Obama Needs a Security Plan for Smart Grid so a Cyberspy Can't Turn off Lights

Without a lights-out security strategy, hackers could leave U.S. in the dark.

By + More

By Peter Roff, Thomas Jefferson Street blog

The Wall Street Journal reported Wednesday that "Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system." Citing comments from current and former national security officials, the paper said the spies were on a mission "to navigate the U.S. electrical system and its controls," which could potentially enable an enemy of the United States or of U.S. interests to bring the grid down in time of war or as an act of terrorism.

The Chinese and Russian governments, which the paper identified as at least partially engaged in the probes, denied they had "hacked" the grid.

"These are pure speculations," Russian Embassy spokesman Yevgeniy Khorishko said. "Russia has nothing to do with the cyberattacks on the U.S. infrastructure, or on any infrastructure in any other country in the world." Speaking for the Chinese Embassy in Washington, Wang Baodong said much the same thing, adding that the government in Beijing was ready to cooperate with other countries to counter such attacks.

The idea that other nations or terrorist groups could hack the U.S. electric grid has been a growing concern for some time. Adding to the urgency is the projection by the U.S. Energy Information Administration—prior to the onset of the current recession—that total annual U.S. consumption of electricity would grow by 22 percent by 2015 and 32 percent by the year 2020. So, at a time when the nation is going to need more electricity, the grid may be more vulnerable to attack than ever.

As GreentechMedia.com recently observed, "the billions of dollars now being spent to bring two-way communications and controls to large swaths of the U.S. electricity transmission and distribution grid—the essence of the so-called 'smart grid'—could open up some new avenues for malicious actors to tamper with the grid."

Kevin Kolevar, who served in the Bush Energy Department as assistant secretary for electricity delivery and energy reliability, told me, "The cyberthreat to our electric transmission and distribution systems is significant and ongoing." Adding that it was "safe to assume the federal government's involvement in countering this threat will grow," Kolevar identified two issues in need of immediate attention.

The first, he said, was that it was "imperative" that the government provide assistance in combating potential and actual cyberthreats to the grid, particularly where the intelligence community and the military are concerned. But, he added, this will require a serious discussion about how much assistance is enough and just what is appropriate.

The second issue is the need to consider what actual and potential cyberthreats mean in relation to the rush by the Obama administration to construct what is being called the smart grid that will supplement and perhaps even replace the existing network for delivering electricity to U.S. homes and businesses. According to published reports, the administration is engaged in a cybersecurity review set to conclude next week that includes an examination of the current grid's vulnerabilities. But we need to look past that, to the grid that is yet to come, and to plan for the future now. Otherwise we may be left to feel our way around in the dark, figuratively and literally.

On Facebook? You can keep up with Thomas Jefferson Street blog postings through Facebook's Networked Blogs.

  • Read more by Peter Roff.
  • Read more from the Thomas Jefferson Street blog.
  • Read more about energy policy.