Reading Time: 3 minutes
“Revolution” is a TV show that depicts Americans struggling to restore society after it collapses in the wake of the power going off everywhere. In this scenario, a government project inadvertently suppresses all electricity. No lights, planes, cars, radios, TVs or computers.The consequences portrayed in the show are apocalyptic. Millions die because the water supply and food distribution system collapses. Government’s collapse and the survivors war to control the resources left over by the formerly rich society and struggle to reconstitute civil order.Science fiction? Yes.

However, all good science fiction has some basis in fact.

In this case, we need to be aware that there are people in this world who are working very hard to literally turn off the power in America. Who would want to do such a thing? It seems the names that come up the most are the Chinese and the Iranians, but there are a host of anarchists and anti-capitalist out there working on this too.

If you don’t believe it, or doubt the seriousness of the problem you should read the House Congressional Report released earlier this year on “Electric Grid Vulnerability”.

The report was prepared by Representatives Edward J. Markey and Henry A. Waxman who requested information recently from more than 150 investor owned utilities (IOUs), municipally-owned utilities, rural electric cooperatives, and federal entities that are part of the power grid. Approximately 60% of these parties responded

The report reaches the following very troubling conclusions on cyber-attacks. Note: The NERC refers to the National Electric Reliability Corporation, an industry organization.

The electric grid is the target of numerous and daily cyber-attacks.

  • More than a dozen utilities reported “daily,” “constant,” or “frequent” attempted cyber-attacks ranging from phishing to malware infection to unfriendly probes. One utility reported that it was the target of approximately 10,000 attempted cyber-attacks each month.
  • More than one public power provider reported being under a “constant state of ‘attack’ from malware and entities seeking to gain access to internal systems.”
  • A Northeastern power provider said that it was “under constant cyber attack from cyber criminals including malware and the general threat from the Internet…”
  • A Midwestern power provider said that it was “subject to ongoing malicious cyber and physical activity. For example, we see probes on our network to look for vulnerabilities in our systems and applications on a daily basis. Much of this activity is automated and dynamic in nature – able to adapt to what is discovered during its probing process.”

Most utilities only comply with mandatory cyber-security standards, and have not implemented voluntary NERC recommendations.

  • Almost all utilities cited compliance with mandatory NERC standards. Of those that responded to a question of how many voluntary cyber-security measures recommended by NERC had been implemented, most indicated that they had not implemented any of these measures.
  • For example, NERC has established both mandatory standards and voluntary measures to protect against the computer worm known as Stuxnet.

Of those that responded, 91% of IOUs, 83% of municipally- or cooperatively-owned utilities, and 80% of federal entities that own major pieces of the bulk power system reported compliance with the Stuxnet mandatory standards. By contrast, of those that responded to a separate question regarding compliance with voluntary Stuxnet measures, only 21% of IOUs, 44% of municipally- or cooperatively owned utilities, and 62.5% of federal entities reported compliance. “

Clearly, not enough is being done. As the report states “There are numerous examples of such cyber-attacks, including the attack on Saudi Aramco, which destroyed the hard drives of more than 30,000 computers at the Saudi state-run oil company.” They conclude “The rate of such cyber-attacks against American corporate and government infrastructure is on the rise and unlikely to abate.”

Could cyber-attacks really turn off the lights like the in the fictional Revolution?
Probably not, if you mean a complete long term shutdown.

However, even short term shutdowns are a nightmare not to mention expensive. Living in NJ I have experienced week long outages from Hurricane Irene in 2011 and again with Sandy in 2013. It’s not fun!

Importantly, the bad guys are working really hard at it and we can expect them to get better at causing mischief. Ironically, the report concludes that otherwise much needed automation and integration of systems via the network, that have improved the efficiency of the Grid have also made it more vulnerable. These particular Congressmen are attempting to revive legislation called the GRID act that passed the House in unusually bi-partisan manner and, as often the case, died in the Senate. I’m not sure about the particulars of this legislation. Some say it would expand government power to mandate new industry requirements too much.

However, we better make sure we do defend ourselves in this cyber war or we just may wakeup some day in the dark.

Best ITSM Tools