Emergency drill: Cyberattack on electric grid

As Worries Over the Power Grid Rise, a Drill Will Simulate a Knockout Blow

By Matthew L. Wald   August 16, 2013. New York Times.

The electric grid is the glass jaw of American industry. If an adversary lands a knockout blow, it could black out vast areas of the continent for weeks; interrupt supplies of water, gasoline, diesel fuel and fresh food; shut down communications; and create disruptions of a scale that was only hinted at by Hurricane Sandy and the attacks of Sept. 11.

This is why thousands of utility workers, business executives, National Guard officers, F.B.I. anti-terrorism experts and officials from government agencies in the United States, Canada and Mexico are preparing for an emergency drill in November that will simulate physical attacks and cyberattacks that could take down large sections of the power grid.

One goal of the drill, called GridEx II, is to explore how governments would react as the loss of the grid crippled the supply chain for everyday necessities. One example is a substation break-in that officials initially think is an attempt to steal copper. But instead, the intruder uses a USB drive to upload a virus into a computer network.

The drill is part of a give-and-take in the past few years between the government and utilities that has exposed the difficulties of securing the electric system.

The grid is essential for almost everything, but it is mostly controlled by investor-owned companies or municipal or regional agencies. Ninety-nine percent of military facilities rely on commercial power, according to the White House.

There are 5,800 major power plants and 450,000 miles of high-voltage transmission lines, monitored and controlled by a staggering mix of devices installed over decades.  Many rely on Windows-based control systems that …may be vulnerable to software — known as malware — that can disable the systems or destroy their ability to communicate, leaving their human operators blind about the positions of switches, the flows of current and other critical parameters. Experts say a sophisticated hacker could also damage hard-to-replace equipment.

Preparation for the November drill comes as Congress is debating laws that could impose new standards to protect the grid from cyberattacks, but many in the industry, some of whom would like such rules, doubt that they can pass.

The drill is also being planned as conferences, studies and even works of fiction are raising near-apocalyptic visions of catastrophes involving the grid.

A National Academy of Sciences report last year said that terrorists could cause broad hardship for months with physical attacks on hard-to-replace components. An emerging effort led in part by R. James Woolsey, a former director of the Central Intelligence Agency, is gearing up to pressure state legislatures to force utilities to protect equipment against an electromagnetic pulse, which could come from solar activity or be caused by small nuclear weapons exploded at low altitude, frying crucial components.

An attack using an electromagnetic pulse is laid out in extensive detail in the novel “One Second After,” published in 2009 and endorsed by Newt Gingrich. In another novel, “Gridlock,” published this summer and co-written by Byron L. Dorgan, the former senator from North Dakota, a rogue Russian agent working for Venezuela and Iran helps hackers threaten the grid. In the preface, Mr. Dorgan says such an attack could cause 10,000 times as much devastation as the terrorists’ strikes on Sept. 11, 2001.

Despite the growing anxiety, the government and the private sector have had trouble coordinating their grid protection efforts.

Another problem is that the electric system is so tightly integrated that a collapse in one spot, whether by error or intent, can set off a cascade, as happened in August 2003, when a power failure took a few moments to spread from Detroit to New York.

This entry was posted in Infrastructure Attacks. Bookmark the permalink.

Comments are closed.