Cybersecurity and the Electric Grid: An Imminent Threat or a Risk That Can Be Thwarted?
Thirty years ago, the concept of cybersecurity conjured up images of grungy computer hackers and endless strings of binary code, more akin to a Hollywood movie than reality. Today, however, the threat of cyber-attacks on our electric grid constantly looms over us like a harbinger of a post-apocalyptic time. As this escalates, and the grid becomes increasingly vulnerable as a result of a highly-interconnected Internet of Things, the need for security grows.
What Exactly Is the Electric Grid?
The electric grid is the commercial electric power generation, transmission, and distribution system comprising power lines and other infrastructure. The grid delivers electricity that is essential for modern life. According to Energy.gov, America’s electric grid supports more than 330 million people and requires 600,000 miles of transmission lines. Like the arteries that carry blood from our hearts to all parts of our bodies, this complex system is the lifeline that powers almost everything we do.
What Would a Cyber Attack Look Like?
Business Insider researched cyber warfare for an in-depth piece about what a large-scale attack on the U.S. could look like. The conclusion? “A successful cyberattack on critical infrastructure could do as much damage as a natural disaster, bringing a whole country to a standstill.” Cybersecurity attacks could cause widespread power outages in the U.S., resulting in water shutdowns, and leave individuals with no means of communication. The damage would be catastrophic.
What’s So Challenging about Protecting the Grid?
There are numerous reasons why protecting the grid is such a challenge. First, while the Federal Government has a vested interest in the electric grid, most of the grid is owned and operated by private industry, which is not incentivized to prioritize cyber defense, according to industrial cybersecurity expert Phil Neray from CyberX. Additionally, cybersecurity is a relatively new field, about which much is still unknown. It was only last year that the Cybersecurity and Infrastructure Agency (CISA) was created under the Department of Homeland Security. According to an assessment conducted by the Harvard’s Kennedy School of Government and the Belfer Center for Science and International Affairs, “Federal cybersecurity is a dense, inaccessible topic to those outside the information security community and even to some inside it. Information is scattered across a variety of government documents, with no ‘one-stop-shop’ to understand the topic.” Finally, attackers are becoming more and more sophisticated—and the U.S. must be wary of attacks from countless threats, including criminal groups, terrorists, and even other nations.
What Is the Federal Government Doing to Address This Risk?
In August 2019, the Government Accountability Office released a report titled “Critical Infrastructure Protection: Actions Needed to Address Significant Cybersecurity Risks Facing the Electric Grid.” This report: “1) describes the cybersecurity risks facing the grid, (2) assesses the extent to which [the Department of Energy] DOE has defined a strategy for addressing grid cybersecurity risks, and (3) assesses the extent to which [Federal Energy Regulatory Commission] FERC-approved standards address grid cybersecurity risks. Among other things, the report describes measures that the Federal Government has taken since 1997 to create protections against cyber-attacks.
Further, according to Nextgov, the House Homeland Security Committee approved legislation in late September to create an advisory group—comprised of state and local government officials and representatives across the financial services, healthcare, manufacturing, transportation, and energy sectors—to assist CISA in developing and enacting cyber policies. In addition to this legislation, the Senate passed legislation “that would stand up a permanent group of security specialists that agencies and industry could call on when their IT infrastructure gets compromised.” A few other key bills surrounding cybersecurity were also passed in the past few months in both the Senate and the House.
In November 2019, CISA released “Cyber Essentials for Small Businesses and Governments,” a series of actionable items that entities can take to protect against cyber-attacks. “When it comes to collective defense, we are only as strong as our weakest link, which is why CISA is committed to raising the bar in cybersecurity across all companies and government, regardless of their size,” said CISA Director Christopher Krebs. These guidelines are meant to help leaders “develop a culture of security.”
While cyber-attacks could shut down almost all aspects of our everyday lives, the security community is working to ensure that this threat is addressed, mitigated, and protected against. With renewed attention on this critical area and the new legislation approved by Congress, the hope is that the Federal Government and its partners can work faster, harder, and smarter than entities and individuals seeking to carry out a cyber-attack. One thing is certain: as our reliance on the electric grid only increases, so too does the potential for disaster.
To read more about the Federal Government’s numerous IT programs and policies, visit the General Services Administration Cybersecurity website.
Tara Ebrahimi is a writer and editor whose work can be found in the New York Times, National Alliance on Mental Illness website, Outlook magazine, and numerous other print and web journals.