Power-Grid Cyber Attack Seen Leaving Millions in Dark for Months
By Brian Wingfield
A blackout that swept parts of North America in August 2003, leaving 50 million people in the dark for as long as four days, provides a glimpse of the havoc a cyber attack could inflict on the nation’s power grid.
Internet-based terrorists would be capable of causing blackouts “on the order of nine to 18 months” by disabling critical systems such as transformers, said Joe Weiss, managing director of Applied Control Solutions LLC, a Cupertino, California-based security consulting company.
“The dollars are incalculable,” Weiss said in a phone interview. The 2003 event, triggered when a power line touched tree branches in Ohio, caused losses of as much as $10 billion, according to a study by the U.S. and Canadian governments.
Energy companies including utilities would have to increase their investment in computer security more than seven-fold to reach an ideal level of protection, according to a survey done for Bloomberg Government by the Ponemon Institute LLC, a data- security research firm based in Traverse City, Michigan.
Electric utilities fail to recognize the risk because, unlike banks and telecommunications companies, they aren’t prime targets for Internet theft or espionage, said James Lewis, technology program director at the Center for Strategic & International Studies in Washington. Yet “if there was a cyber attack, the electrical grid would be target number one” for terrorists, he said.