Congressional Report Finds Grid Still Is Vulnerable to Cyberattacks

July 25, 2017  |  By Chris M. Roberts

A new Congressionally mandated report from the National Academies of Sciences, Engineering, and Medicine concludes the United States' electric grid is vulnerable to cyberattacks that could potentially cause long-term and widespread blackouts. It called upon the U.S. Department of Energy and the Department of Homeland Security to work with utility operators and other stakeholders to improve cyber and physical security. A well-executed cyberattack could potentially cause extensive damage and result in large-area, prolonged outages that could cost billions of dollars and cause loss of life.

IISP Analyst Chris M. Roberts: "Stuxnet, a sophisticated attack on a nuclear facility in Iran, was first identified in 2010 and is thought to have been in development since 2005. It has been about 10 years since Stuxnet, and this new study finds that the power grid in the U.S. still is vulnerable. Just as concerning as that is, there are no response plans in place for long-term outages. While this report is light on specifics, it does recognize some of the less-obvious attack vectors, such as GPS since it is heavily used for time synchronization. Additionally, it points out that the cyberattack could cause physical damage and have long-lasting effects -- a point that many studies overlook.
I’m very pleased to see groups recognizing that cyberattacks of embedded systems can cause extreme physical damage and long-lasting effects. These embedded systems need to be protected. Unfortunately, there doesn’t seem to be much incentive in the power industry (public or private), to protect themselves against attacks. Protecting the power grid will be a very long and hard task since it has an extremely large attack surface with many attack vectors. With the slow development thus far, it appears we should stop asking if an attack will happen, but rather when."


For further reading


More by the author(s)