Think about how dependent you are on electricity
On Tuesday, October 26, 2021, a cyber attack shut down Iran’s gas stations. Although the attack was limited to denying government-issued electronic fuel discount cards, lines of up to 90 automobiles clogged intersections.
Imagine a targeted cyber attack in the US limiting gas stations to cash-only sales — mayhem. Now imagine a cyberattack aimed at the US power grid. No electricity for a week, a month, longer. It’s difficult to imagine the consequences of any prolonged electric power shutdown in the US.
Grocery stores carry about a three-day supply of food. Ordering systems and contact with supplies shuts down without electricity. Re-supply becomes erratic as transportation grinds to a halt. Roads and highways become clogged with abandoned vehicles. Without refrigeration, good food rots fast at home and at the supermarket. Water and sewage depend on pumps, usually backed up with diesel generation until the fuel runs dry. With water and food shortages — panic sets in.
Imagine your life for a week without electricity — or maybe longer
In 2015 Russia used cyberattacks against Ukrainian computer systems that provided remote control of the Ukrainian power grid. This attack, and another in 2016, left the capital Kiev without power.
The U.S. power grid is built upon an aging skeleton that is becoming increasingly vulnerable every day. Whether from terrorists or nation-states like Russia and China, the power grid is susceptible to not just physical attacks, but also to cyber intrusion as well. — GTSC Homeland Security
Our energy grid is a hodgepodge of public and private utility companies controlled by a patchwork of federal and state authorities. The average power plant in the US is over thirty years old, and the typical transformer is forty years old. Replacement is complicated because most transformers are manufactured in China. Aging computer systems manage the entire grid, and power companies are resistant to change. Their priority is to keep the power on, which is admirable but it makes them leary of software patches and updates. At one time, utility control systems were isolated from the internet. Still, convenience and efficiency evidentially won out over security concerns, and now much of the nation's utility control systems can be accessed through the internet — making our systems vulnerable to hackers.
In December 2019, Trump signed Securing Energy Infrastructure Act. Although the bill was said to protect the energy grid from cyberattacks, it only set up a two-year pilot program within the National Laboratories to study the problem and identify security vulnerabilities. The Act proposed the return to analog devices immune to cyberattacks, but no action was taken, and no changes were made.
The Biden Administration has proposed a plan to safeguard the nation’s power grid from cyberattacks. The Biden plan would plan to dramatically improve how utilities defend themselves against attacks from countries considered to be adversaries in cyberspace — such as Russia, Iran, North Korea, and China. Upgrading cybersecurity could be the Biden administration's most important effort because the consequences of an attack could be devastating. However, utilities remain resistant to change for fear that any change might upset the delicate balance of reliable energy distribution. The utilities also warn that any changes will to be expensive and must be passed on to the customer.
Our utility bills may increase due to work needed to harden our utility infrastructure against attack. Still, it might be money well spent in place of the alternative — a prolonged blackout and the looming disaster that entails.