Getting Ahead of Ourselves with Smart Energy

By John Bumgarner

No one can say we weren’t warned about energy insecurities. In 1998, President Clinton signed a Presidential Directive that established a national program for critical infrastructure protection.  This directive stated that the energy sector of the United States was potentially vulnerable to cyber attack and that the United States would take all necessary measures to swiftly eliminate any significant cybervulnerabilities within this sector. Five years later President Bush’s administration published the “National Strategy to Secure Cyberspace.” This document again called for the government to secure computerized systems within the electric grid from possible cyber attack.  In May 2009, President Obama stated in a speech on securing our nation’s cyber infrastructure: "It's now clear this cyber threat is one of the most serious economic and national security challenges we face as a nation," Obama said, adding, "We're not as prepared as we should be, as a government or as a country." His remarks also make clear that the United States is highly dependent on computerized systems to provide energy, but he said, “Cyber intruders have probed our electrical grid and that in other countries cyber attacks have plunged entire cities into darkness.”

It has been over a decade since President Clinton stated that cyber threats against our energy infrastructure were a national security threat.   In the preceding period the cyber threats against our energy infrastructure have only increased. The reason for these increases is because of technological advances within the energy sector that has exposed the industry to unforeseen cyber vulnerabilities. The alarming thing is that more unforeseen vulnerabilities are being unintentionally engineered into the energy sector as newer technology is being introduced in an effort to improve efficiency and increase resiliency within the industry.  
A Host of Insecurities
The frequency of warning about these underlying vulnerabilities has been increasing.   In January 2008, a senior analyst working for the Central Intelligence Agency stated publicly that cyber attacks had already been used to disrupt electrical power in multiple cities outside the United States. In March 2009, CNN reported that the high-tech electricity infrastructure known as the “smart grid” could be vulnerable to a devastating attack by computer hackers. The following month the Wall Street Journal reported that Chinese and Russian spies had penetrated computers that control the North American electric grid. Four months later, security experts speaking at Black Hat USA offered insights on hacking smart grid technology (.pdf). Their discussion included a graphical demonstration of how a computer worm could infect thousands of smart meters in a major metropolitan area. 

These alarming reports nonetheless fail to describe the extent to which a complex system such as the national electric grid could be vulnerable to cyber attacks, a growing concern among experts in national security.

(To read the rest of "Energy Insecurities: The Downside of Being Too Smart," by John Bumgarner, chief technology officer for the U.S. Cyber Consequences Unit (US-CCU), click here.)

Photo of United States at night by woodleywonderworks/Flickr


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.