The clear and present danger of cyber threats to our critical infrastructure, such as the national power grid, can no longer be ignored. Fortunately, the government began calling attention to cyber risks in the form of a recent presidential Executive Order, the reintroduction of cyber security legislation, and some long-delayed but honest pronouncements about ongoing attacks from China and other nation-states. Now it is time to move from rhetoric to action. As outgoing Secretary of Defense Leon Panetta recently noted, “the next Pearl Harbor could be a cyber-attack.” Those in the know agree, observing that cyber-terrorism against our national power grid would lead to an economic and humanitarian crisis, potentially knocking out power in segments of the United States for weeks or months and causing hundreds of billions of dollars in damage. In recent weeks we learned the extent of apparently state-sponsored espionage and penetration of our critical infrastructure networks by China. Worse yet, the threat also emanates from non-state-based terrorists and anti-globalization activists and anarchists seeking to do harm to the international order, and for whom America is often the principle target.
Though the President and senior executives are starting to speak out, the sensitivity surrounding these particular threats is self-evident from the five-year delay in publicly releasing a 2007 National Research Council (NRC) report for the Department of Homeland Security. The NRC’s report, Terrorism and the Electric Power Delivery System, provides a comprehensive and wide-ranging overview of the weaknesses of our current infrastructure. It concluded that “An attack that disrupted power across a wide geographic region and for an extended period could impose costs of hundreds of billions of dollars. If such attacks were repeated several times, or undertaken in conjunction with more conventional terrorist attacks designed to kill people, their impact could be considerably magnified.” And yet, despite more than a decade of homeland security time and attention, our ability to protect and respond to a targeted cyber attack on our electrical power grid is woefully lacking. Making matters worse, the grid is aging and prone to failure from minor disruptions such as the accidental Northeast blackout of 2003 that caused over $6 billion in losses. Such events make a clear cut case for broad-based investments in the use of large-scale emergency power generation equipment, universal and easily replaceable transformers, reducing vulnerable network connections through updated and coordinated secure access protocols, and better monitoring systems that detect intrusion.
Similarly, we need to conduct systematic regional vulnerability assessments to define regionally relevant power restoration guidelines and post-disaster best practices. But perhaps most of all, we need to continue to move towards a smart grid that can recognize when it is impacted and take affected segments offline while the rest of the grid remains operable. The plain truth is that it will be too late to fully protect our national power grid after we are attacked, and the catastrophic economic and social consequences of a well-executed attack means the risk cannot be ignored. Even as the nation remains mired in dire economic straits, certain shared goods and essential services require special consideration in terms of modernization and investments aimed at ensuring systemic resiliency. It’s time to face up to the challenge with a true public-private partnership that reduces the risks while improving the system and ensuring the continuation of our economic, industrial, social and secure way of life. Implementing the National Research Council’s findings and further moving towards a standardized, modern and flexible smart grid is a good place to start. Source