November 6, 2019 - “A group of well-resourced hackers have been combing through the networks of the gas pipeline operator for almost a year, harvesting crucial information. Now the hackers know the network better than the pipeline company does: every piece of equipment, the company’s entire workforce, usernames and passwords. They have the privileges needed to access both the firm’s desktop computers and the machinery of the pipeline itself. Now they are ready to strike.” So begins the opening of a new oral history of a hypothetical cyberattack written by MIT Technology Review.
This oral history, while chronicling an event that hasn’t happened, makes for gripping if disturbing reading. It’s a timely reminder of the new and growing threat to our grid and energy supply. It’s also an important reminder that a balanced and resilient supply of energy – a system with built-in redundancies – has never been more important.
And yet, for all the new focus on cybersecurity, or rather cyber-insecurity, our balanced mix of resources is disappearing. The nation’s reliance on just-in-time fuel sources has never been greater. Fuel-secure coal plants, with weeks of fuel on site, that have proven invaluable to shoring up the grid during periods of peak electricity demand, continue to be pushed off the grid.
To date, concern about grid reliability has largely focused on meeting peak power demand during bitter cold or blistering heat when pipeline capacity is constrained, or when the wind stops blowing precisely when consumers need power most. As these conditions have arisen – which they regularly do in places as diverse as Texas, Michigan or New England – the grid has just squeaked by under nearly optimal conditions. Equipment has held up when one additional plant outage or pipeline problem could have meant disaster. But what if bad actors use these conditions to their advantage?
The margin for error is already razor thin. The mounting cyber threat is making a dangerous situation untenable. But instead of taking action to increase the optionality and fuel security of our supply of power, these essential attributes – seemingly more valuable than ever – are disappearing.
And make no mistake, there is nothing hypothetical about the cyber threat. It’s already here. In March, a Utah renewable energy company was hit by a cyberattack that knocked out contact with a dozen wind and solar farms. More than 500 MW of electricity-generating capacity, enough to power several hundred thousand homes, was knocked offline. While there was no blackout from the attack, experts say it underscores the growing danger to the utility industry.
Cybersecurity attacks have already caused blackouts that have impacted consumers. In 2015, hackers knocked out electricity to several hundred thousand people in Ukraine.
How concerned are utilities about this threat? According to a recent study that included a poll of more than 1,700 global utility professionals responsible for securing or overseeing cyber risk, 54 percent expect an attack on critical infrastructure in the next 12 months.
While there is no silver bullet to addressing this threat, experts believe that fuel diversity and fuel security are part of ensuring resiliency. As Secretary of Energy Rick Perry said earlier this year, “I’m a big believer that you don’t put all your eggs into one basket. As a matter of fact, you try to have an ‘all-the-above’ energy strategy…. A diversity of fuels, a diversity of routes, a diversity of supplies, all of that makes a lot of sense to me.”
A crippling cyber attack on the nation’s energy infrastructure is a matter of when, not if. Any serious attempt to strengthen the resilience of the grid would ensure that fuel diversity is made a priority, that fuel-secure sources of power are properly valued in the marketplace. So far, just the opposite is happening. The reliability crisis is here and it’s increasingly becoming a crisis of our own making.