Driving such concerns are reports that malicious attacks are rising on specialized computer-control systems that open and shut valves on natural-gas pipelines, throw circuit breakers on power lines, and make telecommunications and defense networks, nuclear-power plants and hydro dams do their jobs.
If hackers half a world away break into and commandeer these "supervisory control and data acquisition," or SCADA, systems, then the US grid, pipelines, and other key infrastructure connected to the Internet are vulnerable to interruption or damage, experts say.
Danger to SCADA systems for the electric grid, for instance, was highlighted in a 2002 National Research Council report. At a key meeting in July 2003, officials from the US Department of Energy, DHS, the national laboratories, and other agencies convened to develop a national cybersecurity plan.
Despite that and other efforts since 9/11 to protect control systems from cyberattack, "the federal government lacks an overall strategy for coordinating public and private sector efforts," the Government Accountability Office (GAO) reported to Congress earlier this month.
Some experts describe a patchwork defense that has many gaps – and they note that malicious attacks, directed in particular at the electric grid, are growing.
Internet attacks on the 100 electric utility clients protected by SecureWorks, an Atlanta-based cybersecurity firm, leaped 90 percent this year – from 43 attacks per utility per day at the beginning of the year to 93 since May, company officials reported this month. That's about double the rate for other industries SecureWorks protects.
The US has been "in a race against time" since early 2005, when the attention of "black hat" hackers shifted to focus more on probing and exploiting SCADA control-system weaknesses of electric utilities, says Mr. Borg. Yet lights have mostly stayed on – a testament to the notion that industry and government still appear to be ahead in the race.