The U.S. electrical grid is a complex, interconnected network of technologies focused on power generation, transmission, distribution, systems control and communications. Some have called it the largest and most complicated machine ever built.
Protecting the grid
Over the past decade, the grid has been damaged by natural disasters, such as severe storms, and malicious events perpetrated by humans, such as physical and cyberattacks. Cyberattacks are a growing concern, since the Iranian, North Korean, Chinese and Russian governments have been caught trying to tamper with U.S. utility infrastructure, breaking into such facilities with an eye toward disabling mission-critical systems. Based on federal law enforcement and intelligence agency statements, it seems that Russia and China have managed to succeed, at least on a small scale, with grid disruption activities.
Increasingly, it seems, the work of ensuring a reliable energy supply for the future hinges on a difficult problem: protecting a vulnerable and aging energy grid. Government and industry executives have come to appreciate how susceptible to cyberattack many of the grid’s core elements have become. Attacks out of Russia have been nearly constant during the past few years, and a 2016 Kremlin attack has been widely studied.
As threats to the grid grow and become more sophisticated, the electric power industry (not only power generators) is becoming focused on strengthening its defenses. Today, some leaders in the electric power industry are working with the nonprofit Edison Electric Institute (EEI) through a series of initiatives to safeguard the energy grid from threats. These EEI member companies are partnering with federal agencies to improve sector-wide resilience to cyber and physical threats.
Strengthening the grid
To strengthen its own private-sector capabilities, the industry collaborates with partners offering specific assistance, including the National Institute of Standards and Technology, the North American Electric Reliability Corp. and many federal intelligence and law enforcement agencies such as the FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. EEI says that its own member companies “invested more than $25 billion in 2021 in adaptation, hardening, and resilience initiatives to strengthen the nation’s transmission and distribution infrastructure.”
One industry-government partnership is the CEO-led Electricity Subsector Coordinating Council (ESCC), which is the principal liaison between the federal government and the electric power industry on efforts to prepare for and respond to national-level disasters, including cyber threats to critical infrastructure. The ESCC works across the entire electricity industry with the Electricity Information Sharing and Analysis Center (E-ISAC), which only works with utilities. The goal is to develop actions and strategies that help protect the U.S. grid and prevent a spectrum of threats from disrupting electricity service.
The ESCC represents all segments of the industry: CEOs and executives from electric companies, public power utilities, rural electric cooperatives and trade association leaders. Through the ESCC, the industry works closely with its government counterparts, including senior administration officials from the White House, federal agencies and law enforcement and national security organizations. Canadian electric company executives are also represented due to the international makeup of the North American energy grid.
Planning and exercises are critical elements of the national strategy for emergency situations. Electric companies regularly prepare for a variety of situations that could impact their ability to provide electricity during emergencies.
We know that the different key components of the U.S. electric grid are vulnerable to cyberattacks. A successful malicious act is quite likely to result in catastrophic, widespread, lengthy blackouts and other loss of electrical services. Foreign and domestic adversaries have the capability to launch cyberattacks that could disrupt critical infrastructure.
Grid owners and operators, many of which are small- to medium-sized companies, have to overcome many obstacles to counter this threat. A key 2019 Government Accountability Office review of cybersecurity risks faced by the grid identified five of the most significant challenges:
Hiring a sufficient workforce,
Limited sharing of classified threat information between the public and private sectors,
Reliance on other critical infrastructure vulnerable to cyberattack, and
Uncertainty about how to implement cybersecurity standards and guidance.