Cyberattack could knock out huge swath of US electric grid, lawmakers say

Government officials think the US is unprepared for an attack that could affect power for weeks

The U.S. government is not prepared for a cyberattack on the electrical grid that takes out power over a large area for weeks, or even months.

A widespread, long-lasting power outage caused by a cyberattack may be unlikely, but the U.S. government needs to better plan for the possibility, Representative Lou Barletta, a Pennsylvania Republican, said Thursday.

With some experts worried that a coordinated cyberattack could lead to widespread power outages lasting for several months, the federal government should offer more help to state and local governments planning to deal with the aftermath, Barletta said during a hearing before a subcommittee of the House of Representatives Transformation and Infrastructure Committee.

Barletta and other subcommittee members pointed to a coordinated attack on Ukraine's power grid last December that left more than 200,000 people without electricity for a few hours. A cyberattack, combined with a physical attack or with extreme weather conditions, could have devastating results, lawmakers said.

"Imagine what we would do without electricity for a day, a week, a month, a year," Baretta said. "If the goal of the bad guys is to collapse the United States' economic system, they are going to try to cut off the power."

The U.S. has few high-power electrical transformers held in reserve, because of the multimillion-dollar price tag, and the delivery of new ones can take more than six months, added Representative Peter DeFazio, an Oregon Democrat.

"There's a question of whether the federal government should be stockpiling these transformers," he said. "Now, they're basically custom orders."

Federal agencies are planning for a possible widespread power outage. The Department of Energy has outage training exercises planned in the Pacific Northwest in coming weeks, and the agency is researching ways to speed up the manufacturing of high-power transformers, said Patricia Hoffman, assistant secretary in the DOE's Office of Electricity Delivery and Energy Reliability.

The Federal Emergency Management Agency is also planning for widespread electric outages, whether they're caused by cyberattacks, natural disasters, or other scenarios, added W. Craig Fugate, FEMA's administrator.

Rescuing people trapped in elevators and other security issues needs to be a top priority in an outage, he said, but long-term outages lead to "cascading effects."

"Planning needs to be measured in weeks," Fugate added. 

The good news is the U.S. electric grid is built to route around local points of failure, added Caitlin Durkovich, assistant secretary for infrastructure protection at the Department of Homeland Security.

"The grid, by its very design, is resilient," she said. "The electric grid has been engineered with one principle in mind -- reliability."

Join the CSO newsletter!

Error: Please check your email address.

More about Federal Emergency Management AgencyFEMAHouse of Representatives

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place