On Friday morning, a series of power outages struck New York City, San Francisco, and Los Angeles. Officials tracked down the root causes of each issue, none of which seemed to be related to cyber attacks, but the incidents got a lot of people thinking about how vulnerable the United States’ power grid is to terrorist attacks — not to mention weather and squirrels.
The outage in New York City disrupted public transit, but not much else since it was limited to a single subway station. In Los Angeles, things were a bit more serious, with passengers experiencing difficulties and delays at Los Angeles International Airport, as well as power losses in some other areas around the city. San Francisco got it worst, with outages causing gridlock and taking some companies’ websites offline. The city was pretty much out of commission until power came back on.
So while these concurrent power grid failures appear to be unrelated accidents, they gave the U.S. a snapshot of what a power grid attack might look like. They also raise the question: What is being done now to protect the grid?
Earlier this year, the U.S. Department of Energy published a report saying that the nation’s electrical grid “faces imminent danger” from cyber-attacks. Given growing fears over cyber-attacks, whether DDos attacks affecting the internet of things or international efforts to undermine U.S. democracy, even the most absurd concerns that the U.S. power grid could be targeted by cyber-attacks are not totally out of line.
“There is a cyber war looming on the horizon, which will be many times more devastating than any imaginable nuclear war,” cybersecurity influencer John McAfee told Inverse in 2016. “We will be back in the Stone Age.”
And while this point may be blown out of proportion, the main premise is worth noting: We’re living in a time of constant cybersecurity threats. Fortunately, the DOE is at least aware of this landscape.
“Cyber threats to the electricity system are increasing in sophistication, magnitude, and frequency,” reads the DOE’s Quadrennial Energy Review. “The current cybersecurity landscape is characterized by rapidly evolving threats and vulnerabilities, juxtaposed against the slower-moving deployment of defense measures.”
So how are these defense measures catching up to cyber-attack capabilities?
The DOE report outlines “76 recommendations to boost energy, including increasing the collection of data about online breaches from utilities,” reports Bloomberg. “Separately, it called for extending tax credits to boost construction of new nuclear reactors. Overall, the report said, total investment requirements necessary for grid modernization range from $350 billion to $500 billion.”
Modernizing the U.S. power grid would include increased data collection, which would help track security breaches more quickly. Many consumer advocacy groups argue that this enhanced data collection also undermines individuals’ privacy, though. This is a balance that public policy will need to help address as the DOE moves forward with enhancing security and resiliency for the power grid.
Physical improvements would help improve power grid resiliency as well. This could include measures like redundancy, which means increasing the amount of equipment such as generators and switching stations that could come online in the event of a failure somewhere in the grid.
Another huge area in which we need help is good old-fashioned cybersecurity literacy. An embarrassing number of high-profile cybersecurity breaches can be traced to phishing attacks, in which people click sketchy links that allow hackers to install malware on their computers. This is how Hillary Clinton’s email server was hacked in 2016, and it’s how the iCloud hack known as “The Fappening” happened in 2014, just to name a couple.
Many government employees and private utility employees access sensitive servers every day, and many of these at people simply haven’t been trained in how to protect their computer networks. No matter how beefy your network security is, it can all be brought down by one person clicking on a link in an email from an unknown sender.
That’s by no means meant to downplay the importance of the kinds of security enhancements proposed by the Department of Energy. But any improvements to power grid security must also be accompanied by education at all levels, as well as public policy solutions to address individuals’ privacy amid enhanced cybersecurity efforts. Otherwise, power outages like we saw on Friday in New York City, San Francisco, and Los Angeles might become all too familiar.