Cyber, physical threats facing U.S. grid examined at annual NARUC conference
The U.S. faces the threat of a cyber attack through a variety of malware, a panel of grid security and international threat experts said at the annual National Association of Utility Commissioners (NARUC) summer meeting on Sunday.
Malware uses cyber infrastructure to mine valuable data from sensitive networks. The mined data is then used as an attack measure against critical infrastructure or sensitive data from individuals.
Malware, however, is just the beginning of the threat, according to Tim Roxey, vice president of the North American Electronic Reliability Corporation (NERC).
“Some of our adversaries have expanded capabilities and capacities include heavy recruitment in social media…which is really just one way to radicalize people online,” Roxey said. “Iran, North Korea, Russia and ISIL – each one of those countries and organizations have a different capability to develop and deploy cyber or physical weapons and each has a different capacity to maintain and surge. That’s why my organization does what we do – so we can see capabilities and capacities and reduce their overall impact.”
Physical threats to the grid include the detonation of an electromagnetic pulse (EMP), which can occur with little to no warning and render operational strategies inapplicable.
To counteract both digital and physical attacks, Petter Fiskerud, program manager at ABB Consulting, said, the U.S. must improve the ability of the electric grid to handle an attack.
“Consider the scenario in a large metropolitan area served by 10 major substations and more than one utility,” Fiskerud said. “Sixty percent of the peak load is carried by 11 transformers in four substations. A coordinated attack could significantly damage those transformers. The resulting outage would be catastrophic for that area in terms of size and duration.”
Vulnerabilities, Fiskerud warned, hinge on the intentions and resources of attacks. To fight that, he said, the U.S. must continually analyze vulnerabilities to prevent any future situations that could compromise any electrical grid.
