An Idaho National Laboratory test cyberattack has sparked concern in Congress that the security of the nation's electrical grid is in jeopardy, reports eWeek.com.
According to an October 17 congressional letter to the Federal Energy Regulatory Commission:
In March 2007, the Idaho National Laboratory performed an experiment for the Department of Homeland Security (DHS) in which successfully destroyed a generator while conducting an experimental cyber attack. According to news reports, the attack involved a controlled hack of a replicated control system commonly found throughout the BPS [bulk-power system]. As members of the House Committee on Homeland Security, we are concerned that malicious actors could use the same attack vector against large generators and other critical rotating equipment that could cause widespread and long-term damage to the electric infrastructure of the United States.
The nation's electric infrastructure is dependent on controlled systems, said the letter, computer-based systems that "monitor and control sensitive processes and physical functions," which are increasingly connected to open networks, such as corporate intranets and the Internet, exposing the system to outside interference and subversion.
Also on October 17, a subcommittee of the House Homeland Security Committee looked into the nation's vulnerability to cyberattacks on the nation's electric infrastructure.
According to Representative James R. Langevin (D-RI), chairman of the Emerging Threats, Cybersecurity, and Science and Technology subcommittee and whose signature appears on the letter, the fear is a successful cyberattack against a large generator could have a "devastating impact on the economy, public health, and national security of the U.S."
The nation's electric infrastructure is worth $1 trillion in asset value, said Langevin, and includes over 200,000 miles of transmission lines that produce 800,000 megawatts of generating capacity that serves 300 million people, including vital services such as hospitals, water systems, and military installations, among others .
The North American Energy Reliability Corporation, whose mission it is to ensure the BPS is reliable, has responded with a plan to secure the nation's electrical grid, but members of the House Homeland Security Committee, including Langevin, said NERC's plan did not take into account the dire implications a successful cyberattack on the electrical grid could have on homeland security.
Langevin said "The standards won't cover a significant number of assets that are critical in providing power throughout the country." His assessment comes from this National Institute of Standards and Technology (NIST) report, which the Government Accountability Office concurred with.
To read all the prepared testimony from the hearing on October 17, click here.