In the 1983 thriller WarGames, Matthew Broderick plays a teen-age computer geek who unknowingly signs onto a Pentagon computer while hacking into a toy company’s new computer game. Thinking that he’s simply playing a game called Global Thermonuclear Warfare, Broderick launches the game and nearly starts a nuclear war. The North American Electric Reliability Council (NERC) will hold its own war game next month with a simulated attack on the U.S. power grid.
The drill, called GridEx II, will take place on November 13-14 of this year. The participants will include 65 utilities and eight regional transmission organizations, representing most of the nation’s electricity customers. The drill will test how well the electric utility industry and the grid itself respond to physical and cyber attacks.
A NERC Critical Infrastructure Protection Committee (CIPC) working group will begin the drill by sending participants a series of simulated physical and cyber attacks, climaxing in a national security emergency. Participants will then respond and interact with each other, just as they would in a real emergency. The simulation will last 36 hours, and the CIPC working group will evaluate the participants’ responses and provide feedback on how their actions impact the ongoing scenario. After the drill, the working group will analyze the results and prepare a report on lessons learned.
If Ben Franklin lived today, he might say that nothing is certain but death, taxes and cyber-attacks. Cyber-attacks occur when individuals or groups hack into another group’s computer information systems to steal, alter or damage key infrastructure. Our nation’s electric grid is under constant attack according to a survey of electric utilities by U.S. House Representatives Henry Waxman and (now) Senator Edward Markey. The grid was the greatest engineering achievement of the 20th Century, but cybersecurity was equally unknown to those grid engineers as it was to Ben Franklin. We need to do more to protect our energy infrastructure.
The U.S. has finally called out China for repeated and pervasive cyber-attacks. Mandiant, a cybersecurity firm, released an alarming report in February 2013 regarding the ongoing cyber-attacks by the Chinese army. James Clapper, the Director of National Intelligence, described cyber-attacks as a soft war already underway and a dire global threat in his April 2013 World Threat Assessment to the U.S. House Permanent Select Committee on Intelligence. In May of this year, for the first time, the Pentagon’s annual report to Congress on the Chinese military openly accused China’s military of repeated cyber-attacks on the U.S. government and defense contractors.
Cyber-attacks are underway not only by China, but also by Iran, Russia, Al-Queda, organized crime, industrial spies, ex-utility employees and rogue hackers. The U.S. Department of Homeland Security investigated over 200 serious cyber-attacks against critical infrastructure during the first half of 2013. The electric grid was targeted in over half of these attacks. At the recent Black Hat security conference in Las Vegas, Cyrill Brunschwiler of Compass Security explained how the smart grid’s wireless network can be easily exploited to steal electricity and to cause massive blackouts. Though innovation and new clean energy technologies are key to modernizing our antiquated energy system, the electric grid is more vulnerable to cyber-attacks with increased use of smartphones, tablets, mobile apps and electric vehicles to connect with our home electronic devices. A July 2012 report by the Government Accountability Office (GAO) outlines the various threats to the electric grid.