Utility officials wary of cyberattacks but say lengthy widespread outage is ‘implausible’

Developing protections and responses to cyber threats is a priority for utilities, but industry and regulatory efforts make it unlikely that the kind of widespread power outage contemplated in a book by renowned journalist Ted Koppel could happen to the U.S. power grid, key officials said during a recent webinar.

In his book, Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath, Koppel examines the notion that the aging U.S. electric grid is susceptible to a cyberattack that could result in a widespread power outage that could last for months, wreaking havoc across the nation. Koppel reiterated the significance of the cyber threat on the U.S. power grid during a pre-recorded interview with Martin Rosenberg—editor of The Energy Times—that was played at the beginning of a webinar, which is available on demand.

“I can’t think of any more critical utility through the nation than the electric power grid,” Koppel said during the interview. “Everything else—whatever you want to consider, whether it’s communication, transportation or the banking system—is helpless without electricity.”

The power grid’s interconnectivity—a major strength of the electric system—also is a significant vulnerability, particularly as remote access to critical components becomes more commonplace and the threat of cyberattacks increase, according to Koppel. While the most powerful nation states such as the U.S., China and Russia have this capability, the fear of reciprocity likely prevents them from using their cyber capabilities to take down a power grid, just as they are reluctant to use nuclear force on each other.

What makes the notion of a power-grid cyber threat especially dangerous is that—although such an attack would be “incredibly complex” to execute—powerful nation states are not the only entities with the ability to launch an attack, according to Koppel.

“I refer to the Internet as—in addition to its many virtues—a weapon of mass destruction. This is unlike any weapons system that has ever existed before,” Koppel said.

“In the past, weapons of mass destruction have only been available to—and usable by—governments. Today, a group like ISIS doesn’t have an air force, doesn’t have a navy. It doesn’t have access to missiles. It is capable only of terrorism. But, as we’ve seen, even the sort of a retail terrorism of which they are engaging can be enough to absorb the attention of a nation like France or a nation like the United States.

“Imagine for a moment, with the capacity to inflict enormous damage on the United States from outside our borders by a single person—theoretically—using a laptop computer. And, with the understanding that it can be very difficult to track down in short order the source of a cyberattack, this is something we have never experienced before. We’re totally unfamiliar with it.”

But key players in the utility industry said they believe Koppel’s scenario of a large-scale power outage for an extended period of time is not realistic, in large part because of the efforts that industry and government officials have taken.

“At the end of the day, the grid is a very resilient piece of infrastructure—there is significant diversity in equipment and configurations, both within and across companies in the electric sector,” Caitlin Durkovich, assistant secretary for infrastructure protection at the U.S. Department of Homeland Security (DHS), said during the webinar. “At the end of the day, I think a nationwide blackout from a cyberattack is implausible.

“While there are vulnerabilities, there are significant layers of defense in place. And, at the end of the day, there is an operator sitting in a control room who can go flick a switch or make the fixes necessary to certainly divert the load. So, I think that Mr. Koppel’s assertion is highly implausible.”