As
Worries Over the Power Grid Rise, a Drill Will Simulate a Knockout Blow
Frank Franklin II/Associated Press
New
York City during a blackout in 2003. More than 150 companies and groups will
take part in a drill that will simulate attacks on the power grid.
By MATTHEW L. WALD
Published: August 16, 2013
- Facebook
- Twitter
- Google+
- Save
- E-mail
- Share
- Print
- Reprints
Connect With Us
on Twitter
Follow @NYTNational for breaking news
and headlines.
This
is why thousands of utility workers, business executives, National Guard
officers, F.B.I. antiterrorism experts and officials from government agencies
in the United States, Canada and Mexico are preparing for an emergency drill in
November that will simulate physical attacks and cyberattacks that could take
down large sections of the power grid.
They
will practice for a crisis unlike anything the real grid has ever seen, and
more than 150 companies and organizations have signed up to participate.
“This
is different from a hurricane that hits X, Y and Z counties in the Southeast
and they have a loss of power for three or four days,” said the official in
charge of the drill, Brian M. Harrell of the North American
Electric Reliability Corporation, known as NERC. “We really want to go
beyond that.”
One
goal of the drill, called GridEx II, is to explore how
governments would react as the loss of the grid crippled the supply chain for
everyday necessities.
“If
we fail at electricity, we’re going to fail miserably,” Curt Hébert, a former
chairman of the Federal Energy Regulatory Commission, said at a recent
conference held by the Bipartisan Policy Center.
Mr.
Harrell said that previous exercises were based on the expectation that
electricity “would be up and running relatively quick” after an attack.
Now,
he said, the goal is to “educate the federal government on what their
expectations should or shouldn’t be.” The industry held a smaller exercise two
years ago in which 75 utilities, companies and agencies participated, but this
one will be vastly expanded and will be carried out in a more anxious mood.
Most
of the participants will join the exercise from their workplaces, with NERC, in
Washington, announcing successive failures. One example, organizers say, is a
substation break-in that officials initially think is an attempt to steal
copper. But instead, the intruder uses a USB drive to upload a virus into a
computer network.
The
drill is part of a give-and-take in the past few years between the government
and utilities that has exposed the difficulties of securing the electric
system.
The
grid is essential for almost everything, but it is mostly controlled by
investor-owned companies or municipal or regional agencies. Ninety-nine percent
of military facilities rely on commercial power, according to the White House.
The
utilities play down their abilities, in comparison with the government’s. “They
have the intelligence operation, the standing army, the three-letter agencies,”
said Scott Aaronson, senior director of national security policy at the Edison
Electric Institute, the trade association of investor-owned utilities. “We have
the grid operations expertise.”
That
expertise involves running 5,800 major power plants and 450,000 miles of
high-voltage transmission lines, monitored and controlled by a staggering mix
of devices installed over decades. Some utilities use their own antique
computer protocols and are probably safe from hacking — what the industry calls
“security through obscurity.”
But
others rely on Windows-based control systems that are common to many
industries. Some of them run on in-house networks, but computer security
experts say they are not confident that all the connections to the public
Internet have been discovered and secured. Many may be vulnerable to software —
known as malware — that can disable the systems or destroy their ability to
communicate, leaving their human operators blind about the positions of
switches, the flows of current and other critical parameters. Experts say a
sophisticated hacker could also damage hard-to-replace equipment.
In
an effort to draw utilities and the government closer, the industry recently
established the Electricity Sub-Sector Coordinating Council, made up of
high-level executives, to meet with federal officials. The first session is
next month.
Preparation
for the November drill comes as Congress is debating laws that could impose new
standards to protect the grid from cyberattacks, but many in the industry, some
of whom would like such rules, doubt that they can pass.
The
drill is also being planned as conferences, studies and even works of fiction
are raising near-apocalyptic visions of catastrophes involving the grid.
A
National Academy of Sciences report last year said that
terrorists could cause broad hardship for months with physical attacks on
hard-to-replace components. An emerging effort led in part by R. James
Woolsey, a former director of the Central Intelligence Agency, is gearing
up to pressure state legislatures to force utilities to protect equipment
against an electromagnetic pulse, which could come from solar activity or be
caused by small nuclear weapons exploded at low altitude, frying crucial
components.
An
attack using an electromagnetic pulse is laid out in extensive detail in the novel “One
Second After,” published in 2009 and endorsed by Newt Gingrich. In another
novel, “Gridlock,” published this summer and
co-written by Byron L. Dorgan, the former senator from North Dakota, a rogue
Russian agent working for Venezuela and Iran helps hackers threaten the grid.
In the preface, Mr. Dorgan says such an attack could cause 10,000 times as much
devastation as the terrorists’ strikes on Sept. 11, 2001.
Despite
the growing anxiety, the government and the private sector have had trouble
coordinating their grid protection efforts. The utility industry argues that
the government has extensive information on threats but keeps it classified.
Government officials concede the problem, and they have suggested that some
utility executives get security clearances. But with hundreds of utilities and
thousands of executives, it cannot issue such clearances fast enough. And the
industry would like to be instantly warned when the government identifies
Internet servers that are known to be sources of malware.
Another
problem is that the electric system is so tightly integrated that a collapse in
one spot, whether by error or intent, can set off a cascade, as happened in
August 2003, when a power failure took a few moments to spread from Detroit to
New York.
Sometimes
utility engineers and law enforcement officials also seem to speak different
languages. In his book “Protecting Industrial Control Systems From Electronic
Threats,” Joseph Weiss, an engineer and cybersecurity expert, recounted a
meeting between electrical engineers and the F.B.I. in 2008. When an F.B.I.
official spoke at length about I.E.D.’s, he was referring to improvised
explosive devices, but to the engineers the abbreviation meant intelligent
electronic devices.
And
experts fear government-sponsored hacking. Michael V. Hayden, another former
C.I.A. director, speaking at the Bipartisan Policy Center conference, said that
the Stuxnet virus, which disabled some of Iran’s centrifuges for enriching
uranium, might invite retaliation.
“In
a time of peace, someone just used a cyberweapon to destroy another nation’s
critical infrastructure,” he said. “Ouch.”
1 comment:
A Power Grid Down Exercise would be a great time for the FBI/CIA Blackhats to install a micro nuclear device. The perfect "False Flag!" Don't expect anything during the exercise this time. In about 30-60 days afterwards though??? All hell will break lose and numbnuts in the WH will blame Assad.
Post a Comment