New Report Describes Electric Grid Vulnerability to Cyber Attack

A new report from the Manhattan Institute describes has the electric grid vulnerabilities to cyber attack is increasing as grid-internet connectivity increases.  Here is the Executive Summary:

Electric grids have always been vulnerable to natural hazards and malicious physical attacks. Now the U.S. faces a new risk—cyberattacks—that could threaten public safety and greatly disrupt daily life.

Utility executives and other experts argue persuasively that U.S. grids, especially long-distance grids, are currently well secured. Yet the key issue is not today’s security but tomorrow’s. Here the risks are growing rapidly. The push for “greener” and “smarter” grids requires far greater grid-Internet connectivity to ensure the continuous delivery of electricity. These greener, smarter grids will involve a vast expansion of the Internet of Things that greatly increases the cyberattack surface available to malicious hackers and hostile nation-state entities.

Cyberattacks overall have been rising 60 percent annually for the past half-dozen years, and utilities are increasingly targeted. A Cisco study found that 70 percent of utility-security professionals say that they have experienced at least one security breach. For their part, federal and state governments genuflect to the goal of reliable, resilient, and affordable electric service. Yet comparatively trivial sums are directed at ensuring that grids are more secure, compared with the vast funding to promote, subsidize, and deploy green energy on grids.

The central challenge for U.S. utilities in the twenty-first century is to accommodate the conflict between political demands for more green energy and society’s demand for more reliable delivery of electricity. Greater grid cybersecurity in the future means that policymakers must rethink the deployment of green and smart grids until there are assurances that security technologies have caught up. While the government needs to improve its vital role in helping with cyber “situational awareness,” the private sector must lead the way in defending against cyberphysical threats that evolve and move at tech-sector—not bureaucratic—velocities.

To lay out the state of affairs and provide recommendations for sensible U.S. grid cybersecurity policies, this report examines:

1. The forces that have made electricity far more critical than ever. The “information economy” is fundamentally electricity-dependent and is now a threefold bigger part of U.S. GDP than the oil-dependent transportation sector that dominated America’s economy in the twentieth century.

2. The structure of America’s grids and the history of blackouts. Outages have become increasingly common. Lloyd’s estimates that the damage from worst-case outage scenarios from cyberattacks would range from nearly $250 billion to $1 trillion.

3. The challenge of an “on-demand” economy that is escalating the peak demands for power. The twenty-first century’s unique— and widening—gap between average and peak energy demand is forecast to more than double in the coming decade, even as far more episodically available green-generating capacity is added to the grid.

4. The new character and magnitude of cyberphysical threats. A recent report found an over 400 percent rise in 2015 in the number of times that hackers probed for vulnerabilities in cyberphysical systems, a.k.a. the “Internet of Things.” With security experts claiming that the “next Cold War has already begun—in cyberspace,” the key is to keep critical infrastructures, especially electricity, off the front lines.

5. The skewed priorities in grid spending. During the past decade, wind and solar power, which cannot meet society’s 24/7 energy needs, accounted for over 75 percent of new generating capacity. In the same period, more than $150 billion in federal spending went to green- and smart-grid programs, while the U.S. Department of Energy spent $150 million on cybersecurity R&D.

6. The state of grid cybersecurity today. Even as cybersecurity concerns are causing most other industries to integrate cautiously into the Internet of Things, policymakers—despite warnings from the U.S. Department of Homeland Security—are pressing electric utilities to accelerate grid integration with the Internet.