Whether with crude explosives or sophisticated computer hacking, enemies of the United States might try to take down the grid in any way possible. Former U.S. Defense Secretary Leon Panetta has cited concerns about what he calls a “cyber Pearl Harbor,” which would include “cyber-actors launching several attacks on our critical infrastructure at one time, in combination with a physical attack.”
You might think of computer hackers as teenage keyboard whizzes out to make a little mischief from the safety of their parents’ basement, or criminals in some café in a remote region who are mostly interested in looting hapless computer newbies’ bank accounts. But these days, their ranks reportedly include teams of sophisticated cyber-saboteurs from China, Russia and Iran, who might try to use their expertise to plunge the U.S. into darkness and bring our society to its knees. According to a May 2013 Congressional report, U.S. utility companies already come under frequent attack from Internet hackers who continually try to infect utilities’ computer networks with malware and search for security flaws. One company alone told Congressional investigators that it was hit with an astonishing 10,000 attacks in a typical month, though the total also included phishing.
If malevolent intruders managed to penetrate utility companies’ layers of electronic defenses and gain access to critical parts of the system, the results could be catastrophic. A 2012 National Academy of Sciences report warned that damaging hard-to-replace components could cripple the U.S. power grid and cause cascading failures that would take months to repair or replace. Though the NAS envisioned terrorists attacking facilities with explosives or projectiles, it’s conceivable that they could inflict a lot of damage without getting up from their keyboards. In a 2006 study, researchers at the Department of Energy’s Idaho National Laboratory demonstrated that an attacker could gain access to the control system of an electric generator connected to the grid and cause severe damage by throwing it out of phase.
Since then, we've seen real-life examples of how such vandalism could be ratcheted up to a massive scale. In 2010, a piece of malware called Stuxnet attacked and destroyed as many as 1,000 centrifuges in an Iranian nuclear fuel-processing plant, in an attack that some suspect was launched by U.S. and/or Israeli intelligence agencies out to prevent Iran from making enriched uranium that could be used to make nuclear weapons. Stuxnet's sophistication was chilling. It reportedly went after a specific type of equipment—the frequency converters that controlled the rotational speed of the centrifuges. It may have changed the instructions that they gave the centrifuges, so that they would spin at high speed and then drastically slow down, putting the machines under so much stress that they broke, according to a report by the Institute for Science and International Security.
As U.S. Sen. Ed Markey, D-Mass., who spearheaded the May 2013 Congressional report, warned at the time: "With one well-placed keystroke, Americans could be plunged into darkness and chaos through the damage to our electric grid. Foreign enemies are employing web warriors to attack our way of life, and it’s time that our actions respond to the potential threat."
But John McDonald, a smart gird expert and fellow at the Institute of Electrical and Electronics Engineers, says it would be extremely difficult for anyone to gain access to the grid, let alone pull off a wide-scale attack. He says extensive firewalls and strict rules governing the use of thumb drives and CDs, and changes to operations since the massive 2003 blackout, mean that operators can prevent and catch problems. "I think we're in pretty good shape", he says, "But we cannot sit back and pat ourselves on the back. We may be pretty secure, but we've got to continue to do what we can to protect things more than we are today."