”

Officials said water, sewage and other infrastructure systems also were at risk.

“Over the past several years, we have seen cyberattacks against critical infrastructures abroad, and many of our own infrastructures are as vulnerable as their foreign counterparts,” Director of National Intelligence Dennis Blair recently told lawmakers. “A number of nations, including Russia and China, can disrupt elements of the U.S. information infrastructure.”



Spellman, Frank. Energy Infrastructure Protection and Homeland security.

This entry was posted in CyberAttacks, Electric Grid, Infrastructure Attacks. Bookmark the permalink.

Comments are closed.