Will Vulnerable U.S. Electric Grid Get a New Protection Mandate?Vice President for Government Relations & Marketing for Sutherland Global Services
In the new Trump administration, protecting the electric grid will likely be a topic that garners serious attention, owing to President-elect Trump’s stated intentions to invest in upgrading and modernizing America’s energy infrastructure, which dovetails into another of his priorities: a strong focus on national security issues.
The grid itself is critical infrastructure comprising a network of more than 7,650 power plants, which are integrated via 450,000 miles of high-voltage transmission lines. Estimates are that the grid includes 70,000 transformer power substations and thousands of power generating units. The grid is mostly dependent on legacy technologies: 70 percent of transmission lines are at least 25 years old and approaching the end of their lifecycle, and 60 percent of the circuit breakers are more than 30 years old, compared to useful lives of 20 years. The aging infrastructure and increasing demand for power have made the grid susceptible to “cascading failures,” where the failure of one component leads to a series of failures.
Threats to the grid are multiple and varied. The risk landscape includes cybersecurity attacks, physical assaults on utilities or power plants themselves, and Electronic Magnetic Pulse (EMP) disturbances generated from a geomagnetic solar flare or from a nation-state or terrorist short range missile.
Over the past 150 years, the earth has been struck by more than 100 solar storms. Pete Riley, a senior scientist at Predictive Science in San Diego, California, predicted that there is a 1 in 8 chance of a catastrophic solar mega storm by 2020. In 2008, the National Academy of Sciences estimated that the damage and disruption of the grid caused by a solar flare could cost up to $2 trillion in economic damages, with a full recovery time of four to 10 years.
“We have 18 critical infrastructures – food, water, medical care, telecommunications, investments, the works – and all 17 of the others depend heavily on the electric grid,” said former CIA Director, James Woolsey, before the Cybersecurity and EMP Legislative Working Group. Calling the electric grid “one of our greatest national vulnerabilities,” Woolsey added, “If you get up into months or years of the electric grid going down, you move us back not into the 1980s, pre-Web, but into the 1880s, pre-electric grid.”
Grid vulnerabilities were highlighted when hackers hit Ukraine’s power grid, leaving 700,000 people without power.
Recent examples of electric grid vulnerabilities were highlighted by the cyberattack against Ukraine’s power grid, which left 700,000 people without power. The Department of Homeland Security (DHS), which has partial jurisdiction for protecting the grid, intensified its warnings to U.S. utility operators after the Ukrainian attack.
Admiral Mike Rogers, head of the National Security Agency (NSA) and U.S. Cyber Command, has stated that several countries now have the ability to launch a cyberattack that could shut down the entire U.S. power grid and other critical infrastructure.
Rising Awareness of Threat to the Grid
Because of a spate of incidents and the growing interdependence of the economy on the electrical grid, the House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies has held bi-partisan hearings addressing the threats and implications.
There are many ways to help mitigate these threats. Some of those include: shielding and hardening targets—grid protection by protecting against surges and voltage; decentralization and employment of off-grid or “distributed-grid” networks; phased voltage stabilization systems and resistors for redirecting and balancing energy; mandating enhanced security standards, training and contingency planning, and establishing mechanisms for sharing information on vulnerabilities and threats. Systematic resiliency planning is also vital for restoring power for various contingencies. These technologies are available for protecting the grid; it comes down to investment and leadership to ameliorate vulnerabilities.
Finding solutions will require co-investment, strong public/private sector partnering and collaboration in research, development, and prototyping. That partnership must include an accelerated effort to fund and design new technologies to protect the utilities from natural or man-made electromagnetic surges; further protect hardware and software in control networks from cyberattack; and provide enhanced physical security. Federal agencies should be provided with specific mission jurisdictions for implementing policy frameworks.
While cost projections vary, the investment to protect civilization is a small price to pay. Bill Harris, a board member of the Foundation for Resilient Societies, believes that the required investment is affordable. He estimates that protecting 200 to 700 of the most critical large power transformers would cost $80 million to $280 million and additional protection against solar storms would cost between $8 million and $28 million, for a combined cost equaling about $1 dollar per person living in the U.S.
The Critical Infrastructure Protection Act—which would enable the DHS to implement practical steps to protect the electric grid by training and mobilizing first responders for possible EMP events—was included in the National Defense Authorization Act 2017, which was passed by the House on Dec. 5.