(All Gov) Federalism—the division of power between federal and state governments—is making the nation’s electrical grid less safe and more vulnerable to attack by thieves as well as by terrorists. According to a new report released by the Government Accountability Office last week, the number of malicious software and online attacks on U.S. computer networks has tripled in the last two years.
“Terrorists, hackers, and other non-government groups all have the desire and are trying to gain the ability to get into our electricity infrastructure,” Gregory Wilhusen, director for information security at GAO, said recently. “The impact of widespread outages could have national security implications. And, in residential areas, it not only affects homes and customers. It also has major effects on commerce.”
Because electricity cannot be stored economically in large quantities, it must be used as it is generated, which has prompted the creation of a nationwide network, or “smart grid,” largely controlled via computers, that attempts to measure energy use and distribute power seamlessly from where it is generated to where it is needed.
According to GAO, the lack of coordination between authorities tasked with energy security at the federal level and those at the state and local level poses a real threat to the security of those smart grids. The GAO report calls for tighter and better coordinated cyber security efforts by federal agencies to protect the U.S. electricity grid, a potentially vulnerable target for U.S. enemies.
The vulnerability of the grid was underscored by a report released three weeks ago by the Department of Homeland Security Computer Emergency Response Team, which reported attacks on organizations in the electrical energy sector in the U.S. increased more than tenfold in just three years: from three attacks in 2009 to 31 in 2011. Although most of those attacks represented attempts to avoid paying for electricity rather than terroristic threats to the power grid, some of the same vulnerabilities could be exploited by terrorists.
Although the Federal Energy Regulatory Commission (FERC) handles grid security on a national scale, local authorities are in charge of security for smart grids within their jurisdictions, guided only by voluntary standards put in place by the Energy Independence and Security Act of 2007. As the GAO report points out, however, FERC has no way of knowing who’s adhering to those standards. “Without a good understanding of whether utilities and manufacturers are following smart grid standards, it would be difficult for FERC and other regulators to know whether a voluntary approach to standards setting is effective or if changes are needed,” according to the GAO report.