When the Trump administration announced new and tougher sanctions on Russia last week, officials also said the sanctions were, in part, punishment for attempted Russian cyberattacks on critical U.S. infrastructure, including the United States’ power grid.
Over the past several years, hackers have targeted a Vermont utility, power grids in Ukraine and Ireland, a nuclear power plant in the U.S. and U.S. energy companies, according to news reports.
The Puerto Rico Electric Power Authority reported Monday that it was hacked.
The U.S. electrical grid is highly complex with some 3,300 utility companies that work together to deliver power through 200,000 miles of high-voltage transmission lines. The nation also has 55,000 electrical substations and 5.5 million miles of distribution lines that power millions of homes and businesses, according to a report last year.
Just how vulnerable is the U.S. to a cyberattack on its critical infrastructure, like the power grid?
In April of 2017, the Council on Foreign Relations released a report on the vulnerability of the U.S. power grid. Because of the importance of electricity to the smooth functioning of society and because of the critical nature of power to the 16 sectors of the U.S economy that make up what’s considered critical infrastructure, a significant attack on the grid could cause serious damage in the U.S., if it were to happen. “Any of the system’s principal elements – power generation, transmission or distribution – could be targeted for a cyberattack,” the agency said.
Here are 5 things to know:
1- The U.S. power grid has long been considered a target for a major cyberattack; however “carrying out a cyberattack that successfully disrupts grid operations would be extremely difficult, but not impossible,” according to the Council on Foreign Relations’ report.
2- The U.S. power grid was built for “reliability and safety” and is fairly easy to defend. During winter weather or a hurricane for example, U.S. power crews are good at anticipating problems and can generally move away from computers to manual operations, cyber security expert Robert M. Lee said in an interview with Scientific American magazine.
3- Because of computer technology and the growing interconnectedness of the digital landscape, and because returning to manual operations is growing more difficult, Lee said that there is cause for concern. “Our adversaries are getting much more aggressive. They’re learning a lot about our industrial systems, not just from a computer technology standpoint but from an industrial engineering standpoint, thinking about how to disrupt or maybe even destroy equipment. That’s where you start reaching some particularly alarming scenarios,” Lee told Scientific American.
4- The director of the National Security Agency, Adm. Michael Rogers, in testimony before Congress in 2014, said that China and a few other countries likely had the capability to shut down the U.S. power grid. “Rapid digitization combined with low levels of investment in cybersecurity and a weak regulatory regime suggest that the U.S. power system is as vulnerable - if not more vulnerable - to a cyberattack as systems in other parts of the world,” officials with the Council on Foreign Relations said.
5- A cyberattack on the U.S. electric grid could cause power losses in large parts of the United States that could last days or up to several weeks in some places, and it would cause a substantial economic impact, the Council on Foreign Relations reported. The report found the U.S. needs to work to put in place measures to prevent a cyberattack on the power grid, and to find ways to lessen the potentially catastrophic impact should one occur.