'Smart grid' features and Internet-based connections to the US power grid are proliferating, increasing pathways for would-be cyber attackers, says a study from MIT. What to do?
America's electricity grid is a big, juicy target for cyberattacks – and it's getting more vulnerable as interactive "smart grid" features and other Internet-based connections are grafted onto an old, insecure system, a major new study reports.
Despite development of new cybersecurity standards, the electric utility industry is creating more new vulnerabilities than it is patching and, thus, losing ground to attackers, the Massachusetts Institute of Technology "Future of the Electric Grid" study found.
"Millions of new communicating electronic devices ... will introduce attack vectors – paths that attackers can use to gain access to computer systems or other communicating equipment," the report states. "That increase[s] the risk of intentional and accidental communications disruptions," including "loss of control over grid devices, loss of communications between grid entities or control centers, or blackouts."
Every new "smart meter," as well as new sensors and major equipment at generating plants, will soon be connected to communications modules – resulting in millions of components from hundreds of manufacturers and software from many developers. The presence of "so many interfaced components increases system complexity as well as the number of potential cyber vulnerabilities," the study found.
Shoring up cybersecurity for the power grid would cost about $3.7 billion, a relatively small amount compared with the $476 billion that a "smart grid" upgrade could cost, according to a report earlier this year by the Electric Power Research Institute.