How Vulnerable Is the US Electricity Grid to a Cyberattack?

Print Email

The President’s National Infrastructure Advisory Council (NIAC) on Tuesday released its report on the threat of cyberattacks on the nation’s critical infrastructure. That infrastructure includes the U.S. electricity, finance and communications industries.

The NIAC recognizes both the imminent threat of a major cyberattack and the weapons the country has to defend against them. The United States, according to the report, has the capability and resources to defend critical systems “provided they are properly organized, harnessed, and focused. Today we’re falling short.”

A number of studies have all pointed to the same conclusion: “There is a narrow and fleeting window of opportunity before a watershed, 9/11-level cyberattack to organize effectively and take bold action.” The NIAC report recommends that the Trump administration “use this moment of foresight to take bold, decisive actions.”

The report enumerates 11 recommendations that the NIAC considers to be the bold, decisive actions needed. Among them is the creation of a separate, secure communications network capable of ensuring “critical control system traffic and reserved spectrum for backup communications during emergencies.” Other recommendations include better information sharing between industry and government, more rapid declassification of intelligence enabling better sharing of information, and granting security clearances to cyber industry leaders to allow them access to information classified as secret or top-secret.

NIAC points to the cyberattack launched against Ukraine in 2015 that caused widespread disruption of power services throughout the country. The U.S. electricity sector comprises more than 3,300 facilities — both publicly and privately owned — that generate, transport and distribute electricity throughout the country. Because the systems are all interconnected, “a disruption in one small utility can potentially cascade into a widespread and long-term outage.”

Critical infrastructure is an official Department of Homeland Security (DHS) designation referring to 16 sectors deemed vital for the country to function efficiently. In addition to electricity and finance, it includes transportation hubs, such as airports, chemical plants, oil and gas facilities and water treatment plants, among other sectors. The NIAC was established shortly after the terrorist attack of September 11, 2001, and advises DHS on the security of U.S. critical infrastructure against attacks that could be either physical or cyber.