Grid securityElectrical grid needs cybersecurity oversight: study

Study calls for single authority to coordinate grid security // Source: faceit.lt

In a recently released report, researchers from the Massachusetts Institute of Technology say that a single federal agency should be tasked with protecting the United States’ electrical grid from cyberattacks. The Obama administration has proposed that DHS assume responsibility for the grid, while Congress has submitted proposals for both the Department of Energy and the Federal Energy Regulatory Commission (FERC). “This lack of a single operational entity with responsibility for grid cybersecurity preparedness as well as response and recovery creates a security vulnerability in a highly interconnected electric power system comprising generation, transmission, and distribution.”

In order to better coordinate the government’s efforts, “The federal government should designate a single agency to have responsibility for working with industry and to have appropriate regulatory authority to enhance cybersecurity preparedness, response, and recovery across the electric power sector, including bulk power and distribution systems.”

The report declined to identify which organization it felt would be better positioned to take cybersecurity responsibilities for the grid.

Cybersecurity has been a growing concern over the past several years. The potential for hackers to wreak havoc on a nation’s infrastructure was demonstrated in 2009, when the Stuxnet worm infected industrial control systems at Iranian nuclear facilities and caused uranium-enrichment centrifuges to spin out of control. 

In June CIA Director Leon Panetta warned that a cyberattack could be the “next Pearl Harbor.”

More recently in November a hacker identified only as “pr0f” allegedly managed to compromise software used to operate water infrastructure for south Houston, Texas, though he or she apparently conducted the attack to publicize the cybersecurity weaknesses of the system.

Michael Welch, the deputy assistant director of the FBI’s Cyber Division, recently told a cybersecurity conference in London that hackers had accessed supervisory control and data acquisitions (SCADA) systems used to control infrastructure in three U.S. cities.

U.S. electrical systems are a likely target for hackers seeking to do damage and threats will only increase in the future.

The report cited an article by Massoud Amin, a professor at University of Minnesota, which stated that “cyber systems are the ‘weakest link’ in the electricity system.”

“For the grid, an increase in the number of vulnerabilities— along with the increasing interest among people and organizations with bad intent—increases the likelihood that risks will become actual events due to both accident and malfeasance,” the researchers said.

The report also notes that given the impossibility of preventing every cyber-attack, building resilience and response mechanisms is of great importance.

The authors of the report were careful to note that while cybersecurity vulnerabilities are a grave concern, it is not a reason to panic. 

“Despite alarmist rhetoric, there is no crisis here. But we do not advise complacency.”