Hearing Addresses Preparation for Blackout

     WASHINGTON (CN) – Is the U.S. prepared for a major cyber attack on the electric grid? Apparently not, according to testimony before members of the House Transportation and Infrastructure Committee on Thursday.
     However, nobody really knows because a large-scale cyber attack has yet to happen.
     Rep. Bill Shuster, R-Pa., chairman of the Economic Development, Public Buildings and Emergency Management subcommittee, says the federal government does not have a basic planning scenario to deal with the consequences of a massive cyber attack that takes out power for an extended period of time.
     “Virtually all critical infrastructure is dependent on the electrical grid, particularly the lifeline sectors – telecommunications, transportation, water and financial services,” Shuster said. “And if the goal of the bad guys is to collapse the United States’ economic system, they are going to try to cut off the power.”
     Cyber attackers have already gained access to the networks that control the electric grid and have stolen data, according to a 2015 investigation by the Associated Press.
     In 2012, more than 40 percent of all cyber attacks targeted the energy sector, according to the U.S. Department of Homeland Security. That number jumped to 54 percent in 2013, but fell to 32 percent in 2014.
     Still, some – including investigative journalist Ted Koppel – have cautioned that a cyber attack could take out large chunks of the power grid for weeks, possibly months.
     In opening remarks during Thursday’s subcommittee hearing to explore the risks of and preparedness for cyber attacks on the energy grid, Shuster noted that Koppel found the U.S. should plan for six to 18 months of uninterrupted blackouts following a major attack.
     Industry officials, on the other hand, have said a major cyber attack would take out electricity for a matter of days, not weeks or months, Shuster added.
     In the event of widespread power outages lasting weeks or months, “local governments will need to plan for increased public safety, water treatment, sheltering or evacuation, fuel delivery for generators and many other contingencies,” Shuster said.
     He said he has not talked to a local leader yet who can give an answer about how prepared they are for prolonged outage.
     That might be because many communities have not planned for operating in a crisis, according to witness W. Craig Fugate, administrator of the Federal Emergency Management Agency (FEMA).
     Critical infrastructure lifelines need to have adequate emergency power to weather extended outages, but most would fail under the full load of a crisis, Fugate said.
     It will be essential to keep water and wastewater systems running as there is no good way to manage a scenario where those systems go offline, he added.
     Fugate said good news can be found within the energy industry, which is learning how to get systems back up.
     “But there’s still a lot that we don’t know,” he cautioned.
     So far, U.S. preparation for power failures has been based on more familiar experiences, like extreme weather events. In 2012, Hurricane Sandy knocked out power for more than 8 million people in 17 states, leaving some New Yorkers in the dark for nearly two weeks.
     But cyber threats could pose very different challenges to the electric grid.
     “The threats will continue to evolve,” said Patricia A. Hoffman with the Department of Energy, adding that the agency is working to stay ahead of the curve.
     “The grid, by its very design, is resilient,” she said, adding that it can adapt to rapidly changing demands, flows and climate.
     Her testimony was in stark contrast to that of Richard Campbell of the Congressional Research Service, who said long-term and widespread outages are possible.
     Various parts of the electric grid are vulnerable to failure from natural, operational or man-made events, Campbell said.
     “The extent to which these events could damage the grid will depend upon the severity of the incident,” he added.
     Noting that much of the infrastructure serving the power grid is aging, Campbell said new technologies are being integrated into the infrastructure with internet connectivity.
     While this can improve efficiency and performance of the grid, it “may also increase its vulnerability to cyber attacks launched from the internet,” he cautioned.
     “In 2014, the National Security Agency reported that it had seen intrusions into industrial control systems with apparent technical capability to take down the control systems that operate U.S. power grids, water systems and other critical infrastructure,” Campbell said.
     The first blackout from a cyber attack happened in 2015 in Ukraine, and took out the power for about 250,000 people, with outages lasting up to six hours.
     Industrial control and operating systems of multiple regional utilities were targeted in that attack, Campbell noted, adding that the attackers targeted other critical infrastructure to try to impair recovery efforts.
     “Well-informed terrorists could black out a large region of the country for weeks or even months,” he said, citing a 2012 National Research Council report.
     The impact could be devastating during summer or winter months, and could result in hundreds or even thousands of deaths during extreme weather, Campbell added.
     “A systematic attack of this sort could cost the US economy hundreds of billions of dollars,” he said.
     Transformers – one of the major components in the electric grid – could pose the greatest challenge in preparation for widespread, long-term outages, Campbell said.
     They are big, expensive, and time-consuming to manufacture and difficult to transport. Transformers can range in price from $5 to $10 million, Hoffman noted during her testimony.
     “The strategic destruction of a number of critical, high-voltage transformers could use up the limited inventory of spare units,” Campbell noted, adding that “it could take months or years to build new units.”
     This would significantly impair recovery efforts in the wake of a massive cyber attack that caused widespread outages, he said.
     Currently, the U.S. does not have a sufficient stockpile of transformers. However, the Energy Department has been tasked with implementing a transformer reserve plan under the parameters of the 2015 Fast Act.
     Hoffman indicated that there are several transformer manufacturers in the U.S., but said we need more and should consider a transformer sharing project.
     The Energy Department’s 2017 budget request contains a component that would allow the agency to explore the next generation of transformers, she said. The agency is also looking at spare components on extra transformers, and will undertake testing to better understand their vulnerability.
     The Department of Energy is in the process of evaluating spare electric capacity, and where to locate a reserve stockpile of transformers. Transporting them during a crisis could pose an issue, because many electric substations are located in remote places, Hoffman said.

%d bloggers like this: