This Critical Piece of the Grid is Vulnerable to Cyber Attack

Even before the EMP Commission report, utilities have been trying to harden their infrastructure against the multitude of threats they face. EMP attacks, cyber threats, and even physical attacks like the one in Metcalf, California in 2014 are situations that power stations must prepare for. But at The National Interest, Constance Douris writes that power utilities have left a gaping hole in their defenses against cyber threats.

Utilities operate the distribution part of the grid — the final stage where electricity is delivered to customers. Currently, mandatory cybersecurity standards only exist for the bulk power portion of the electric grid, but not the distribution system. The distribution system delivers electricity to pipelines, medical facilities, telecommunications, military bases and other critical infrastructure. If a successful cyber attack on the distribution system disrupts electricity, devastating economic and security consequences can result. Clearly, the distribution system also needs to be protected to prevent damage to the bulk power system.

A successful cyber attack on the U.S. electric grid is possible. Russia has a well-resourced central cyber command. It is widely believed that Moscow has already penetrated U.S. government organizations such as the State Department, Department of Defense and the White House. China is very active in cyber as well. Beijing utilizes viruses and botnets to access targets, but these efforts are likely aimed more at intellectual property theft and gathering intelligence to improve their own infrastructure. Iran also uses its cyber program against political enemies to collect intelligence, but is less sophisticated in comparison to Russia and China.

PUCs could play a significant role in motivating utilities to boost cybersecurity efforts. This is because they decide what percentage of profits utilities can keep and authorize which investment costs can be passed on to the consumer. Yet, PUCs have been slow to motivate utilities to enhance security from cyber threats. Funding cybersecurity efforts is costly and some PUCs are reluctant to gather information about utilities’ cybersecurity weaknesses. This is because they fear that they could then be held responsible if sensitive information is publicly disclosed. This attitude needs to change.

Boosting utilities’ cybersecurity efforts is expensive. Though the Department of Energy and the Department of Homeland Security offer grants to fund cybersecurity efforts, government funds are limited. Utilities should seek private investors to create revenue streams for funding such projects. Updating energy infrastructure could also result in savings that may then be applied to enhanced cybersecurity measures. Rates can also be reasonably increased to ensure delivery of electricity is secure. More utilities need to pursue such funding opportunities to protect electricity access for consumers.

PUCs should require utilities to conduct a risk analysis so they better understand cybersecurity weaknesses. This profile will allow for informed decision-making, identify steps to reduce threats and create clear cybersecurity goals. PUC commissioners then need to determine whether utilities are making sufficient investments in cybersecurity and whether those assets are properly prioritized.

E.J. Smith - Your Survival Guy

Preparing your investments and family for when disaster strikes.

E.J. Smith is the Founder of YourSurvivalGuy.com, Managing Director at Richard C. Young & Co., Ltd., a Managing Editor of Richardcyoung.com, and Editor-in-Chief of Youngresearch.com. E.J. graduated from Babson College in Wellesley, Massachusetts, with a B.S. in finance and investments. In 1995, E.J. began his investment career at Fidelity Investments in Boston before joining Richard C. Young & Co., Ltd. in 1998. E.J. has trained at Sig Sauer Academy in Epping, NH, where he completed course-work in Practical and Defensive Handgun, Conceal Carry Pistol, Shotguns, Precision Scope Rifle and Kidnapping Prevention. E.J. plays a Yamaha Recording Custom drum set with Zilldjian cymbals. His first drum set was a 5-piece Slingerland with Zilldjians. He grew-up worshiping Neil Peart of the band Rush, and loves the song Tom Sawyer—the name of his family’s boat, a Grady-White Canyon 306. He grew up in Mattapoisett, MA, an idyllic small town on the water near Cape Cod. He spends time in Newport, RI and Bartlett, NH—both as far away from Wall Street as one could mentally get. The Newport office is on a quiet, tree lined street not far from the harbor and the log cabin in Bartlett, NH, the “Live Free or Die” state, sits on the edge of the White Mountain National Forest. He enjoys spending time in Key West and Paris. Please get in touch with E.J. at ejsmith@youngresearch.com. Sign up here to receive all the best content from Richardcyoung.com each week.