In the wake of news that Russian cyber attacks in 2017 compromised some American and European power plants, U.S. lawmakers have advanced a bill that essentially aims to dumb down the electric grid.
The Securing Energy Infrastructure Act, co-sponsored by Sens. Angus King, I-Maine, and Jim Risch, R-Idaho, is moving forward in the Senate after passing a Senate Committee on Energy and Natural Resources vote.
If passed by the full Senate, the bill would establish a two-year pilot program in which the Department of Energy’s National Laboratories would partner with power plants and other critical infrastructure to identify potential security vulnerabilities as well as research, develop, test and implement strategies “to isolate and defend industrial control systems…from security vulnerabilities and exploits.”
“There is a clear, demonstrable need to develop techniques and technologies to better secure our grid from cyber vulnerabilities,” Risch said following the committee vote. “As we reexamine our infrastructure security, this bipartisan approach would utilize the unique assets and expertise of our national laboratories to drive innovation. The Energy and Natural Resources Committee has taken an important step forward today and I trust the full Senate will follow suit soon.”
The isolation and defense methods tested in the program would include analog and non-digital control systems intended to hasten recovery after a cyberattack.
“It’s an interesting approach that people haven’t really thought of this much,” Chris Cummiskey, senior fellow at the George Washington University Center for Cyber and Homeland Security and former Homeland Security undersecretary and chief acquisition officer, told NextGov. “You normally think of technology advancement constantly pushing the envelope and innovating. But to use an analog approach to this to ensure speed to recovery is a different way of doing it, which I don’t think folks have really thought of that much.”
Cyberattacks against the electric grid
The bill was in part inspired by a 2015 cyberattack on Ukraine’s electric grid. As part of the attack, hackers gained access to Ukraine’s grid IT infrastructure using malware, took over the distribution management system and knocked several substations offline. The attack affected 230,000 people for a duration of three to six hours.
The senators sponsoring the bill say Ukraine was able to recover in such a short time period – hours rather than weeks – because they use manually operated analog systems as backups instead of digital systems.
Fears of similar attacks against the U.S. electric grid gained momentum this year when the Trump administration accused Russia of engineering a series of cyberattacks that targeted American and European nuclear power plants as well as water and electric systems.
In a report released March 15, the Department of Homeland Security confirmed Russians had successfully infiltrated critical control systems of some U.S. power plants the previous year.
Though the hackers did not manipulate the control systems, screenshots released by the Department of Homeland Security show they had the ability to sabotage or shut down power plants at will.
According to the report, the attacks were a signal from Moscow that it could tamper with critical infrastructure in the U.S. in the event of a conflict.
Feasibility of a dumbed-down grid
The U.S. electric grid is a complex digital and physical system consisting of more than 7,300 power plants, nearly 160,000 miles of high-voltage power lines, and millions of low-voltage power lines and distribution transformers, which connect 145 million customers, according to the Energy Information Administration. Scientific American calls it the “largest interconnected machine on Earth” while the National Academy of Engineering ranks it as the greatest engineering achievement of the 20th century.
As Time asserts, “there’s no going back to a dumb grid, not when the U.S. needs to improve energy efficiency and smooth the adoption of renewable power.” But what about using analog systems as backups, like 1960-era systems that saved Ukraine?
Not the worst idea, say some experts.
“You want to have smart infrastructure, but you want to have backup planning for a day when you need manual operating capacity,” Scott Aaronson, executive director of security and business continuity at the Edison Electric Institute, told Time, trumpeting manual backups as an “all-hazards approach” to grid security.
However, others decry the idea of “going retro,” even when limited to back-up systems, as “less cost-effective, efficient and manageable.”
“Legislation that eschews modern systems in favor of antiquated technologies is a step in the wrong direction because it amounts to significantly crippling the U.S. energy sector instead of addressing the threats,” said James Scott, co-founder and senior fellow at the Institute for Critical Infrastructure Technology. “Regressive efforts are akin to buying a horse and buggy instead of changing a tire.”