Cybersecurity Gaps & Electric Grid Vulnerability


According to a new report released Tuesday by members of Congress, the critical infrastructure of the United States is enduring “daily,” “constant,” and “frequent” cyberattacks on its computer systems. The report refers to critical infrastructure as systems that are intrinsic to the daily operations of the United States, which include the nation’s power utilities, water infrastructure, and transportation networks. If taken down in a cyber attack, the loss of these systems would seriously cripple the functionality of the nation.

Earlier this year, both Janet Napolitano, head of Homeland Security, and Leon Panetta, former Secretary of Defense, remarked that a large-scale cyberattack on the critical infrastructure of the United States could happen “imminently” and would be just “as destructive as the terrorist attack on 9/11.” According to the 160 utilities surveyed for the report, the threats largely originate from cyber criminals attempting to use malware, probes, and phishing techniques to identify vulnerabilities in utilities’ power grids. Much of this malicious activity is also automated and adaptable, making it much harder to protect infrastructure from cyberattacks. This is especially true since modern power grids are almost always interconnected with the Internet and other computer networks.

The three main findings of the report are the following:
1. “The electric grid is the target of numerous and daily cyber-attacks.”
2. “Most utilities only comply with mandatory cyber-security standards, and have not implemented voluntary NERC [North American Electric Reliability Corporation] recommendations.”
3. “Most utilities have not taken concrete steps to reduce the vulnerability of the grid to geomagnetic storms and it is unclear whether the number of available spare transformers is adequate.”

While all critical infrastructure companies surveyed did not report any damage to their facilities or a serious breach in their security due to cyberattacks, the findings indicate to policymakers that these types of attacks are a serious threat to homeland security. Security experts have requested that Congress create a federal entity tasked with ensuring that power grids are protected from all cyber threats, but this request has not yet resulted in official legislation for the creation of such an organization.

More information on this report can also be found on the CNET news forum.

Article formerly posted at