The US Department of Energy (DoE) has warned that the country's electricity grid faces "imminent danger" from cyberattacks that are consistently growing in frequency, magnitude and sophistication. In the second installment of the department's Quadrennial Energy Review, which focuses on the threats, vulnerabilities, protection and opportunities for the electricity system in the US, the department writes that the sector is "experiencing rapid changes that are testing traditional regulatory frameworks and creating new and more complex interdependencies."
"Almost every economic sector is reliant on a more interconnected, data-driven and electricity dependent system," the DoE said in a statement. "The increased digitization of the electricity sector brings multiple consumer and system benefits, and creates new and more severe vulnerabilities to cyberattacks."
The 494-report warns that the "current cybersecurity landscape is characterized by rapidly evolving threats and vulnerabilities, juxtaposed against the slower-moving deployment of defense measures."
"As a critical and essential national asset, it is a strategic imperative to protect and enhance the value of the electricity system through modernization and transformation. Reliable and affordable electricity provides essential energy services for consumers, business and national defense."
The DoE said widespread disruption of the country's critical electrical service due to a transmission failure caused by a cyberattack "could undermine US lifeline networks, critical defense infrastructure and much of the economy; it could also endanger the health and safety of millions of its citizens.
"Also, natural gas plays an increasingly important role as fuel for the Nation's electricity system; a gas pipeline outage or malfunction due to a cyberattack could affect not only pipeline and related infrastructures, but also the reliability of the Nation's electricity system."
The department also included 76 recommendations to policymakers in the report such as declaring the electricity system as a national security asset thereby making its protection a federal responsibility, confidentially collection information to inform the President about emergency actions and imminent threats and increasing federal support for state efforts to reduce electricity demand. The DoE also recommended offering support grants for smaller utilities to boost security against cyber, physical and climate threats.
A recent report by the Washington Post claimed that Russian hackers had infiltrated the US power system through an electric grid in Vermont. However, the story was later found to be false after a single laptop was found to be infected with malware that originated in Russia, but was not connected to the electrical grid. Burlington Electric isolated the laptop and alerted federal officials.
The DoE's assessment also comes amid heightened concerns over cybersecurity threats as top US intelligence officials concluded in a declassified intelligence report that Russian President Vladimir Putin personally "ordered an influence campaign in 2016" to interfere in the US presidential election, "denigrate" Democratic candidate Hillary Clinton and create "a clear preference for President-elect Trump" to win the vote.
In December 2015, Ukraine's power grid suffered a massive cyberattack that left over 200,000 residents in Western Ukraine temporarily without electricity, triggering serious concerns among experts about the possibility of future cyberthreats targeting critical national infrastructure. Last month, Ukrainian authorities said they were investigating another possible cyberattack, this time on Kiev's grid, that may have caused a power outage in the capital and surrounding areas.
"While cyber attacks on the US grid and affiliated systems have had limited consequences to date, attacks elsewhere in the world on energy systems should be seen as an indicator of what is possible," the report reads. "Threats can emerge from a range of highly capable actors with sufficient resources, including individuals, groups, or nation-states under the cloak of anonymity."