Reports of the U.S. power grid's vulnerability to cyberattacks and the potential for greater exposure to hostile acts are coming to surface once again as the Obama administration is preparing to invest tens of millions of dollars to make critical infrastructure smarter.
Power generators and electrical distribution systems were once thought immune to the ravages of the Internet because they were largely segregated on closed networks and managed by SCADA (Supervisory Control And Data Acquisition) systems. Sneakernets (the physical insertion of data through discs) were thought the only means for compromising one of these closed power systems.
That blissful ignorance may soon come to an end. Intelligence reports are now revealing that China and the PeopleÂ’s Liberation Army may have compromised the U.S. power grid twice in the past decade. Worse, some sources say China was behind the 2003 Northeast blackout that plunged nine states and parts of Canada into darkness.
Previous reports found that the source of the blackout, an Ohio generation plant operated by American Electric and Power (AEP) sent a surge into the system that caused a massive, cascading failure. A worm in the plantÂ’s non-power systems was said to be coincidental.
But industry and government vision for opening up the electrical grid as a distribution system for the Internet and communications could open up the entire power system to greater risk. Utilities have already opened their closed networks and SCADA systems to largely unsecure systems connected to public networks. Adding greater uses for two-way communications, IP packet transmissions and control systems will only increase risk exposure, experts say.
The upside to opening the electrical grid to networking is tremendous. Plans are already being made to make electrical meters at homes and business “smart,” providing power producers and consumers with the means to measure and control the use of power with greater efficiency. IBM is betting a large part of its future on making pieces of the public infrastructure smarter and more manageable. And environmentalists believe a smarter electrical grid will lead to reduced dependency on foreign oil and a reduction on the national carbon footprint.
Solution providers will have a role in this electrical grid evolution, too. A smarter electrical grid will lead to smarter buildings, businesses and homes. That means installation, maintenance and management work on large and small scales.
Is opening the electrical grid to greater use and, potentially, much greater compromises worth the risk? One prominent hacker once told me that, during a demonstration to federal officials, he showed them all the power nodes on the eastern seaboard and, with a click, could have shut off the lights from Atlanta to Boston. The risk already exists, some will argue, so itÂ’s more an issue of securing the grid to enable greater use.
Everyone from IT vendors to solution providers to the owners of physical infrastructure need to heed the warnings of the “potential” risks to the critical infrastructure and design better controls to guard and mitigate compromises.