The real-time nature of smart grid and power’s criticality to the underpinnings of the “big data” infrastructure means cybersecurity needs are crucial.
When your power goes out, or even the power at your company, there’s not much you can do anymore to be productive. Nearly every operation or process relies on modern electronics, and in turn, requires an unperturbed power supply.
Perhaps that’s why the U.S. electricity grid is often referred to as the “largest interconnected machine” in modern history. You’d be surprised to know just how many are involved in its operation, and how easy it is to bring it down as a result. Over 7,000 power plants, 55,000 substations, and nearly 200,000 miles of high-voltage transmission lines, alongside millions of miles of low-voltage lines, make up its structure.
And those systems are operated by 66 balancing authorities, and 3,000 different utilities, which means there are a ton of ways to breach or crack the grid. There are so many vulnerabilities, it’s nearly impossible to count them all. Luckily, security concerns are mostly physical in nature, at least up until recently.
The possibility of smart grid attacks is real
In 2015 and 2016, cyberattacks penetrated Ukraine grid control networks shutting down power, and as a result over 700,000 people were left in the dark. It’s not far-fetched to claim such a thing could happen here in the United States, too. The modern grid is increasingly reliant on a variety of technologies and networks. It’s only a matter of time before someone, somewhere breaches the system and takes control.
It’s been deemed enough of a threat that the National Institute of Standards and Technology published a report aimed at helping electric utilities and power companies with potential cybersecurity risks. It’s something of a how-to guide for preparing for and treating cyberattacks in the modern age, with current grid technologies and systems.
The biggest problem is even experts don’t know how, when, or how long we have until the U.S. smart grid becomes a target. That means it’s time we begin taking the threat seriously if we haven’t already.
Up until 2015, smart grid attacks, or at least the digital penetration of modern electricity control grids, were something of a myth. Everyone knew it was possible and many experts discussed and weighed in on the potential damages and risks, but we hadn’t quite seen anything happen in the real world.
But the Ukraine attacks changed everything. The threat is no longer hypothetical, no longer something that is simply posited and discussed by tech pundits and analysts. It actually happened. We also now live in a world where Russian-fueled hacks on the modern media and presidential election are a huge concern.
It’s not a stretch to believe someone — even a foreign power aligned against our country — would take the initiative to attack our national power grid and bring us to our knees. The current administration has taken a shine to the idea of more widespread and advanced protection measures. The U.S. Energy Department thinks our electricity system is in “imminent danger” from cyber-attacks from increasingly sophisticated hackers in a number of industries.
Better protections against cyber threats
Whatever the true pattern here, one thing is certainly clear. We must come up with a better way to protect our grid and related systems, and it must be done sooner rather than later. Luckily, there are officials and experts on the job already working to strengthen and prepare energy sector cybersecurity, coordinate incident response and recovery measures, and accelerate the research and development of certain tools, hardware and protective devices
So far, most of what we’ve seen from protective organizations and agencies are recommendations and theoretical strategies, not outright answers. But there’s no reason to panic just yet. This is a relatively new area of concern for professionals and experts alike.
Newer technologies such as IoT and connected-devices are developed every day, which calls for a changing of the guard, so to speak, in terms of adoption and security. Cybersecurity as a whole is an active, changing process, and it’s no different for the power and energy industry.