WASHINGTON—The U.S. power grid remains too vulnerable to cyber-attacks and other potential threats despite efforts to set up more efficient security systems, lawmakers heard on July 17.
“The current reliability system that has emerged is cumbersome and overly complicated,” Sen. Jeff Bingaman (D-N.M.), chairman of the Senate Committee on Energy and Natural Resources, said in opening remarks at a committee hearing. “When it comes to cyber-attacks, I’m concerned that the current system is not adequate.”
American intelligence agencies report cyber-attacks on U.S. computers and networks with increasing frequency, he noted, with the volume of malicious software tripling since 2009.
The U.S. bulk power grid is one of the largest interconnected electrical systems in the world, generating and transmitting power to states for distribution.
As it modernizes, it becomes increasingly reliant on Information Technology (IT) systems to run it, Greg Wilshusen, IT director at the Government Accountability Office (GAO), told the hearing. While that provides greater efficiency and lowers costs, it also exposes the grid to cybersecurity vulnerabilities, which can be exploited by attackers.
Wilshusen described the grid and its supporting systems as “a government-wide, high-risk area.”
Physical damage is also a threat, from extreme weather events like the freak storms in mid-Atlantic states last month, which left thousands of people without power for up to a week.
According to Joseph McClelland, a director at the Federal Energy Regulatory Commission (FERC), electromagnetic pulses (EMP) are also a concern. The pulses can be either naturally generated by solar storms, or generated by weapons such as a high-level nuclear bomb. Either way, the pulses can disrupt the earth’s magnetic field, producing currents that could damage or destroy power systems over a large area.
Congress sought to address grid security as far back as 2005, mandating the FERC to form a body that would oversee existing standards and improve the reliability and security of the bulk power grid.
Subsequently, the North American Electric Reliability Corporation (NERC) was formed, but many of its procedures need updating, McClelland says. The body has only federal jurisdiction and no teeth to enforce standards, with little speed or flexibility to address an emergency.
“There may be a need to act decisively in hours or days, rather than weeks, months, or years. That would not be feasible, even under the urgent action process,” he said. “In the meantime, the bulk power system would be left vulnerable to a known national security threat.”
NERC CEO Gerry Cauley told senators that demands on the reliability corporation had increased, making it more difficult to fulfill the brief.
“Some of those consequences could be much more severe than we have previously experienced,” he said.
Coordinated physical and cyber-attacks on specific entities like business centers or military installations were particularly concerning. “These threats differ from conventional risks in that they result from intentional actions by adversaries and are not simply random failures or acts of nature,” he said.
Cauley said he would like to see more private and public partnerships, better communication from federal security agencies, and more flexibility in regulations.
Sharing information between utility companies was also problematic, senators heard.
According to Todd Snitchler, chairman of Ohio’s Public Utilities Commission, confidentiality concerns prevented utilities from admitting weaknesses or threats to their systems. If information was “anonymized” it would be more forthcoming, he suggested.
Snitchler warned legislators not to over-legislate in their need to protect the grid, saying it would make enforcement costly and cumbersome.
Sen. Mark Udall of Colorado raised the question of skilled IT workers receiving a chorus of complaints from witnesses about the shortage. They rely on the military or poach from each other, the witnesses said, adding that “young cyber warriors” were in much demand.
Regarding technology hardware, Sen. Al Franken from Minnesota noted that Singapore, Taiwan, South Korea, and China were big producers of semiconductors and microprocessors. The senator asked witnesses about how much of a threat that posed to U.S. infrastructure.
It’s a “key vulnerability” in the nation’s infrastructure, Wilshusen said.
While the administration is developing strategies, “they haven’t really established effective mechanisms to address that vulnerability,” he added.
The Epoch Times publishes in 35 countries and in 19 languages. Subscribe to our e-newsletter.