Grid Security

Just a few months ago the nation’s attention was focused almost entirely on the presidential election. More than once during the fall, emails containing unflattering statements by key players in the nomination and election contests were stolen by hackers and made public, with the apparent motive of sowing confusion and undermining Americans’ confidence in the mechanics and institutions of our election processes.

The hacked emails, handed over to and distributed by WikiLeaks, were obtained by breaching the systems of the Democratic National Committee, though an analysis prepared by the U.S. intelligence community (FBI, CIA, and National Security Agency) and released in declassified form January 6, said, “Russia’s intelligence services conducted cyber operations against targets associated with the 2016 U.S. presidential election, including targets associated with both major U.S. political parties.” [emphasis added]

The declassified report included this somewhat chilling statement: “Russia, like its Soviet predecessor, has a history of conducting covert influence campaigns focused on U.S. presidential elections that have used intelligence officers and agents and press placements to disparage candidates perceived as hostile to the Kremlin.”

Slightly more reassuring was the report’s conclusion that while Russian entities “obtained and maintained access” to parts of multiple state and local agencies responsible for the conduct of elections, “DHS (the Department of Homeland Security) assesses that the types of systems Russian actors targeted or compromised were not involved in vote tallying.”

During the New Year’s weekend, the spotlight turned again to Russian hacking when The Washington Post, citing anonymous sources within DHS, reported that a Russian cyberattack had penetrated the U.S. electric grid by compromising a laptop computer owned by the Burlington, Vermont, municipal utility.

Fortunately, the story quickly fell apart when it was found that the laptop had not been connected to the grid and the “suspicious internet traffic” detected was indeed commonly used to deliver malware but showed little if any evidence of Russian involvement.

Which is not to suggest it needn’t be taken seriously.

The U.S. electric grid would be an extraordinarily high-value target for any adversary. In a society as
energy-dependent as ours, disabling the grid for more than a few days would mean economic and social costs comparable in many respects to those of an actual shooting war.

A comparatively mild demonstration of such cyber warfare took place in 2015 when three Ukrainian electric distribution utilities were shut down, apparently by Russian operatives, putting some 225,000 customers in the dark—fortunately for only about six hours. Subsequent analysis found that Ukrainian officials were able to restore power relatively quickly because their systems are less technology-dependent than those in the West and therefore more amenable to being restarted manually—not precisely a comforting thought.

But because this is well understood within the industry, U.S. power providers have many grid security measures and procedures in place to contain and defeat cyber mischief. And the Federal Energy Regulatory Commission and North American Electric Reliability Corporation have binding, enforceable rules to see that reliability standards are met. The Burlington incident didn’t turn into a bigger problem than bad email on one computer because, post-discovery, everyone followed prescribed security procedures.

A seven-page “annex” to January’s intelligence community report—half the length of the report proper—suggests what foreign rivals might lead us to believe can be as consequential as what they might accomplish by cyber-fiddling in physical systems.

For instance, the report highlights “RT (Russia Today) America TV,” a “Kremlin-financed” cable news channel operating within the United States. RT America barrages viewers with stories encouraging opposition to hydraulic fracturing—the technique that enables cleaner electric generation and helps contain energy costs by making natural gas abundant—likely because of “the Russian Government’s concern about the impact of fracking and U.S. natural gas production on the global energy market and the potential challenges to [the Russian state-owned]Gazprom’s profitability,” the report said.

As an association of electric cooperatives it’s our duty to work with our members and state and federal lawmakers to ensure the electric grid reliably serves energy consumers. Part of life in the 24-hour news cycle is remembering that proper preparation can prevent or reduce the harm attempted by hostile interests that, unfortunately, stalk this world every day.