In the first eight months of 2022, there were 101 cyberattacks nationwide on equipment that delivers electricity. This made it the most dangerous year since 2012 and marked an increase from the 97 attacks that occurred throughout 2021. With cyber threats on the rise, improved security measures are more critical than ever.
A successful attack on the U.S. power grid could disrupt banks, gas stations, and military bases. It could also obstruct emergency services while causing threatening hospital complications. The increase in recent attacks has gotten the attention of electric utility companies, as unpredictable weather becomes just one potential threat to the power grid. Below, we explore how America can protect its power grid from cyber threats.
Who Is Impacted by Cyberattacks on the Power Grid?
There are various threats to the U.S. power grid, which comprises all the equipment and tools necessary to generate, transmit, and deliver energy across the nation. The grid is a major multi-component entity with many individual facets to be protected, including:
- Power plants
- Energy storage equipment
- Renewable power sources
- Step-up substations, which increase voltage before sending it along higher-voltage power lines
- Step-down substations, which decrease voltage before transmission along lower-voltage power lines
- Various distribution networks that send power to industrial, commercial, and residential consumers
In addition to its individual aspects, the U.S. power grid comprises three interconnected transmission matrices that operate independently to supply three regions: Western states, Texas, and the Eastern U.S. and Midwest.
Why the Power Grid Is More Vulnerable Than Ever
Increased digitization and accessibility also come with security concerns, as advanced capabilities create additional areas for cyberattacks.
For example, grid distribution systems are a target due to their improved capacity for remote access and connections to business networks. The industrial control systems (ICS) that handle physical processes — like opening or closing circuit breakers — are more digitally-connected than ever, offering improved efficiency but also creating additional entry points for breaches.
Other challenges are personnel-based, as parts of the energy sector currently find it difficult to maintain a well-trained, experienced workforce. Additionally, an attack could have rippling effects. Specifically, shutting down only 10% of the targeted generators could leave 15 states without power, affecting more than 90 million people, according to a 2015 test.
Further issues may arise from inadequate or incomplete safety standards that fail to cover certain cyberattack pathways. While the Federal Energy Regulatory Commission (FERC) has set numerous standards, they may not understand the full impact of cyber threats, according to the U.S. Government Accountability Office (GAO).
How the U.S. Can Protect Its Power Grid
In August of 2022, the Department of Energy (DOE) pledged $45 million “to create, accelerate, and test technology that will protect our electric grid from cyber-attacks,” while also helping America attain cleaner energy and a net-zero carbon economy by 2050. The DOE highlighted six main avenues for cyber defense:
- Advanced software solutions with development feedback cycles to explore what works and doesn’t and uncover potential risks.
- Autonomous cybersecurity tools that automatically detect and mitigate attacks while preventing energy disruptions.
- Improving design resiliency by investing in research for tools with built-in cybersecurity-by-design.
- Authentication mechanisms that allow stronger authentications for energy delivery systems.
- Automated methods to discover and minimize vulnerabilities. It’s a significant advantage to be able to find vulnerabilities before the threat finds them.
- Integrating new concepts and tech with existing infrastructure. There’s no point in developing systems that require a total overhaul, so the focus is on technology that can be retrofitted to the existing infrastructure.
Given the rapid modernization of power grid technology and increased interconnectivity, eliminating cyber threats is virtually impossible. However, through detection, mitigation, isolation, and prevention, a future of advanced countermeasures promise to keep the power grid safe.
