Infrastructure used to deliver electricity to U.S. homes, hospitals and businesses is in ”imminent danger” of cyberattacks, the Energy Department warns in a massive new report.
While advancements in energy grid technology have allowed for a more dynamic, reliable and efficient system to provide energy, it has also simultaneously resulted in greater integration of existing networks, the Energy Department noted in broad terms. Because of this integration, security needs to improve, the agency said in its Quadrennial Energy Review. Most of the energy grid is owned and operated by private companies.
“As transmission and distribution system design and operations become more data intensive, complex and interconnected, the demand for visibility across the continuum of electricity delivery has expanded,” reads the 494-page report, released Friday. “The current cybersecurity landscape is characterized by rapidly evolving threats and vulnerabilities, juxtaposed against the slower-moving deployment of defense measures.”
A power outage caused by a successful future cyberattack could undermine “critical defense infrastructure,” damage the economy and place at risk the safety of U.S. citizens, according to the Energy Department.
Weather-related power outages already cost the U.S. economy roughly $20 billion to $50 billion annually.
The report comes amid increased concerns over cyberattacks aimed at both U.S. critical infrastructure and political organizations.
On Friday, U.S. intelligence agencies also published an unrelated unclassified report that linked Russian intelligence forces to a sophisticated “influence campaign” aimed at the 2016 U.S. presidential election. Top Russian officials directly ordered the operation, according to a report from the Office of the Director of National Intelligence, leading to a data breach at the Democratic National Committee.
Last month, a power substation in northern Ukraine experienced a unique hardware failure that was likely the result of a coordinated cyberattack. The substation was cut off from the region’s main power grid for about 75 minutes just after midnight local time, causing a blackout impacting more than 100,000 Ukrainians. The incident occurred roughly one year after a similar event occurred in which three separate Ukrainian power companies were hacked.
The Energy Department states that the federal government has a role to play in energy grid cybersecurity through the advancement of “interoperability standards.”
“Typical cybersecurity events impacting the grid have been mainly limited to gaining access to networks through phishing emails or infecting flash drives with the hope that they will be connected to a network. Russian hacking of utility systems as seen in the Ukraine incident, however, underscores that such events should not be viewed simply as information theft,” the report says.
The Quadrennial Energy Review represents the second report published during the course of an administration-wide review of the nation’s energy policies. The first report was released in 2015 and it similarly focused on energy infrastructure improvements and resilience recommendations.