In a recent report on National Public Radio (NPR), the reporter reminisced about the big power outage in the Northeast ten years ago this week. While that outage was brought about by a weak line in Ohio, experts wonder if we don’t have a more imminent threat posed by cyber criminals hacking into the power grid and triggering outages.
In reality, there are three different power grids in the US, shown in map form on geni.org. The Western Interconnection, the Eastern Interconnection, and the Texas Interconnection can supply power to each other, but they also have fail-safe mechanisms as well. Despite the separation, each of them is still very much vulnerable to a breach of their computer systems. This was first highlighted during the Year 2000 or “Y2K” issue where there was concern that incorrect date entries could cause local or widespread outages. The problem at that time was mitigated but did bring to light other vulnerabilities.
Computer Use In Power Generation
When coal-fired plants, hydroelectric facilities, and nuclear facilities were first built, the use of computers was minimal because frankly, they were simple and added little to no value. A large number of operators were needed to monitor switches and relays to keep the facility running. Later, Supervisory Control and Data Acquisition (SCADA) allowed facilities to monitor, collect, and process data from one central location instead of having multiple operators monitoring each switch and each piece of equipment.
With the spread of the Internet, a power plant could now take the SCADA concept one step further and monitor everything REMOTELY. Since everything is now connected to everything else, why not consolidate all of the data collected by the SCADA systems and process it at one time and in one place? Big data meets big power. But, there’s the risk. To do this, you need to have many computers and many controllers all connected to some form of the Internet, be it public or private. Hackers or cyber criminals also have access to that same Internet and, potentially, to your computers and controllers. Whether they access your systems for notoriety or for political purposes, the threat of bringing down parts of the power grid is very real.
As noted in the NPR report, there is legislation in the works to order public utilities to mount a counteroffensive, but the utilities object to these measures. Power companies are already working to thwart any potential threat that may arise, but it is really going to take a partnership between power distribution engineers and computer experts. They each know their specialty, and together they can develop measures to prevent attacks or, at least, monitor and deal with threats.
Do you think the threat of cyber attacks on the electrical grid is real? Should power companies take their equipment off of the Internet to prevent attacks? Can we find a middle ground between attack readiness and returning to the time of manual operators? Let me know your thoughts.
Kelly Brown is an IT professional, adjunct faculty for the University of Oregon, and academic director of the UO Applied Information Management Master’s Degree Program. He writes about IT topics that keep him up at night.