GridConcerns over attacks on the U.S. electrical grid increase after Paris attacks

Map of U.S. power grd // Source: commons.wikimedia.org

In the aftermath of the 13 November attacks in Paris, U.S. government agencies involved with grid security and utilities are preparing to thwart a major attack on the U.S. electrical grid.

USA Todayreports that in what may be regarded as an intriguing coincidence, just days after the Paris attacks, the North American Electric Reliability Corporation (NERC), on 18-19 November, conducted a large-scale exercise simulating coordinated assaults on the grid in the United States, Canada, and México, an attack which involved both cyber and physical attacks which left millions without electricity for an extended period of time.

That the exercise was conducted merely five days after the Paris attack was a coincidence, which is not to say that the attacks had no effect on the preparations for future attacks on the electrical grid.

Gerry Cauley, the president and chief executive of NERC, told USA Today that the attacks on restaurants and a concert hall in Paris heightened awareness of the risks facing the grid and other infrastructure, including the potential for “explosive devices and shootings” bringing down power plants, substations, and transmission lines.

An investigation by USA Today earlier this year found that, on average, cyber or physical attacks on the U.S. grid occur once every four days.

“There are many serious hazards and threats facing the electric sector, and these threats continue to evolve,” Liz Sherwood-Randall, the U.S. deputy secretary of energy, told reporters.

“In general, we are never satisfied with our current state,” added Tom Fanning, the chairman, president and chief executive of Southern Company. “We know that as the threat changes, we’ve got to get better, even if we believe we’re pretty good right now.”

The November exercise was the third of its kind by NERC, involving cyberattacks on utility systems which control the generation and transmission of electricity, as well as physical attacks that left vital equipment inoperable — all attacks requiring a lengthy period of time to recover. More than 350 utilities, government agencies, and other organizations as well as 10,000 or so people participated in the GridEx III exercise.

The mix of scenarios dealt with in the exercise – especially occurring simultaneously — is rare, but Cauley insisted that it “takes the grid beyond its normal operating thresholds to allow industry the opportunity to deal with a worst-case situation during the exercise.”

“The event is really challenging,” Cauley said of the drill. “It pushes us to our limits. It is not intended to be an easy win, but rather to evaluate what we need to learn and improve on, and what capabilities we need to add.”

Authorities have learnt a lot from the previous attacks on the grid, like the one on Pacific Gas and Electric’s substation in California, about how attackers operate, and those in charge of grid security say they have adapted to protect the grid infrastructure in a more effective manner.