Government Watchdog Highlights Cybersecurity Threats to the Power Grid

A disturbing new report from the Government Accountability Office (GAO) has found that U.S. utility distribution systems are “increasingly at risk” from intrusion and disruption. The alarming report contends that a coordinated attack has the potential to cause blackouts in multiple parts of the country or even shut down our power grid entirely. 

The threat of cyberattacks is anything but hypothetical. Late last year, news emerged that the Russian hacker group known as APT28 (or Fancy Bear) had carried out a series of attacks on the U.S. energy sector between 2018 and 2020. These attacks weren’t the first time hackers had targeted the U.S. power grid.  Another closely related hacker group, Sandworm, planted malware on the grid back in 2014. The frequency and potentially devastating nature of these attacks underscore the Biden Administration’s need to act. 

What can we do to prevent these attacks? The GAO report recommends that the Department of Energy (DOE) “more fully address risks to the grid’s distribution systems from cyberattacks.” The DOE agrees with this conclusion and has begun a series of research and development projects to determine the best way to secure the distribution systems. While these projects may help, the report warns that “it will also be important for DOE to more fully address risks to the grid’s distribution systems from cyberattacks in DOE’s plans to implement the national cybersecurity strategy for the grid.”

Fortunately, the Biden Administration has taken action to secure the grid from hackers. The recently announced 100-day initiative will “encourage” managers of the Bulk Electric System and secondary systems to implement technologies that will help with  “detection, mitigation, and forensic capabilities.”  Another highlight of the plan is its focus on industrial visibility. Cybersecurity experts have long warned that a lack of insight into how the grid control system works is a significant vulnerability, meaning increased visibility could help rectify the situation. 

President Biden’s initiative also revokes an order by Former President Trump that aimed to identify weaknesses in our existing power system and create a list of safe vendors from which power providers could obtain new power grid components. The DOE says the decision is meant to create a “consistent and clear policy environment.”

The Administration has also championed new funding for modernizing the power grid in its $2 trillion infrastructure package proposal to Congress. The proposal infrastructure funding would allow under-resourced public power and municipal utilities to invest in costly grid upgrades to secure the system.  

“The United States faces a well-documented and increasing cyber threat from malicious actors seeking to disrupt the electricity Americans rely on to power our homes and businesses,” says Energy Secretary Jennifer Granholm. “It’s up to both government and industry to prevent possible harms — that’s why we’re working together to take these decisive measures so Americans can rely on a resilient, secure, and clean energy system.”

The GAO report underscores what we’ve been saying all along. The U.S. power grid is essential to our daily lives and must be protected. Thankfully, lawmakers seem to be taking the right steps.