Cybersecurity and the North American Electric Grid: New Policy Approaches to Address an Evolving Threat

Cyber threats to North America’s electric grid are growing, making electric grid cybersecurity an increasingly important national and international issue. The Federal Bureau of Investigation recently noted that cyber attacks are eclipsing terrorism as the primary threat facing the United States. As cyber attacks become more frequent, energy systems are increasingly being targeted. The Industrial Control Systems Cyber Emergency Response Team, which is part of the U.S. Department of Homeland Security, reported responding to 198 cyber incidents in fiscal year 2012 across all critical infrastructure sectors. Forty-one percent of these incidents involved the energy sector, particularly electricity. Fortunately, the electric power sector has yet to experience a cyber attack that affected the operations of the North American grid. But experts generally agree that the risk of a large-scale attack is significant and must be addressed. The costs and impacts of such an event could be profound. The 2003 Northeast blackout showed that any extended grid failure could have a large price tag. That multi-day blackout, which was attributed to a tree branch in Ohio, not a cyber attack, affected an estimated 50 million people in the United States and Canada and was estimated to cost about $6 billion. A large-scale cyber attack or combined cyber and physical attack could potentially lead to even larger costs, triggering sustained power outages over large portions of the electric grid and prolonged disruptions in communications, food and water supplies, and health care delivery. Unlike traditional threats to electric grid reliability, such as extreme weather events, a cyber attack is less predictable in its timing and potentially more difficult to diagnose and address. A cyber attack could also be combined with a more traditional physical attack to distract authorities and inflict further damage. A cyber attack could come from many sources and target many potential vulnerabilities. The North American electric grid is sprawling and complex, with approximately 476,000 miles of high-voltage transmission lines, and thousands of power plants, distribution lines, and substations.