WASHINGTON (CN) - Is the U.S. prepared for a major cyber attack on the electric grid? Apparently not, according to testimony before members of the House Transportation and Infrastructure Committee on Thursday.
However, nobody really knows because a large-scale cyber attack has yet to happen.
Rep. Bill Shuster, R-Pa., chairman of the Economic Development, Public Buildings and Emergency Management subcommittee, says the federal government does not have a basic planning scenario to deal with the consequences of a massive cyber attack that takes out power for an extended period of time.
"Virtually all critical infrastructure is dependent on the electrical grid, particularly the lifeline sectors - telecommunications, transportation, water and financial services," Shuster said. "And if the goal of the bad guys is to collapse the United States' economic system, they are going to try to cut off the power."
Cyber attackers have already gained access to the networks that control the electric grid and have stolen data, according to a 2015 investigation by the Associated Press.
In 2012, more than 40 percent of all cyber attacks targeted the energy sector, according to the U.S. Department of Homeland Security. That number jumped to 54 percent in 2013, but fell to 32 percent in 2014.
Still, some - including investigative journalist Ted Koppel - have cautioned that a cyber attack could take out large chunks of the power grid for weeks, possibly months.
In opening remarks during Thursday's subcommittee hearing to explore the risks of and preparedness for cyber attacks on the energy grid, Shuster noted that Koppel found the U.S. should plan for six to 18 months of uninterrupted blackouts following a major attack.
Industry officials, on the other hand, have said a major cyber attack would take out electricity for a matter of days, not weeks or months, Shuster added.
In the event of widespread power outages lasting weeks or months, "local governments will need to plan for increased public safety, water treatment, sheltering or evacuation, fuel delivery for generators and many other contingencies," Shuster said.
He said he has not talked to a local leader yet who can give an answer about how prepared they are for prolonged outage.
That might be because many communities have not planned for operating in a crisis, according to witness W. Craig Fugate, administrator of the Federal Emergency Management Agency (FEMA).
Critical infrastructure lifelines need to have adequate emergency power to weather extended outages, but most would fail under the full load of a crisis, Fugate said.
It will be essential to keep water and wastewater systems running as there is no good way to manage a scenario where those systems go offline, he added.
Fugate said good news can be found within the energy industry, which is learning how to get systems back up.
"But there's still a lot that we don't know," he cautioned.
So far, U.S. preparation for power failures has been based on more familiar experiences, like extreme weather events. In 2012, Hurricane Sandy knocked out power for more than 8 million people in 17 states, leaving some New Yorkers in the dark for nearly two weeks.
But cyber threats could pose very different challenges to the electric grid.