Earlier this month, the news broke that the U.S. has been stepping up attacks on Russia’s electric grid to put pressure on President Vladimir Putin. As cyber warfare continues to develop and our adversaries improve their own capabilities, the likelihood of an organized attack on our energy infrastructure and electric grid increases. It is time to take grid security more seriously.
It is hard to stress enough how much our modern life relies on a reliable supply of electricity. Electricity powers life-saving equipment in hospitals, keeps perishable food from spoiling in stores and homes, and keeps the streets well lit. In other parts of the world, like Venezuela, grid failures have been accompanied by breakdowns in social order.
In the past, grid failures were most often the result of severe weather or gross mismanagement, but advances in cyber warfare make it more likely that an American city could lose power from a foreign attack.
Other countries have already suffered crippling cyber attacks. For example, a cyber attack on Ukraine’s electric grid, left up to 225,000 people in the dark for several hours in December 2015.
The U.S. has been fortunate to have evaded an attack so far, but we shouldn’t presume that will always be the case. Although news of a cyber attack at a Vermont facility raised alarm in 2017, the incident was minor—especially after authorities announced that the affected computer was not linked to the electric grid. That time, America got lucky.
We must be prepared to defend ourselves and our infrastructure against the growing threat of cyber attacks on our electric grid. This will require investments in infrastructure improvements and new policies focused on making the grid more resilient. The consequences of failing to do so are too great to risk. A sustained power outage in an urban area would cause serious and prolonged human suffering.
This situation shouldn’t be a source of panic, because we have the time and the tools to prevent it from happening. We just have to act now. At present, we have an opportunity to find ways to partner with industry to develop a measured response that harnesses the power of American innovation.
The cybersecurity threat is constantly evolving, meaning regulators will need to look to industry for help understanding both the threat and what is necessary to mitigate it. That improved understanding will help lead to better regulation and better grid modernization approaches.
For grid security, state policy will be critical. As much as we talk about “the grid,” American energy infrastructure is not a singular system. Different regions of the country are facing different threats and are equipped in different ways. State-level legislation is better able to respond to these local differences.
Given the many changes our electric grid is undergoing, we also need to make sure that our cybersecurity policies are flexible and capable of responding to industry needs. With the growth of alternative energy, homes and businesses are increasingly generating and storing energy on site at a larger and larger scale. This means that energy security is no longer just a concern for utilities and major corporations.
As our leaders work to develop an effective cybersecurity policy as part of infrastructure planning, they need to look at ways to support these distributed resources. With utilities across the country increasingly looking into ways of pairing renewable generation with battery storage, these systems need to be part of the security discussion as well.
The longer that we ignore grid security, the further America will fall behind. It is important that we do not leave ourselves vulnerable to attacks from Russia, China, or other hostile actors.
Keeping the lights on isn’t just a convenience—it’s a matter of national security. It’s time to treat it like one.