The security of the U.S. electric power grid against cyber threats is a growing concern among lawmakers, regulators, industry, and the public at-large. Cyber warfare poses a serious threat to the grid's physical infrastructure, and without effective preventative measures, the grid may be compromised by cyber attack. The best way to combat cyber threats remains unknown. But even without clear regulatory direction, owners and operators of critical electric infrastructure must develop appropriate and effective compliance programs to address the risk of cyber attack to their physical assets.
This is the first of two articles addressing threats to the physical power grid posed by cyber attack. In this article, we outline the nature of the current threat, the existing regulatory framework intended to combat the threat, and the uncertain future of additional regulatory solutions. In part two, we will identify proactive measures that industry can take today, notwithstanding the unknowns, to mitigate the risk of cyber attack.
The Nature of the Current Threat
Cybersecurity threats are often thought of in terms of theft of personal data, such as an individual's Social Security number or online banking password. But in addition to the compromise of data and individual privacy, cyber attacks can threaten the physical critical infrastructure that makes up the electric power grid, such as generators, transformers, substations, and transmission lines. If the physical infrastructure is compromised, grid reliability will suffer, potentially resulting in major system failures and sweeping blackouts that would threaten our modern way of life.
The potential threat to the transmission system from man-made electromagnetic pulses, or EMPs, such as might result from a nuclear weapon detonation, is well-known. But in March 2007, the Department of Homeland Security (DHS) also demonstrated the vulnerability of the physical grid to more unconventional man-made cyber threats. As part of a demonstration, the DHS hacked into a generator control station from a remote access point and caused the generator to self-destruct. Known as Project Aurora, the DHS experiment highlighted a debate among regulators and industry stakeholders regarding the grid's vulnerability to cyber attack and how best to combat cyber threats to critical infrastructure.
More recently, the Stuxnet worm, described as the most sophisticated cyber weapon ever deployed, effectively disabled Iran's nuclear arms development program in 2010 (if only temporarily). Stuxnet attacked supervisory control and data acquisition (SCADA) systems that control and operate Iranian nuclear facilities. Iran has also discovered the Stars virus, which may be part of an ongoing cyber attack aimed at physically destroying Iranian systems and nuclear arms development capabilities. These and other cyber weapons are difficult to control once deployed. So there is a real risk that threats like Stuxnet, which has now spread worldwide, and Stars could fall into the wrong hands and be used to target the SCADA systems that control and operate the U.S. power grid.
The growing interest in and deployment of smart grid technologies intensifies the debate surrounding cyber threats to the physical grid. Smart grid initiatives hold the promise of a more efficient and cost-effective grid through information sharing efforts at all levels of the power industry, from generators and transmission planners to distribution utilities and retail consumers. However, the price paid for the increased communication ushered in by a smarter grid is the proliferation of access points for cyber terrorists to infiltrate and compromise the grid.
The growing number and sophistication of cyber threats to physical infrastructure are a concern of worldwide proportion; they are constantly evolving and span industries and the globe. At this critical juncture the sheer breadth of known cybersecurity threats augments the problem; those in positions of authority struggle to decide who, what, and how to regulate in this largely unchartered world of cyber warfare. But it is widely apparent that maintaining the status quo is not a viable option.
Share
Email
Comments
Print
BlinkList
Blogmarks
Del.icio.us
Digg
Favoriting
Furl
Google Bookmarks
Netscape
Newsvine
Reddit
Simpy
StumbleUpon
Technorati
Twitter
Windows Live
Yahoo! My Web