(Cyberwar.news) A expert in smart grid and software assurance technology says that the U.S. power grid has become a “valid target” for cyber attack, and that the nation cannot simply dismiss the possibility that it would ever be targeted either by a rogue entity or an enemy nation-state.
William A. Conklin, associate professor in the Information and Logistics Technology Department in the College of Technology at the University of Houston and director of the Center for Information Security Research and Education and coordinator of the Information System Security Graduate Program at UH, said in a recent column that most Americans take the national electric grid for granted because it has been a constant in their lives and, save for bad weather or other natural disasters, is generally reliable.
He also notes that the power grid is one of the country’s most vital assets, and that Americans “assume the electric companies are properly prepared and that government oversight and regulation will protect” it from attack.
Hardly, he said.
“Electric grids have been targets during conflicts since we became dependent upon them, and they are frequently first on bombing lists,” Conklin wrote. “Today, it doesn’t take bombs to disrupt electrical service; this can be done via computer hacks.”
Continuing, he said that the grid “is now a valid target, one to be concerned about and protected. This is no joke.”
He pointed out that in the days before Christmas, sophisticated hackers launched a cyberattack against two Ukrainian electricity companies, shutting down transformers and temporarily leaving about 80,000 customers in the cold winter darkness.
“Cybersecurity of the grid has become an issue demanding increased attention, and in my opinion, a fresh view on policy and regulatory options,” he wrote, adding that in January he testified before commissioners of the Federal Energy Reliability Commission (FERC), the federal agency that oversees several energy-related issues, which includes the reliability of the nation’s power grids.
FERC “performs in an oversight role over the North American Electric Reliability Corporation (NERC),” Conklin said. “NERC is the regulatory authority that for the North American bulk electric power grid. These distinctions are important, for they address the core question of who is minding our grid. In simple terms, FERC is limited to interstate bulk power, and then only by oversight of NERC. NERC passes regulations by a vote of its membership (hint – the regulated, so it is to some degree a self-regulating body) and is also limited in scope to bulk power system.”
- More: Russian hackers have burrowed into critical U.S. infrastructure like the electric power grid, says intelligence director
Conklin went on to say that assuming the government and power companies have the grid protected from hacking and cyber attack is wishful thinking.
“Upon examination, the regulatory framework is a patchwork of different agencies with differing responsibilities and legal authorities – in the end, each can adeptly point their finger to another with a statement of, ‘not my responsibility,’ or ‘outside our legal authority,’” he wrote. “The firms involved in the grid themselves have moved from high reliability and redundancy to efficiency, as the era of deregulation made profit more important than reliability. If this sounds worrisome, it is.”
But is it really a concern? After all, the U.S. power grid has never been attacked.
“In the last couple of years we have had cyber-attacks on grids across the globe, control centers locked out of their systems, ransomware attacks forcing utilities to pay ransom to get back their control,” he wrote. “This last December, malware was used as part of a cyberattack to block operators’ ability to control the grid in Ukraine. The result was a major blackout.”
And indeed, as Cyberwar.news has reported and Conklin noted as well, malware planted by foreign hackers has been found, just waiting for a signal to cause damage.
Since more of the power grid became connected to the Internet, he adds, it has become even more vulnerable.
“I am not saying that the industry isn’t doing anything – they have come a long way in the past decade to address these challenges. But when walking or running on train tracks, one must outpace the train – and it has been coming up behind us fast,” Conklin wrote.
Cyberwar.news is part of the USA Features Media network of sites.