Energy

How Vulnerable Is The US Electrical Grid To Hacking?

REUTERS/Pawel Kopczynski

Daily Caller News Foundation logo
Andrew Follett Energy and Science Reporter
Font Size:

The American power grid is increasingly vulnerable to cyber-attacks despite the best efforts of government agencies as shown by recent investigations, Congressional hearings, and government reports.

“The threat to America’s power supply from a cyber attack increases every day. If just one major city were attacked in this way, the economic and societal consequences would be devastating. As cyber attackers become more sophisticated, it becomes more difficult for those who are vulnerable to protect themselves. Electric utilities must operate complex systems of power plants, transmission lines and distribution facilities, all interconnected through analogue and digital control systems. The development of effective cybersecurity technology will require cooperation across federal agencies and the coordination of basic science and engineering research and development programs” said Texas Republican Rep. [crscore]Lamar Smith[/crscore], chairman of the House Science Committee, in a statement to The Daily Caller News Foundation.

Smith isn’t alone in his concern for the cyber-safety of the power grid. A report by the Government Accountability Office released on October 21st recommends that the National Institute of Standards and Technology and the Federal Energy Regulatory Commission significantly improve their cyber-security standards.

The increased networking of the electrical grid allows for various time and money-saving features which make the day-to-day operations of the grid simpler, however they also make it much simpler for the grid to be accessed by unwanted persons. Utilities reported 13 different cyber break-ins between 2011 and 2014. A single one minute of grid downtime can cost up to $15,447 according to analysis.

A Freedom of Information Act request revealed that hackers successfully infiltrated the Department of Energy’s (DOE) computer system more than 150 times between 2010 and 2014. The National Nuclear Security Administration, a sub-agency within DOE that secures the country’s nuclear weapons, was hit with 19 successful cyber attacks over those four years.

Infecting industrial systems such as power grids with malware is so simple that there are 5 minute YouTube tutorials on how to do it. 

By overwhelming network links with traffic in a Distributed Denial of Service (DDoS) attack, Internet users or cyber-terrorists can and have removed the ability of utilities to communicate with their own electrical grids, effectively causing a blackout. It is entirely possible to hire “mercenary” DDOS attackers over the Internet. The estimated price for 24 hours of consistent DDoS attack is a mere $40, making such attacks available to pretty much anybody. Many companies actually hire hackers to perform DDoS attacks on their competitors.

Another serious concern is unauthorized remote access by hackers. Any kind of improper use of industrial systems can also be disastrous, as demonstrated by the explosion of the Sayano-Shushenskaya hydroelectric dam in Russia in 2009, which killed 75 people and caused an environmental catastrophe. The explosion occurred when a manager improperly accessed the plant remotely.

Despite years of effort from various federal agencies, many utilities still don’t even have staff members dedicated to cyber security and have to either hire outside help or simply not secure their networks.

Follow Andrew on Twitter

All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.

Andrew Follett