Are Hackers Threatening to Punch America’s Lights Out?
Today's the day! We've officially launched the Investment U Bookstore. To celebrate, we're offering a 50% discount on Sean Brodrick's latest report, "Smart Grid Security: Cash In on These Four Companies as They Prepare to Secure Our Nation" (click here for details). As you'll read in today's piece, the timing of Sean's report couldn't be better. Because right now utilities and government agencies are throwing tons of cash at a select group of security firms. Find out why below.
On any given day, there’s a 1-in-4 chance someone is attacking the U.S. power grid - either physically or in cyberspace. What’s worse is small security breaches in our power grid systems could be ripped wide open... That could shut down power for thousands or even millions of Americans.
And that’s not even the really scary stuff.
Welcome to the world of the 21st Century Power Grid - more interconnected, more interdependent and potentially more vulnerable than ever.
It’s not that utilities aren’t aware of problems. Of course they are. They’ve been paying close attention ever since the most severe attack on a U.S. power grid happened in 2013.
That’s when someone cut phone cables that could send an alarm just before snipers opened fire on an electrical substation outside San Jose, California. That substation feeds into a grid that funnels power to Silicon Valley.
Within minutes, the snipers surgically knocked out 17 giant and expensive transformers.
I wrote about the power grid for Investment U back in April 2014. To be sure, that California attack was a wakeup call for the industry. Power companies cranked up security at substations nationwide.
But the next attack may not be physical. It may be in cyberspace.
The problem for U.S. utilities is their control systems weren’t originally designed to be connected to the Internet. Hackers can infiltrate, smash and crash the complex systems that run America’s three major power grids.
A widespread outage could greatly impact you. For as long as it lasts, you’d have no access to ATMs... air-conditioning and many heating systems wouldn’t work... cellphones would just be lumps of metal and plastic.
Driving to the office would be like navigating an obstacle course because traffic lights wouldn’t work. At the supermarket, food would go bad due to the lack of power backups for freezers and refrigeration units.
And if you ran out of gas, well... gas stations need electricity, too.
Spending Is Soaring
A government report issued last year said that U.S. utilities are expected to spend about $7 billion on cybersecurity by 2020. Given the constantly shifting nature of cyberthreats, the cost could be much higher.
The more America moves toward a smart grid, the more vulnerable our systems become. Eventually, all networks will become interconnected. That could leave America’s power grid even more open to cyberattacks.
And if just a small number of U.S. substations were knocked out at once, the entire system would destabilize. This could cause a blackout encompassing most of the U.S. That’s according to a study by the Federal Energy Regulatory Commission (FERC).
Jon Wellinghoff, former chairman of FERC, told reporters our power grid is currently "too susceptible to a cascading outage" because of its reliance on a few critical substations and other physical equipment.
An internal FERC report laid out a worst-case scenario in which hackers disabled as few as nine substations while simultaneously sabotaging one of the few companies that make electrical transformers.
This could plunge America into a total blackout. How long would it last? The FERC report said up to 18 months. Yikes!
Power companies officially reported 14 cyberattacks in the past three years. However, it all depends on how you define “attack.”
The branch of the Department of Homeland Security that monitors cyberthreats received reports of 151 cyber incidents related to the energy industry in 2013. That’s up from 111 in 2012 and 31 in 2011.
In a TV interview, Gerry Cauley, president and CEO of North American Electrical Reliability Corporation, said, “On any given day there are thousands of attempts to probe and get into the networks and control systems of the power grid.” He added: “We have the defenses to prevent that.”
That’s been the case so far, at least.
In a press report, FERC Commissioner John Norris said he believes America should focus on technologies like microgrids. These can quickly isolate damaged components from the rest of the network in the event of an attack. Advanced technologies can also alert companies to incidents before they spiral out of control.
The Foreign Threat
China and other countries have the know-how to launch a cyberattack that would shut down the entire U.S. power grid and other critical infrastructure. That’s according to Admiral Michael Rogers, head of the National Security Agency and U.S. Cyber Command.
Speaking to Congress last year, he said special software has been detected in China that could damage our power company networks and other critical systems.
Meanwhile, former director of national intelligence Mike McConnell disclosed a startling fact in a speech at the University of Missouri recently. He said: “The Chinese have penetrated every major corporation of any consequence in the United States and taken information.
“We've never, ever not found Chinese malware.”
Why would the Chinese do that? The reason is there are no risks to them if they get caught. They can steal a treasure trove of information.
Of course, a worrywart might wonder if the Chinese are placing that software in critical power grid systems “just in case.”
The Good News
There has never been a successful attempt to cause a power outage via cyberattack in the U.S. And hopefully it will stay that way.
I guess it all comes down to why you think that attack on transformers powering Silicon Valley happened. The folks who did it weren’t amateurs. They took care to leave no fingerprints behind. They’ve also never been caught.
Were they really smart guys out to prove a point? Or were they running a test... a trial run for a potential act of war?
Either way, U.S. utilities are coordinating more closely than ever with the federal government and each other to share threat information...
And they’re throwing bags of money at select companies to deploy new tools and technologies that can detect attacks and protect their assets.
All the best,
Have thoughts on this article? Leave a comment below.