The Next Disaster Scenario Power Companies Are Preparing For

Play associated audio

In the 10 years since sagging power lines in Ohio sparked a blackout across much of the Northeastern United States and Canada, utility engineers say they have implemented measures to prevent another such event in the country's electric grid.

But there is one disaster scenario for which the power companies are still unprepared: a massive attack on the computer networks that underlie the U.S. electric grid.

Energy industry leaders believe a cyberthreat could produce a blackout even bigger than the August 2003 outage, which left an estimated 50 million people in the dark.

"We have to treat the cyberthreat with the same respect that we give to forces of nature, [such as] hurricanes, floods, ice, storms," said Chris Peters, vice president for critical infrastructure at Entergy, a company that operates nuclear power plants. "We have to fund it, we have to staff it and we have to be ready to respond as necessary."

Peters was among several power executives who gathered in Washington recently to discuss the need to better protect the electric grid against cyberattacks. Their consensus judgment was that such attacks are probably inevitable.

"At some point in time, somebody is coming at me," said Scott Saunders, information security officer for the Municipal Utility District in Sacramento, Calif. "It's going to happen."

The New Grid

The concern that computer hackers could shut down the electric grid stems from technological changes in the power industry. Much of the equipment used in the grid, from the generators to the transformers, is now operated by computers. By disrupting computer network operations, hackers could shut down a key part of the grid.

They would still need access to the computers, but this obstacle could be overcome because many of those computers are now connected to the Internet.

"Now we can remotely manage devices via the Internet," notes Mark Weatherford, until recently a top cyberspecialist at the Department of Homeland Security. "So instead of putting someone in a truck and having them drive a hundred miles to a substation in the middle of the mountains somewhere, you remotely manage that."

Weatherford, now consulting on cyber issues at the Chertoff Group, says power companies saw that managing grid operations via the Internet brought efficiencies and cut costs, so they jumped at the chance. Perhaps a bit recklessly.

"To no one's fault at the time — we didn't realize it — [we] didn't think about the security and the insecurity [of Internet connections]," Weatherford said. When a computer is connected to the Internet, a skilled hacker can often find a way to break into it.

This is the new disaster scenario for power companies. Security experts in the industry are aware of the challenge and moving quickly to meet it, but the threats to their networks may be evolving even faster.

"Computers are tricky," says Michael Assante, chief executive of the National Board of Information Security Examiners and one of the country's top experts on the cyberthreat to the grid. "They just continue to become more complex, and the importance to how we operate the system continues to increase."

The 2003 blackout was not caused by a cyberattack, but even then computers were part of the system, and Assante says one reason the blackout spread far and wide was that many operators didn't understand their own computer connections.

"How do we teach power engineers and operators what they need to know about cyber and in particular about cybersecurity?" Assante asks. "These are tough questions. If you go to engineering school, you're not taught about cybersecurity as part of becoming a power engineer."

Hurdles To A Solution

The concern now is that a really sophisticated cyberattack could cause a blackout bigger than anything yet seen in North America. Congress has considered various bills that would require power companies to beef up their protection against cyberattack and impose mandatory security standards.

A survey of electric utilities earlier this year, directed by Reps. Edward Markey (now a U.S. senator) and Henry Waxman, found that most of the companies had failed to implement voluntary cybersecurity standards recommended by the North American Electric Reliability Corp., an industry organization.

Attempts to legislate mandatory cybersecurity standards have been rebuffed, however, in part because the power industry opposed them.

"Our companies are in the business of selling electricity. They are fully motivated to do what they need to do to protect their systems against cyberattack and other problems," says James Fama, vice president for energy delivery at the Edison Electric Institute, which represents power companies. "We don't need to be penalized in order to be motivated to provide continuity of service. That's the business we're in."

But computer hackers are becoming more sophisticated, and they increasingly see the power grid as a target. Redesigning the grid to make it less vulnerable to cyberattacks will be expensive. Some companies might calculate that the necessary investments to guarantee grid security might not be justified, given their assumptions that a major attack is still unlikely.

"It's really hard to make the business case for this," said former CIA Director Michael Hayden, speaking at the recent Washington conference on grid security, organized by the Bipartisan Policy Center.

Curt Hebert, the former chairman of the Federal Energy Regulatory Commission, asked power executives at the conference whether their industry was prepared to make the big investments necessary to secure the grid against a big cyberattack.

"When it comes to cost cutting," Hebert suggested, "this may be one of the areas, quite frankly, that gets the knife."

Consumers, after all, would eventually be stuck with the bill, paying for those investments through higher rates and being told it was necessary to secure the power grid against a threat they had not actually experienced. Yet.

Copyright 2013 NPR. To see more, visit


He Died At 32, But A Young Artist Lives On In LA's Underground Museum

When Noah Davis founded the museum, he wanted to bring world-class art to a neighborhood he likened to a food desert, meaning no grocery stores or museums. Davis died a year ago Monday.

The Strange, Twisted Story Behind Seattle's Blackberries

Those tangled brambles are everywhere in the city, the legacy of an eccentric named Luther Burbank whose breeding experiments with crops can still be found on many American dinner plates.
WAMU 88.5

State Taxes, School Budgets And The Quality Of Public Education

Budget cutbacks have made it impossible for many states to finance their public schools. But some have bucked the trend by increasing taxes and earmarking those funds for education. Taxes, spending and the quality of public education.


Surfers And Scientists Team Up To Create The 'Perfect Wave'

Surfers once deemed man-made waves weak and mushy compared to the best that break along the coast. Then engineers and an 11-time world champion surfer showed just how good an artificial wave can be.

Leave a Comment

Help keep the conversation civil. Please refer to our Terms of Use and Code of Conduct before posting your comments.