Tuesday, June 8, 2021

No, a cyberattack isn’t going to shut down the power grid

Note from Tom: I’ve moved my email feed from FeedBurner (who’s getting out of this business in July) to Follow.It. If you aren’t getting my posts anymore, just hit the Subscribe button in the top right. And if you’d like to start receiving these posts in your email inbox, also hit the Subscribe button.

On Monday, CNN published a story that led off with this:

Energy Secretary Jennifer Granholm on Sunday warned in stark terms that the US power grid is vulnerable to attacks.

Asked By CNN's Jake Tapper on "State of the Union" whether the nation's adversaries have the capability of shutting it down, Granholm said: "Yeah, they do."

"There are thousands of attacks on all aspects of the energy sector and the private sector generally," she said, adding, "It's happening all the time. This is why the private sector and the public sector have to work together."

I’m sure Secretary Granholm meant well when she said that – not wanting to lull people into thinking the problem of grid security was solved, trying to prime the pump for more cybersecurity spending, etc. But the fact is that adversaries don’t have the capability to shut down the “US grid” with a cyberattack – or even multiple simultaneous attacks.


I don’t think anyone at all familiar with how the electric power industry works in the US will be surprised by this statement. But a lot of other people really do think this is possible, motivated as far as I know by movie plots. You might sell a lot of tickets if you show the whole US grid collapsing, but you have to classify the movie as fantasy, because that’s what it is. Here are some of the major reasons why I say a cyberattack that would take out the whole or even a large portion of the US grid - hell, even just 3 or 4 states - is about as probable as the discovery of Bigfoot in a Wall Street bank:

·        The US participates in three completely disconnected AC grids: The Eastern and Western Interconnects and ERCOT, which covers a large portion of Texas (Quebec also has its own grid).

·        To bring down the US grid, you would have to launch devastating attacks on all three Interconnects.

·        There’s no single point – or even 4 or 5 points – that you could attack to bring down a whole Interconnect. So in each Interconnect, you would have to launch devastating attacks on a number of assets at exactly the same time. And they would all have to be the same type of asset: generating plants, distribution substations and control centers, or transmission substations and control centers.

·        Forget about causing a cascading outage by attacking generating plants. See my quote at the end of this 2018 E&E News article and the post I wrote on the subject shortly afterwards.

·        And forget distribution substations and control centers.

·        This leaves transmission substations and control centers. In theory, if you were to penetrate enough control centers and substations in each Interconnect, you might cause a widespread cascading outage. How many? I’d guess at least ten per Interconnect, but it’s probably more than that (certainly in the Eastern and Western Interconnects, perhaps not in ERCOT).

·        But you really can’t attack transmission substations. Their control systems are virtually never connected to the internet. They’re always connected to a control center, though, and control centers are almost all connected to the internet.

·        So how do you get into a control center? Download a script from the dark web, type in an IP address (handily displayed on a utility’s web site, since as we all know utilities are quite happy to give you all the information you’d possibly need to attack them 😊), and hit Go (or whatever the button is called. I haven’t launched any devastating grid attacks lately, so I can’t remember what the button says)?

·        I regret to say it’s a lot harder than that. In fact, the sharpest attackers are constantly pounding on transmission and distribution control centers, and there’s never been a successful cyberattack on a single one in North America (as well as much of the rest of the world). In part because control centers have been protected by really tough cyber regulations for almost 20 years (by NERC CIP since 2009, and by NERC Urgent Action 1200 and 1300 before then) and also because everyone understands that they’re really crucial, you ain’t going to get in, period. And you certainly aren’t going to get into ten of them (per Interconnect).

Of course, causing a purely local outage (e.g. the area served by a single line or substation) is much more possible through a cyber attack – but again, it’s never happened in North America, and is very unlikely to. However, local outages happen all the time. Storms and squirrels are by far the biggest causes of those.

But this isn’t to say a total US grid collapse is inconceivable. An EMP event could conceivably do it. Or a solar storm – perhaps the size of the Carrington Event, which hit the US in 1859, before there was any electric infrastructure besides telegraph wires. Either of these would be devastating. In fact, a US government commission in 2008 said that, in the event of a total grid collapse caused by an EMP which caused an outage lasting a year, 66-90% of the US population would not just be badly inconvenienced. They would die.

So if you want to worry about a devastating grid attack, worry about EMP. And ask Vladimir Putin, Kim Jong-un and Xi Jinping (and maybe Ayatollah Khamenei in a few years) to please not cause one.

Note 6/13: Tim Roxey made excellent comments - and then some - on this post. You can find them here.

Any opinions expressed in this blog post are strictly mine and are not necessarily shared by any of the clients of Tom Alrich LLC. Nor are they shared by the National Technology and Information Administration’s Software Component Transparency Initiative, for which I volunteer. If you would like to comment on what you have read here, I would love to hear from you. Please email me at tom@tomalrich.com.


No comments:

Post a Comment