By Lisa Vaas  |  Posted 2007-10-19 Print this article Print

: Power Grid Defense Is Weak"> In the wake of the Idaho National Laboratory test that blew up an electrical generator with a simulated cyber-attack and revealed the fragility of the nations electrical infrastructure, a congressional panel on cyber-security is calling for an investigation into how well electric sector owners and operators have implemented security mitigations developed by the U.S. Department of Homeland Security and Department of Energy. The danger is growing, many say, given the increasing number of touch points between the United States power infrastructure and the wild and dangerous world of the Internet. "Once largely proprietary closed systems, control systems are becoming increasingly connected to open networks, such as corporate intranets and the Internet. As such, the cyber-risk to these systems is increasing," said Rep. Jim Langevin, D-R.I., chairman of a House of Representatives cyber-security panel, in an opening statement for an Oct. 17 hearing devoted to the cyber-threat to utility control systems and the stronger regulations that are necessary to secure the electric grid.
According to Langevin, whats at stake is a power system worth more than $1 trillion, comprising more than 200,000 miles of transmission lines and more than 800,000 megawatts of generating capability that serves over 300 million people through the United States and Canada. The effective functioning of this infrastructure is highly dependent on control systems, which are computer-based systems used to monitor and control sensitive processes and physical functions.
"Intentional and unintentional control system failures on the bulk power system could have a significant and potentially devastating impact on the economy, public health and national security of the U.S.," Langevin said in his opening statement, which is posted here. Airports are turning to full-body scans. Click here to read more. "For a society whose every function depends on reliable power, the disruption of electricity to chemical plants, banks, refineries, hospitals, water systems and military installations presents a terrifying scenario. We will not accidentally stumble upon a solution to these problems. Instead, we must dedicate a lot of hard work and resources to secure our systems," he said. To that end, the Federal Energy Regulatory Commission has proposed implementing a set of reliability standards developed by the North American Electric Reliability Corp. However, members of the cyber-security committee have found those standards to be woefully inadequate, Langevin said. "The NERC standard focuses on the reliability of the bulk power system as a whole, ignoring the homeland security impact that loss of power in a region can have," he said. The House committee faults the standards for a failure to cover a "significant number of assets" that are critical to keeping the nations electricity flowing—specifically, they neglect any requirements regarding electric sector owners and operators securing generation units, distribution units or telecommunications equipment. "But we know from countless real-world examples that these units are highly vulnerable to intentional and unintentional cyber-events," Langevin said. "Knocking any of these units off could affect the power supply to our nations critical infrastructure." The proposed NERC standards would require certain users, owners and operators of the grid to establish plans, protocols and controls to safeguard physical and electronic access to systems, to train personnel on security matters, to report security incidents and to be prepared to recover information. The Idaho National Labs formerly classified demonstration of blowing up a generator, revealed by Homeland Security officials in September and subsequently aired in part by CNN, was a dramatic illustration of how control systems can be used to inflict critical damage onto physical structure—specifically, a turbine. Page 2: Congress: Power Grid Defense Is Weak

Lisa Vaas is News Editor/Operations for and also serves as editor of the Database topic center. Since 1995, she has also been a Webcast news show anchorperson and a reporter covering the IT industry. She has focused on customer relationship management technology, IT salaries and careers, effects of the H1-B visa on the technology workforce, wireless technology, security, and, most recently, databases and the technologies that touch upon them. Her articles have appeared in eWEEK's print edition, on, and in the startup IT magazine PC Connection. Prior to becoming a journalist, Vaas experienced an array of eye-opening careers, including driving a cab in Boston, photographing cranky babies in shopping malls, selling cameras, typography and computer training. She stopped a hair short of finishing an M.A. in English at the University of Massachusetts in Boston. She earned a B.S. in Communications from Emerson College. She runs two open-mic reading series in Boston and currently keeps bees in her home in Mashpee, Mass.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel