How serious is threat to power grid? Depends who you ask.

Expert opinion differs widely over a report that the U.S. electric power-grid has been compromised by cyberspies, perhaps from Russia and China, who have installed malware so they can disrupt industrial control systems for electricity distribution in the event of a conflict.

Quoting former and current government officials anonymously, the Wall St. Journal article this week asserts “the espionage is pervasive across the U.S.” and “software tools left behind” in electric-grid systems could be “used to destroy infrastructure components” in the event of war. However, while the electric power grid is seen as vulnerable to cyber-attacks, there's doubt in some quarters the system has been so wholly compromised or could be so easily destroyed.

“No, it isn’t, but it is vulnerable,” says Ed Legge, spokesman for the Edison Electric Institute (EEI), an association representing about 70 of the largest utilities which generate the bulk of the nation’s electricity through complex swatches of eastern- and western-distribution grids and management and control points called Independent System Operators.

“There is hacking,” says Legge. “Hackers are coming after the electrical grid all the time.”

While EEI has no knowledge that the nation’s interconnected systems have been pervasively compromised by malware that could disrupt it, there are no illusions that the grid is as safe or efficient as it could be.

“The cybersecurity issue is on our radar,” says Legge. “Computers come with that, and as we use them more and more with our systems, and they become more a part of providing electricity, we have to be concerned about it.”

Gregory Reed, professor of electrical-power engineering at the University of Pittsburgh, as well as a technical consultant with experience at Con Edison in New York City, expresses doubts regarding claims of a pervasive compromise of the U.S. electric grid that would allow an attacker to disrupt it through malware.

“It doesn't seem feasible from what I know,” Reed said. No real-time control of the electric grid is coming from the Internet, he says. “It's firewalled and on separate systems,” says Reed. “We're not operating these systems on the Internet.”

But he does think that if there is espionage, it “won't reveal more than how the network is connected, and being able to map the infrastructure is not a threat without knowing how the system is operated and controlled.”

He adds that some of this information, though not in great detail, is available publicly already from the U.S. Dept. of Energy and the Federal Energy Regulatory Commission.”

Others, though, say the assertions about cyberspies infiltrating the power grid though malware are true and “should be a wake-up call.”

Alan Paller, director of SANS Institute, a security training and information center that has worked closely with utilities operating Supervisory Control and Data Acquisition (SCADA) systems as well as government agencies, says the potential for a massive cyber-attack on the power grid is real.