Interfering In The U.S. Elections Is Russia's First Move. Hacking The Electric Grid Is Its Next One
All the talk now is about how Russia interfered in our 2016 elections, helping to get Donald Trump elected. But that is just a start: If the Putin regime goes after our electrical grid, it will knock out the American economy, too.
The critical question is how do we secure our electrical grid, which is literally the lifeblood that supplies the U.S. economy. In simple terms, the goal is to have a set of “best practices” that use “best available technologies” coupled with model laws that would help fend off attacks — assaults that can occur through cyber terrorism, physical violence or natural weather events.
“Our progress has focused on the legislative route — how to upgrade and to increase grid resiliency,” says Sam Feinburg, executive director of Helena, which provides experts to solve compelling issues such as grid security. “The best way is to work through the levers of government and to focus on recovery and response. It means having plans to deal with a widespread blackout.”
Some obvious pathways include preventing third party contractors from having access to remote control systems, keeping critical components stockpiled and moving increasingly to distributed energy resources, or on site power and distribution.
Feinburg told this writer that his group is specifically working with California, which has been dealing with earthquakes and wildfires — and one that just caused a blackout inside Pacific Gas & Electric’s territory. There, Helena’s braintrust has been working with state legislators to write bills to mitigate the damages: having equipment on hand to allow for mobile electric generation and ensuring that food and first aid is given to those most in need.
The measures, generally, direct government to take specific and concrete actions to harden the physical infrastructure, all to avoid a massive blackout. Texas, too, has similar measures underway.
Weather events are one matter. But cyber and physical assaults are another. Ukrainians, for example, have suffered a multitude of cyberattacks allegedly by Russians that have left its citizens without power for extended time periods. Just how vulnerable is the United States?
The Battle Ahead
The U.S. government has identified a “multistage intrusion campaign” in which bad actors had planted malware and which went on “phishing” expeditions to gain access to remote transmission networks to which they could have shut down. The Internet and “the cloud” are access points. And with 5,800 major power plants and 450,000 miles of high-voltage transmission lines, a lot is at stake.
“If we wait until after a cyberattack or solar storm has plunged part of our nation into chaos and destruction, it will be too late to act,” says California State Senator and Helena member Robert Hertzberg, who drafted California’s model laws.
Power companies are on guard and they developing robust systems that can continue to generate and deliver power if attacked. Most, if not, all are participating in exercises that simulate mock attacks. The aim is to be proactive — to anticipate what moves the enemy might make. But it is a constant chess match.
In one 48 month period, for example, 1,131 actual attacks occurred, with 159 of those successful, reports the Energy Department’s Joint Cybersecurity Coordination Center. A single brownout can cost as much as $10 billion, which comes in the form of direct losses as well as lost opportunities, estimates the Federal Energy Regulatory Commission. Because electricity is “wheeled” across the country, any assault could do lasting damage to utility assets and thus wreak havoc on communities.
Consider PG&E, which operates in the heart of Silicon Valley — home to America’s high tech sector: Masked gunmen burst into a substation and started firing automatic weapons that destroyed 17 transformers five years ago. PG&E is fighting back by bridging its information technology department with its operations unit, meaning that those who are responsible for securing the company are communicating closely with those who keep the lights on.
One of the best ways now to guard against natural disasters and grid assaults is by building microgrids — localized grids that service specific campuses. In other words, if the main source of power goes down, batteries that have harnessed electricity discharge while on-site generators kick on. The electricity is then delivered by a microgrid. It’s the tack that Puerto Rico is now pursuing in the aftermath of Hurricane Maria that wiped out its centralized generation and delivery system. Ditto for northern California in the wake of last year’s deadly wildfires.
“We’ve identified distributed power generation and microgrids as a critical form of resiliency,” says Helena’s Feinburg. “If bulk power goes out and there are microgrids that are operational, it makes it far easier to get power on and to get first responders to deliver emergency aid.”
Blackouts have the possibility of doing serious damage to the American economy — true whether it is because of weather or terrorism. And some U.S. businesses and utilities know this first hand, prompting both federal and state agencies to seek newer and better ways to secure the country’s infrastructure. Succeeding will require proactive approaches — and far more than the federal government is doing to safeguard our elections and our democracy.
Online Degrees & Certificates In Cybersecurity
American Military University's online cybersecurity programs integrate multiple disciplines to ensure you gain the critical skills and management practices needed to effectively lead cybersecurity missions – from government or private industry. Learn from the leader. American Military University is part of American Public University System, which has been designated by the National Security Agency and the Department of Homeland Security as a National Center of Academic Excellence in Cyber Defense Education.