Cyber Attack on U.S. Electric Grid ‘Gravest Short Term Threat’ to National Security, Lawmakers Say
EmailABC News' Huma Khan reports: The United States is ill-prepared to deal with a cyber attack on the nation’s electric grid, one of the biggest national security threats facing the country today, lawmakers warned.
“The sobering reality is this vulnerability, if left unaddressed, could have grave, societal-altering consequences,” Rep. Trent Franks, R-Ariz., testified before the House Energy and Commerce Subcommittee today. “We face a menace that may represent the gravest short term threat to the peace and security of the human family in the world today.”
Experiments by federal agencies in recent years have shown that cyber spies have intruded the U.S. electric system, and that it's increasingly susceptible to attacks by hackers and foreign governments.
The weakness in the system, some lawmakers argue, can also be exploited by terrorist groups like al Qaeda, which are advancing their technological capabilities.
“We know there are many many PhDs inside al Qaeda, whether we like it or not,” said Rep. Ed Markey, D-Mass., a senior member of the House Energy and Commerce Committee. “They are very technically sophisticated.”
Administration officials today admitted that nuclear reactors specifically are less secure than in the past, and smart grids – new digital electricity networks that are being promoted around the country – are more exposed than traditional systems. Because the new internet-protocol based systems utilize commercial software over the internet, they make the system more vulnerable. Coordination between agencies is also lacking, some say.
“Yes, threats are greater. Undoubtedly,” said Joseph H. McClelland, director of the Office of Electric Reliability at the Federal Energy Regulatory Commission. “When it comes to national security… the process is too slow, it’s too open and it’s too unpredictable.”
Several bills have been introduced in Congress to tackle the issue, but none has made it to the president’s desk.
The GRID Act, introduced a year ago, aims to give FERC the authority to issue rules and procedures to protect the nation’s grid without prior notice or hearings. It would also expand the Energy secretary’s powers over such matters and require the Defense secretary to prepare a plan identifying emergency measures and procedures that would need to be taken in the case of a cyber attack. The president would have the authority to order and authorize immediate emergency measures without Congressional approval.
The “pay-as-you-go” legislation wouldn’t cost taxpayers any money over the next ten years, according to the Congressional Budget Office.
Another related bill, the SHIELD Act, would make it a crime for a person to knowingly disseminate classified information related to U.S. intelligence activities.
Earlier this month, the White House released a more comprehensive cybersecurity plan calling for industries vulnerable to cyber attacks, like electricity, to create plans that would make their computer systems more secure.
“Our critical infrastructure – such as the electricity grid, financial sector, and transportation networks that sustain our way of life — have suffered repeated cyber intrusions, and cyber crime has increased dramatically over the last decade,” the report stated. “Our nation is at risk. The cybersecurity vulnerabilities in our government and critical infrastructure are a risk to national security, public safety, and economic prosperity.”
Industry leaders say there should be more federal standards that protect against such threats, but have pushed back against increased government involvement in the electric sector, especially in the corporate arena.
“Government authority to deal with cyber emergencies is needed,” stated a written testimony by Gerry Cauley, president and chief executive of North American Electric Reliability Corp. But “additional authority to address grid security vulnerabilities is not necessary.”
Others questioned whether FERC is equipped to handle the new responsibilities it would be given under the GRID Act.
"We question whether FERC has the technical or intelligence-handling expertise to exercise such a broad new authority," Barry Lawson, associate director at the National Rural Electric Cooperative Association, told lawmakers. "Operationally, this new authority could result in the establishment of potentially conflicting or different cybersecurity standards in the U.S. and Canada."
The renewed warning by lawmakers comes the day Wall Street Journal reported that the Pentagon would declare computer sabotage from another country an act of war. The story cited the Pentagon’s cyber strategy report, which is due to be released in a few weeks.
When asked about the story today, Pentagon spokesman Col. Dave Lapan said, “A response to a cyber incident or attack on the U.S. would not necessarily be a cyber response … All appropriate actions would be on the table if we are attacked in cyber.”
Rick Santorum Defends Earmarks 
Ron Paul Ad's Call Santorum a 'Fake'
What?
I thought sharia law was our biggest threat.LOL
Posted by: the truth | May 31, 2011, 7:45 pm 7:45 pm
I work for an electric company in the IT department. You wouldn’t believe the BS we have to put up with in the name of “cyber security.” It’s ridiculous. Most of the stuff these regulatory groups come up with is nonsense. I think we have more to be worried about with security paralysis than we do about a “cyber attack.” There is a whole industry being created out of this hysteria.
Posted by: Terry | May 31, 2011, 9:41 pm 9:41 pm
Its that bad huh?
The government is very good at creating hysteria. Not so good at creating industry.
I wonder how much the “stuff” the regulators come up with will raise electric rates.
Posted by: the truth | May 31, 2011, 9:57 pm 9:57 pm
Heck, I’ve been yelling about this for at least 5 years! So have others involved in cyber-security! These SCADA systems had poor security in the first place, and using the Internet as a communications access mode is about like putting a dial-up modem on every control point with all passwords set to “password”. Add to all this the number of contracts for system maintenance which are let to contractors based on foreign soil (mostly India but also other places) and you just have no end of really bad possibilities.
Let me put this into a context that can be easily understood: a Pakistani with ties to Al Qaeda slips into India and assumes the identity of an Indian national using false credentials. He or she easily passes various background checks and is hired by a tech contractor. Showing a special aptitude for SCADA maintenance, this person advances quickly and gains access to sensitive U.S. power grids, where there is ample opportunity to plant logic bombs. Before the imposter is ever identified, the logic bombs fire and drive the U.S. power grid into overload after overload, deliberately damaging and destroying switching equipment in many different states. The imposter, meanwhile, blows him/herself up in the contractor’s offices, destroying much of the evidence of just what logic bombs were really planted and killing many of those most knowledgeable of the systems and how to repair them.
Far-fetched? Not really. Not perhaps a precisely correct description of the possibilities, but near enough to be a warning.
Posted by: JLS1950B | May 31, 2011, 11:38 pm 11:38 pm
when I started in the power plant controls business 20+ years ago, we had no outside connectivity risks because all our process control was intraneted… now they want us connected to the internet through some BS command and control environment so that we can have the latest virus updates from symantec… its a joke
Posted by: eictech | June 1, 2011, 9:32 am 9:32 am
These bills are exactly what Obama wants. If you want to hear the truth watch Fox News Channel.
Posted by: MT | June 2, 2011, 1:40 pm 1:40 pm
The real threat is suitcase sized nuclear weapons. So I lose some power grid, at least I have a chance of survival. Hell, I can light a candle and read, and I never needed the Internet anyway. Oh no, no more facebook account.
Posted by: Simpleboob | June 3, 2011, 6:55 pm 6:55 pm