A Congressional survey of utility companies has revealed that the country’s electric grid faces constant assault from hackers, with one power company reporting a whopping 10,000 attempted cyberattacks per month.
US Reps. Edward Markey (D-MA) and Henry Waxman (D-CA) sent 15 questions to more than 150 utilities and received replies from 112 of them. Only 53 of those actually answered all the questions—the others provided incomplete responses or only “a few paragraphs containing non-specific information” without answering any of the questions.
Results from those who did answer show utilities are under continuous assault:
The electric grid is the target of numerous and daily cyberattacks.
- More than a dozen utilities reported “daily,” “constant,” or “frequent” attempted cyberattacks ranging from phishing to malware infection to unfriendly probes.
- One utility reported that it was the target of approximately 10,000 attempted cyberattacks each month.
- More than one public power provider reported being under a “constant state of ‘attack’ from malware and entities seeking to gain access to internal systems.”
- A Northeastern power provider said that it was “under constant cyber attack from cyber criminals including malware and the general threat from the Internet…”
- A Midwestern power provider said that it was “subject to ongoing malicious cyber and physical activity. For example, we see probes on our network to look for vulnerabilities in our systems and applications on a daily basis. Much of this activity is automated and dynamic in nature—able to adapt to what is discovered during its probing process.”
The good news is that none of these utilities reported damage to any of their computer systems. “However, there did not appear to be a uniform process for reporting attempted cyberattacks to the authorities; most respondents indicated that they follow standard requirements for reporting attacks to state and federal authorities, did not describe the circumstances under which these requirements would be triggered, but largely indicated that the incidents they experienced did not rise to reportable levels,” Markey and Waxman wrote.
The utilities are a mix of investor-owned entities, municipal power companies, rural electric cooperatives, and “federal entities that own major pieces of the bulk power system.”
Markey and Waxman revealed the results of their survey yesterday in a report titled “Electric Grid Vulnerability: Industry Responses Reveal Security Gaps.” The report examines threats from both cyberattacks and geomagnetic storms. Markey and Waxman noted that “numerous security experts have called on Congress to provide a federal entity with the necessary authority to ensure that the grid is protected from potential cyber-attacks and geomagnetic storms. Despite these calls for action, Congress has not provided any governmental entity with that necessary authority.”