The country’s largest electrical company, otherwise known as Duke Energy, is on high alert for cyber attacks that stymie the flow of electrical power. Headquartered in Charlotte, North Carolina, the company is working with U.S. intelligence agencies about potential threats, the Duke Energy executive heading electronic protection efforts told sources.
Duke Energy maintains various electrical generating plants, including dams and nuclear facilities. The company is focused on protecting three out of 16 different types of plants which are critical to the backbone of the U.S. economy from cyber attacks. Duke provides power to approximately 7 million customers in the Southeast and Midwest, so it should be unsurprising that the company is bombarded with cyber threats, Duke Energy Executive Vice President A.R. Mullinax said.
Mullinax claims he holds a U.S. government clearance that enables him to be briefed by the FBI and other national security agencies about threats to the power grid, which underpins everything, from databases to refrigerators.
“FBI is actually a great resource,” Mullinax said in a recent interview. “They don’t necessarily share classified information with us, but they can say we’re seeing things that would cause you to take this action.”(1)
Mullinax has good reason to be weary of cyber attacks. As war becomes increasingly indirect with the use of drones and cyber warfare, some have hypothesized that world war three is more likely to be waged by a cyber attack than a nuclear weapon.
According to a Pew Research study highlighted by Mark Levin in his book Plunder and Deceit, approximately “61 percent of cybersecurity experts believe that there will be a major cyberattack by 2025,” which “could result in severe economic losses and potentially significant loss of life.”(2)
It’s not just lowly freelance hackers that the U.S. has to worry about. Levin goes on to note: “In the meantime, Chinese hackers recently launched a massive attack on federal government databases, stealing personnel information and security clearance details on millions of federal workers, which cybersecurity experts believe could be used in future attacks against the United States.”(2)
It’s common for power companies to share information among themselves; however, Duke Energy’s Charlotte hometown is one city out of a handful of metropolitan areas that has a chapter of InfraGard, a business partnership with the FBI to disseminate information and thwart harmful acts.
There has been a string of sophisticated hacks in the last decade, which gained control of everything that keeps society up and running, experts told the Associated Press under anonymity due to the sensitive nature of the topic. Businesses, both big and small, are hacked more frequently than the mainstream press has led the public to believe.
Utility regulators in North and South Carolina haven’t updated their electrical utilities in their states to help prevent cyber attacks, nor determined how much money should be spent on keeping online systems safe, officials said. Nevertheless, Duke Energy is aware of the stakes at hand, according to Mullinax.(1)
“I don’t want to incite panic, but we’re very cognizant that the cyberthreats are real,” he said. “We’re constantly working to advance our network and how we ensure the integrity of our network.”(1)
Information about how companies stop hackers is usually kept secret, which makes it difficult to judge how vulnerable power companies are to cyber attacks. Violation records stored by regional enforcement agencies are carefully kept free of information identifying owners and operators of the power grid.
There were approximately 500 supposed violations of cybersecurity between mid-2008 and last month in Southern and Midwestern states managed by Charlotte-based SERC Reliability Corp, which oversees electric-grid reliability standards. Most of the incidents were deemed a minimal or moderate risk, however, more than a dozen were considered serious.
(2) Levin, M. (2002). Plunder and Deceit. New York, NY: Threshold Editions