Power Grid Attack
It sounds like a plot from a Doomsday Prepper novel. A hacker with a grudge plots revenge on the entire country with an attack on the power grid. The blackout triggers the collapse of civilization. Millions die in ensuing riots and disorder. A few of the better prepared emerge from the chaos to rebuild their town and…
Prepper Novels aside, a growing threat from other countries, terrorist groups, hacktivist groups, and otherwise motivated individuals, both from inside and outside the United States, execute cyber attacks on the United States Power Grid and the smaller state distribution grids with alarming regularity. Countries like China, Russia, and Iran seek access to disrupt or manipulate commerce, elections, and government functions.
Hacktivist groups work to undermine systems for their cause. Terrorists seek attention by claiming responsibility for their actions. Some people have other motivations. And it’s not just cyber-attacks, physical attacks can cause as much or more damage.
In 2023, two individuals, one a neo-Nazi, were charged with plotting to take down the Baltimore, Maryland distribution grid. Their racially motivated plot targeted the city for its African American majority population. They planned to inflict damage with an illegally purchased rifle.
Substations are critical infrastructure. The substation reduces electricity as high as 139,000 to 750,000 volts to much lower voltages for use in cities, towns, and rural areas. Some large industries have their own substation. image: Waldemar Zielinski
U.S. Power Grid Attack Vulnerability
After household electricity became more commonplace in the cities, the United States began the rural electrification project to bring electricity to rural homes and farms. By the 1950s, most of the country had electricity. The utilities have continued to expand, but much of the original equipment remains in place. Take a ride down old rural roads and see utility poles with glass insulators and a single wire delivering electricity to farms.
“The underlying reality is that from an energy frequency perspective, the aging U.S. Energy Grid infrastructure is extremely vulnerable to cyber-attacks, physical incidents, and existential threats.” ~Forbes, 2023
However, the method of controlling old equipment still in use has changed. Increased automation through information technology (IT) and operational technology (OT) have wrought almost miraculous performance. Instead of sending a crew to make an adjustment or solve a problem, an operator in a central office makes a change on a computer, and the change is implemented from far away.
Adding automation, data communication, and technology opened doorways that never existed before the internet and other data communication networks.
Now, the effort to move or deliver electricity with great efficiency makes new policies necessary to thwart the efforts of malicious actors. Although nation state sponsored attacks present the highest threat, other organizations cannot be taken lightly.
The Power Grid has three main components: generating stations or power plants, transmission equipment for moving power long distances between states and regions, and distribution equipment that takes power from transmission and distributes it to homes and businesses. Each point in the grid is vulnerable:
- Electricity supply—Power generation facilities.
- Equipment performance and recovery systems.
- Communication between systems and equipment.
- Operation of generation, transmission, or distribution equipment.
- The ability to perform a black start.
- Transmission of power from transmission systems to distribution systems.
Today, all the systems interconnect. Points of access are also points of vulnerability. Hackers work continuously to find holes in security.
Power Plants have their own substations that increase voltage for long-distance transmission and local distribution. Modern substations are complex with highly automated systems to control electrical power. Image: Sergio Cerrato
Power Grid Security Flaws
There is no computer, network, or system that can’t be hacked. ~Anonymous.
It is a widespread misconception that security is the solution. While security helps, it’s only part of a broader plan. Security measures make it difficult, but not impossible, for hackers to breach a system.
How many people check email from home, or their car, or the coffee shop over a donut or scone and their favorite beverage? We’ve become so accustomed to the constant, uninterrupted connection to media, social networks, and work email that we can forget where we are and how our location or presence affects the security of our devices. Even a poorly configured home router is a vulnerable point of failure.
Cyber hygiene training and awareness help employees prevent breaches. Knowing how to differentiate between safe and malicious email is just a start. Some steps include: secure passwords, multi-factor authentication, and not using public networks. A few taps or clicks on social media can compromise a device or worse, leak the information necessary to gain access to a system.
Security updates on our own devices are something many take for granted. Updates on grid equipment may not happen at all. In fact, some known security holes or flaws on grid equipment have never been patched.
How shocking that some equipment vendors prohibit modifying the default settings of the equipment they provide—including resetting publicly known default passwords or closing deliberate backdoor* access—by threatening to void warranties?
Let that sink in. Grid operators can’t improve security by closing flaws that were deliberately put in place by the equipment manufacturer or vendor.
*A backdoor is a method of access that bypasses typical security.
State-sponsored cyber warriors and cyber terrorists have sophisticated methods to launch continuous attacks that seek to find a way in. Once they breach a system, they exploit that system’s trust to reach other systems. Image: Eden Moon
Will Cyber Terrorists Take Down the Power Grid?
In fact, it has already happened. The number of attacks on the grid increased to 163 in 2022. The efforts targeted 18 substations and power plants in Florida, Oregon, Washington, and the Carolinas.
In December 2022, an attack in North Carolina left 45,000 people in the dark for days. Two weeks later, another attack affected 14,000 people in Washington State.
Small successes could be experimental in nature. Does compromising this system work? If it does, how does that allow the hacker to exploit other systems?
According to a cyber security specialist working for a large utility, avenues of attack range from the disruption of the trading of power to direct attacks on the power plants. Power plants run on their own networks and old operational technology systems—very often older Microsoft Windows platforms, many of which have stopped receiving security updates.
Despite vulnerabilities, it isn’t easy for a hacker to shut down a portion of the grid. It takes commitment and planning and money—which usually comes from foreign governments.
Once a hacker breaches a system, they won’t necessarily shut anything down right away. More likely, they will remain hidden and use it to breach other systems or networks. Later, they can cause widespread damage at a time when it has the greatest impact.
Severe storms, natural disasters, hackers, Cyber Terrorists, and fringe groups can cause widespread damage that takes days or weeks to repair. FEMA recommends everyone have a backup power source. Image: Bogdan Radu
Prepare for Power Outages
Power outages and blackouts have been around since we had electrical power in our homes and businesses. In a time past, an outage was little more than an inconvenience. A time to make popcorn in the fireplace, light a few candles, and not worry too much about when the power would come back on.
Today, we rely on electrical power more than ever. As the country moves further away from fossil fuels and a greater reliance on electricity, it has become more important than ever to have a backup supply of electrical power.
In 2011, the Federal Emergency Management Agency (FEMA) issued a release recommending that families consider investing in a backup generator.
Since that 2011 release, we have found new ways to keep the power on during a blackout or outage.
- Solar power and battery storage systems can keep a modern home safe and comfortable or a business up and running with all the power they need. Generac’s PWRcell Battery storage system can charge from Solar, the Grid, or a PWRcell Standby Generator. It works on grid or off to provide power 24/7.
- Standby generators have become more efficient and more powerful, with air-cooled units from 7.5kW to 26kW, and liquid-cooled generators that power large homes and businesses.
- A portable generator goes wherever you need it. Smaller generators rated at a few thousand watts can run a few small appliances while using less fuel. Larger portables for Home Backup can supply an entire home and even run central air conditioners.
- Solar generators, or portable power stations, are battery storage devices that can charge from an outlet, a car, solar panels, or portable generator. They range in capacity from a few hundred watts to systems that can power a house for days or even weeks when connected to solar panels.
An article by Reuters cited the North American Electric Reliability Corp (NERC) to say that the number of susceptible points (points vulnerable to attack) in the electrical networks is increasing by 60 per day. In April 2024, the number of susceptible points ranged from 23,000 to 24000.
Whether the power outage is from natural causes, an accident, or a deliberate act of cyber terrorism, a backup source of power has never been more important.
Are you ready for the next power outage?