Grid securityNow that Russia has apparently hacked America’s grid, shoring up security is more important than ever

By Theodore J. Kury

Published 12 April 2018

Hackers taking down the U.S. electricity grid may sound like a plot ripped from a Bruce Willis action movie, but the Department of Homeland Security and the FBI recently disclosed that Russia has infiltrated “critical infrastructure” like American power plants, water facilities and gas pipelines. There is no time to waste in shoring up the grid’s security. Yet getting that done is not easy, as I’ve learned through my research regarding efforts in to stave off outages in hurricane-prone Florida.

Hackers taking down the U.S. electricity grid may sound like a plot ripped from a Bruce Willis action movie, but the Department of Homeland Security and the FBI recently disclosed that Russia has infiltrated “critical infrastructure” like American power plants, water facilities and gas pipelines.

This hacking is similar to the 2015 and 2016 attacks on Ukraine’s grid. While it hasn’t risen beyond scouting mode, the specter of sabotage in the U.S. now seems more realistic than it used to.

Clearly, there’s no time to waste in shoring up the grid’s security. Yet getting that done is not easy, as I’ve learned through my research regarding efforts in to stave off outages in hurricane-prone Florida.

A catch-22
There is no way to completely protect the grid. Even if that were possible, utilities tend to adopt new and better security procedures after mishaps, boosting the chance that some attacks will succeed.

Regulation at the state and federal levels makes it hard for utilities and regulators to work together to get this job done.

Utilities can charge their customers only what it takes for them to cover reasonable expenses. Regulators must approve their rates through a process that needs to be open to public scrutiny.

Say, for example, a power company is building a substation. The utility would disclose what it spent on construction, prove that it picked its contractors responsibly and explain how this new capacity is enhancing its service. The regulator then must decide what rate hikes, if any, would be reasonable – after hearing out everyone with something at stake.

Following this routine is harder with cyberdefense spending. Security concerns make it tough if not impossible for utilities to say what they’re doing with that money. Regulators, therefore, have a hard time figuring out whether utilities are spending too much or too little or maybe even wasting money on an unnecessary expense.