U.S. power companies under frequent cyberattack

Legislation that would give the federal government power to oversee the protection of utilities has stalled

A survey of U.S. utilities shows many are facing frequent cyberattacks that could threaten a highly interdependent power grid supplying more than 300 million people, according to a congressional report.

More than a dozen utilities said cyberattacks were daily or constant, according to the survey, commissioned by U.S. Democratic Representatives Edward J. Markey and Henry A. Waxman. The 35-page report on the survey, called "Electric Grid Vulnerability," was released on Tuesday.

The report is in response to widespread concerns that hackers could damage parts of the U.S. power grid, causing widespread outages and prolonged economic effects. Markey and Waxman are members of the U.S. House Energy and Commerce Subcommittee, which held a hearing on cyberthreats and security on Tuesday.

Power outages and quality disturbances cost the U.S. economy upwards of US$188 billion annually, with single outages costing as much as $10 billion, the report said. Replacing large transformers, for example, can take more than 20 months.

The 15-question survey was sent to more than 150 utilities owned by investors, municipalities, rural electric cooperatives and those that are part of federal government entities. About 112 responded to the survey, which was sent in January.

Many utilities were coy in their responses. None reported damage as a the result of cyberattacks, and many declined to answer the question of how many attempted attacks were detected, the report said

One utility said it recorded 10,000 cyberattacks per month, while another said it saw daily probes for vulnerabilities in its systems and applications. Cyberattacks are inexpensive to execute and hard to trace, the report said.

"It has been reported that actors based in China, Russia, and Iran have conducted cyber probes of U.S. grid systems, and that cyberattacks have been conducted against critical infrastructure in other countries," the report said.

The U.S. Congress has not delegated oversight of utilities' cybersecurity to a federal agency. An industry organization, the North American Electric Reliability Corporation (NERC) publishes both mandatory and voluntary security standards, the report said.

In 2010, the U.S. House of Representatives passed the GRID Act, which would have given the Federal Energy Regulatory Commission the authority to protect the electricity grid. But the legislation did not pass the Senate, and the issue remains inactive in the House, the report said.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies