Electrical grid cyber security


I saw this video on Time’s site which features a conversation about the vulnerability of the U.S. electrical grid. The experts felt that the capability to take down the grid was only in the hands of half a dozen nation states at the present time, but didn’t elaborate why. What would keep an individual actor or terrorist group from developing this capability?


Low tech terrorism works just as well.

Could a state level actor take down portions of the power grid?
Possibly, although they would have to have extremely detailed knowledge of the system to do so, including planned outages and on-going maintenance schedules.
Could the put down major portions or all of the US power grid?
No, they could not.

Several reasons:

[li]Much of the system is still electromechanical instead of electronic - That means that it has mechanical and electrical as well as electronic portions to it. Unless someone was physically present to shut down the mechanical portions, they would remain in service.[/li][li]Much of the power system is on INTRAnets - They have no access or exposure to the Internet and as such they would have to accessed in person rather than at a distance.[/li][li]The outages would be noticed as they were occurring - All of the major systems in the US have people monitoring them 24-7. That means if one or more went down, multiple people would see it or hear the alarms and would respond accordingly. Any attack would have to compensate for this, making it far less effective.[/li][/ol]

While a Carrington event (a massive solar storm episode like one in 1859) would probably knock out a great deal of a major country’s electrical grid, very few cyber attacks (even those by state level actors) could do more than knock out a few cities or at most, a metropolitan area. Certainly a disaster, but not the “armageddon” that cyber security experts are won’t to sell to the public.

I am intimately involved with electric grid cyber security. nevadaexile’s #2 above is key. I don’t care what the first guy said, there’s no way that companies expose their EMS systems to the internet in 20 ways. They would never pass their CIP audits if they did. FERC, NERC and RTO’s take this stuff extremely seriously and if other companies take it as seriously as mine does (and they do) then it won’t be cyber assets that will be attacked, it will be the big physical assets that are exposed to anyone that happens to drive by.

Why all the hand-wringing over potential terrorism when a single, random generator trip could black out the entire Northeast U.S.?