News

A Cyber-Risk We’re Not Prepared For: What if the Power Grid Collapsed and America Went Dark?

Aug 15, 2020

The following is press coverage on the NCGR’s new report, courtesy of washingtonpost.com.

 

EVERY CATASTROPHE comes as a shock, but many shouldn’t come as a surprise. Just as we knew a pandemic was a possibility yet failed to plan for it, power-grid collapse is a threat we should be prepared for — but aren’t.

The National Commission on Grid Resilience, chaired by former NATO supreme allied commander Wesley K. Clark and former congressman Darrell Issa (R-Calif.) and convened to assess our ability to prevent or respond to a so-called black sky event, concludes in a report released Thursday that the country has fallen behind. The danger of a nation gone dark is rising. There have always been natural disasters to contend with, but now adversaries’ cyber capabilities are growing: 2015 saw Russia deprive more than 200,000 people in Ukraine of power for almost six hours in the middle of winter. Russia even managed to cause physical damage to equipment from afar. The search for efficiency in the electric energy market has added vulnerability; replacing mechanical controls with remote ones opens a new vector of attack, for instance, and so do the smart devices proliferating on the edge of the grid. Society’s increasing reliance on the Internet more generally pushes the stakes higher.

The United States’ electric grid is dynamic and diverse. This is perhaps a boon to consumers looking for lower costs, but a burden when it comes to securing the system. Generators, transmitters, distributors and retail providers are so interconnected that a salvo against one could set off a chain reaction across companies and states. Because the private sector largely owns and operates these critical assets, the government can’t simply execute a course of action. Then there’s the problem of classified information: You can’t very well counter a threat if you don’t know what it is because you don’t have the appropriate clearance.

The report offers several recommendations, including: Establish a clearinghouse to give system operators the information they need — and help them get access to classified information. Create and fund an agency to identify emerging threats and vulnerabilities. Build a nationwide testing network of microgrids designed to survive blackouts at federal facilities. Improve standards and reporting practices for the private sector, and reward those that demonstrate resilience. Invest in U.S. manufacturers to supply the largest and most essential transformers. Experts suspect China has already implanted malware in critical infrastructure.

This will require leadership and an ability to imagine a disaster that has yet to occur but too easily could — so that if the shock comes, we will be ready instead of surprised.

Article by The Washington Post’s Editorial Board.

Search

In other news…

Cybersecurity in a fishbowl: How North Carolina’s Board of Elections handled it

Election security has never been more scrutinized than the 2020 presidential elections. It left election boards fighting not only to protect the election from outside influences but also to justify the legitimacy of their own work.

How would Trump or Biden deal with grid hacking threats?

President Trump and Democratic presidential nominee Joe Biden have a few competing plans for the nation’s cybersecurity — though experts say they largely expect the next U.S. president to stay the course.

Why North Carolina outsourced election cybersecurity to a ‘CISO-as-a-service’

Faced with mounting cybersecurity needs headed toward the presidential election, but lacking the financial resources to build out a more robust internal IT staff, the North Carolina State Board of Elections last year hired a third-party vendor to provide the functions of a chief information security officer as a service, rather than an individual official.

Grid Security And Cyber Defense Cannot Fall On Deaf Ears, Experts Warn

If the electrical grid is knocked out for long periods, the damage to the American economy would be insurmountable. And the country’s enemies know that. That is why its brain trust is dedicated to insulating the transmission network from both physical and cyber-attacks.