US power grid vulnerable to attack

Posted by Nick Farrell

It seems that the US government’s belief in the efficiency of its private sector to run its power infrastructure is proving completely bogus.

According to a Congressional report, it would be more secure for US infrastructure for congress to put a cat in charge of the network than leave things as they are.

The report said that inefficiencies in how security standards are set and “haphazard” implementation of protections leaves the US power grid at high risk of damage due to cyberattacks.

According to Tech Politik, the report, was released ahead of a House hearing on cybersecurity by Congressmen Edward Markey and Henry Waxman.

It  found that the power grid faces daily cyber-attacks. One power company claimed  it fights off 10,000 attempted intrusions each month.

Waxman said that the utility responses are sobering, and reveal  serious gaps in the security of the US electric grid.

Congress clearly needs to push electric utilities to beef up security to protect from attacks from rogue states and terrorist groups.

The US power grid security is managed through a set of required standards set by the North American Electric Reliability Corporation.  These were agreed to by members, combined with a set of voluntary actions power companies can take.

The problem here is whether or not you trust private companies to adhere to a set of voluntary security standards when there is little financial advantage for them to do so.

The report found that most of the power companies complied with the mandatory standards but only a tiny percentage were complying with the voluntary measures.

The report said that this lax security would fall over if attacks on the power grid were carried out by knowledgeable attackers with little risk of detection or interdiction.

It would be possible to cut the power to huge areas of the US and take months to fix. 

While this type of attack would require physical damage to transformers, the information currently being compromised will give these attackers knowledge of where exactly to attack, the report said.