Opinion articles provide independent perspectives on key community issues, separate from our newsroom reporting.

Editorials

Cyberattack an energy threat waiting to happen

From the editorial board
A security specialist works at a computer station with a cyber threat map displayed on a wall in front of him in the Cyber Security Operations Center at AEP headquarters in Columbus, Ohio.
A security specialist works at a computer station with a cyber threat map displayed on a wall in front of him in the Cyber Security Operations Center at AEP headquarters in Columbus, Ohio. John Minchillo The Associated Press file, 2015

In late December, part of Ukraine was plunged into darkness — a blackout that the Obama administration now says may have been the first one caused by a cyberattack. In all likelihood it won’t be the last and should provide even more impetus for greater security efforts against hackers in the U.S. energy sector.

U.S officials aren’t publicly naming names, but the Ukrainians aren’t so polite; they blame Russia. The relatively small size of the attack seems to have been calculated to intimidate Ukraine with the message that it could be sent, literally, back to the Dark Ages at any time.

Could it happen here? Yes — in fact, it’s something of a surprise that it hasn’t.

So many backdoors have been left relatively open as power systems connect to each other via the Internet, and potential attackers can also piggyback onto software and equipment sold to energy companies by outside contractors. Even connecting wind farms and private solar-energy systems to the grid has created opportunities for intrusion.

The fact that the power grid in this country is largely in private ownership, with much of it falling outside federal regulation, makes it harder for the government to strengthen grid security. Still, this must be a national priority.

U.S. utilities have been warned for years to take greater precautions against being hacked. More than a dozen sophisticated attempts are known to have been made to gain remote access to parts of the U.S. electric grid since 2000. Hackers from Iran, China and Russia are suspected, and even Islamic State is trying to hack into U.S. power companies, according to a top Homeland Security official.

But military or foreign terrorist cyberattacks aren’t the only worries. A highly trained insider — a disgruntled employee, for instance — could also do a lot of damage.

What keeps cyber experts awake at night is the fear that hackers have already penetrated far enough into the power grid that they could strike at any time. The greatest deterrent to nations might be the suspicion that the United States has hacked into their grid and would retaliate — a variation on mutually assured destruction. Of course, that’s of little concern for terrorist groups.

The effect of a major cyberattack would be devastating to the U.S. economy, according to a 2015 report by the University of Cambridge Centre for Risk Studies and Lloyd’s, the London-based insurer.

A blackout hitting 15 Northeast states, New York City and the District of Columbia could leave 93 million people without power and cause more than $1 trillion in economic impact and an estimated $71 billion in insurance claims. The threat is to more than keeping the lights on; food would quickly spoil, and water couldn’t be purified — putting lives at risk.

Cutting power to millions of people for some length of time would be the quickest way to damage the U.S. economy, an idea that likely appeals to terrorists and megalomaniacal rulers alike. Utilities that aren’t assiduously policing their computer systems are doing their customers — and country — a disservice.

This story was originally published March 1, 2016 at 9:00 AM with the headline "Cyberattack an energy threat waiting to happen."

Get unlimited digital access
#ReadLocal

Try 1 month for $1

CLAIM OFFER