In the 2007 movie “Live Free or Die Hard,” New York cop John McClane
does battle with former government security specialists who use their
inside knowledge to launch a “fire sale,” an attack on power, road
traffic and security systems to create a panic in and around
Washington, D.C. While a fictional scenario, some say it’s no longer
far from the truth.
Reports of the U.S. power grid's vulnerability to cyberattacks and
the potential for greater exposure to hostile acts are coming to
surface once again as the Obama administration is preparing to invest
tens of millions of dollars to make critical infrastructure smarter.
Power generators and electrical distribution systems were once
thought immune to the ravages of the Internet because they were largely
segregated on closed networks and managed by SCADA (Supervisory Control
And Data Acquisition) systems. Sneakernets (the physical insertion of
data through discs) were thought the only means for compromising one of
these closed power systems.
That blissful ignorance may soon come to an end. Intelligence
reports are now revealing that China and the People’s Liberation Army
may have compromised the U.S. power grid twice in the past decade.
Worse, some sources say China was behind the 2003 Northeast blackout
that plunged nine states and parts of Canada into darkness.
Previous reports found that the source of the blackout, an Ohio
generation plant operated by American Electric and Power (AEP) sent a
surge into the system that caused a massive, cascading failure. A worm
in the plant’s non-power systems was said to be coincidental.
But industry and government vision for opening up the electrical
grid as a distribution system for the Internet and communications could
open up the entire power system to greater risk. Utilities have already
opened their closed networks and SCADA systems to largely unsecure
systems connected to public networks. Adding greater uses for two-way
communications, IP packet transmissions and control systems will only
increase risk exposure, experts say.
The upside to opening the electrical grid to networking is
tremendous. Plans are already being made to make electrical meters at
homes and business “smart,” providing power producers and consumers
with the means to measure and control the use of power with greater
efficiency. IBM is betting a large part of its future on making pieces
of the public infrastructure smarter and more manageable. And
environmentalists believe a smarter electrical grid will lead to
reduced dependency on foreign oil and a reduction on the national
carbon footprint.
Solution providers will have a role in this electrical grid
evolution, too. A smarter electrical grid will lead to smarter
buildings, businesses and homes. That means installation, maintenance
and management work on large and small scales.
Is opening the electrical grid to greater use and, potentially, much
greater compromises worth the risk? One prominent hacker once told me
that, during a demonstration to federal officials, he showed them all
the power nodes on the eastern seaboard and, with a click, could have
shut off the lights from Atlanta to Boston. The risk already exists,
some will argue, so it’s more an issue of securing the grid to enable
greater use.
Everyone from IT vendors to solution providers to the owners of
physical infrastructure need to heed the warnings of the “potential”
risks to the critical infrastructure and design better controls to
guard and mitigate compromises.
/ 7 
