6 May 2017

Forced Off the Grid: A Cyberattack on the United States

By Eshani Bhatt

The current U.S. power grid system is at risk of an external cyberattack that could severely cripple everyday life. The grid is the backbone of all functions requiring electricity—in homes and businesses, as well as at factories and power plants. All sixteen sectors of the U.S. economy that are considered the nation’s critical infrastructure—like manufacturing and healthcare—are dependent on electricity, which runs on a system of grids in three regions of the country: the Eastern, Western, and Texas interconnections. Among the spending authorized by Congress in 2009 was a $4.5 billion investment in a more reliable and cleaner energy grid. Though the power grids may now release less carbon dioxide into the atmosphere and speed up power outage recovery times, the question of how secure they are from external attacks remains.

At over fifty years old, the U.S. power grid is outdated, making it more vulnerable to cyberattacks using more modern and sophisticated software. Robert Knake, senior fellow at the Council on Foreign Relations, highlights possibilities of an attack and the implications for the United States in a new contingency planning memorandum from the Center for Preventive Action. Knake lays out potential scenarios in which the power grid would be targeted and presents policy recommendations to prevent or respond to such an attack.

Knake argues that an adversary may launch an attack in order to undermine public support for a U.S. administration, distract the U.S. government and delay its response to an opponent’s initiative, or retaliate against U.S. action considered threatening. Currently, the likelihood that the United States could successfully thwart a cyberattack is low. A power grid outage could affect access to food and water and cause health and security systems to fail—which could kill Americans. Economically, an outage could cause billions of dollars in damage, similar to the 2003 Northeast Blackout that left fifty million people without power and cost an estimated four to ten billion dollars. The U.S. response itself could also have serious implications: whether the attack successfully deterred U.S. action or not would have geopolitical consequences, and the U.S. domestic response could slow down grid operations, which now rest mostly in the private sector.

To deter a potential debilitating cyberattack, protect the U.S. power grid, and mitigate harm in the case of an attack, Knake outlines a series of recommendations that that the Donald J. Trump administration should take: 

Articulate clearly how the administration would respond to a cyberattack, including treating such action as an armed attack meriting a military response; 

Demonstrate law enforcement and intelligence capabilities to attribute the source of cyberattacks; End the reliance of military installations on the grid, which will also reduce the likelihood that the grid becomes a military target; Create an information-sharing system to recognize early signals of a potential attack; Ensure both the government and the industry are prepared to respond if an attack causes a blackout by directing the Federal Emergency Management Agency (FEMA) to develop a plan for a prolonged regional blackout and requiring companies to maintain capabilities for manual operations; and Ensure that utilities can properly invest in cybersecurity, possibly by increasing funding through user fees, a tax deduction for utility spending on cybersecurity, or security requirements for infrastructure investments made for the grid as a part of its proposed stimulus package. 

A cyberattack on the power grid is certainly possible, and the United States should implement safeguard measures to prevent a catastrophe. If a cyberattack were to successfully occur, it is necessary the United States should be able to recover governmental and military operations as quickly and effectively as possible. To learn more about how the United States could prevent or mitigate a cyberattack on the power grid, read Robert Knake’s Contingency Planning Memorandum, “A Cyberattack on the U.S. Power Grid.”

This article originally appeared at the Council on Foreign Relations.

No comments: