Is it possible, as we rush to implement energy-saving Smart Grid technologies, that we are building a system so vulnerable that a cyber disruption would reduce us to pre-industrial days? This was the topic of a recent panel at the RSA computer security conference and seems, at first look, to be eye-rolling hyperbole. As no one has apparently yet died from any cyber attack, how can anyone take seriously the thought of an attack on the Smart Grid setting us back 200 years?
The Smart Grid is a catch-all term for technologies to “to bring utility electricity delivery systems into the 21st century, using computer-based remote control and automation.” However, by interconnecting the electrical grid, the Smart Grid (and other networked industrial control systems) may indeed be a Perfectly Bad System, one whose failure would be so cataclysmic, so devastating we would no longer be able to support an industrial economy , much less a modern information one.
Why? The electrical grid is interconnected and already overstretched. In addition, a failure in one part cascades to take out many, many others within the system. Since all other systems in the economy rely on the electrical system, failures here mean failures everywhere.
Worse, an interconnected Smart Grid connects industrial things. Things made not just of silicon but of concrete and steel. No one dies when people can’t access Facebook but when things of concrete and steel fail, then people die, factories stop, and economies stumble.
The Department of Homeland Security has conducted experiments demonstrating that cyber attacks can destroy generators from afar by tinkering with the control systems. The StuxNet worm used a similar style of attack to destroy, permanently, thousands of Iranian centrifuges. This is far different than our day-to-day experience of cyber security. When silicon fails, it is almost always relatively easy to fix — just reload your data or reboot. If generators or other components are destroyed, the system suffers a hard break. When components fail, the system doesn’t just stop working, steel snaps, there’s smoke, fire, maybe even an explosion. Fixing this kind of failure can take years. We would need to order new industrial components, which could take months to fill–especially if there were so many failures the manufacturers had a backlog of orders. Each component, some weighing many tons, each would need to be delivered and installed. And of course, each of these new components may have the same cyber vulnerabilities as the original equipment it is replacing.
Moreover, we have proof that adversaries have already infiltrated such systems and left backdoors so they can hold them at risk and topple them at a moment of their choosing.
We are also making the Smart Grid a political priority; we are going to rush it as an economic and environmental necessity. Just as with the Internet and so many other IT and scientific advances, the United States and other nations will go ahead and develop and deploy Smart Grid and other interconnected industrial control systems first, then worry about securing it afterwards. We’ll let these systems accept commands from any computer that is hooked up to it, sometime without even a password. The arguments are similar each time: we can’t afford to let the paranoids and securocrats get in the way of innovation.
The real fear is that we will take this rushed, insecure, industrial system, one proven to cascade and that we know adversaries have already targeted–a system central to our way of life — and connect it to the Internet. Connecting it to the Internet will save money and time and be a source of unending innovation. Companies can charge less (or make more profit) as they can maintain the system from anywhere. It will let customers perform wonderful feats using their smart pads and computers.
Innovation, though, will not all be all for the best. Some of those innovators will be the legions of angst-ridden teens wanting to impress their peers; hackers driven by curiosity and wanting a challenge; security companies wanting to prove their chops; and hactivists, anarchists, and terrorists of all stripes. The most innovatively bad will, as always in cyberspace, be the criminals, spies, and militaries.
This is not to argue the Smart Grid will be perfectly bad system, a failure in which will set us back to pre-industrial days. But it appears we already have reasons to believe that every single one of these conditions is true. This was put as succinctly as possible by Stewart Baker, former Assistant Secretary at DHS: for the Smart Grid, “security sucks.”
According to an analysis from the US Cyber Consequences unit, if electrical power were out for over a week in a wide enough area of the United States, then just over 70% of GDP would be frozen. We would have burned through our supply of candles and eaten the canned beans in the back of the larder and our generators would be all out of now-irreplaceable diesel.
In a perfect storm of many components being hard-broken and a widespread cascade, then perhaps, just perhaps, the failure would last not just a week but twenty, a hundred, or a thousand. At what point do we hit the tipping point when social order breaks down? How long does the power have to be out in New York or Los Angeles or Chicago before an eruption?
Perhaps all of this together is not enough, after all, to set us back 200 years. Perhaps we will merely introduce an age of periodic, mischief-induced power failures.
In this future our electric supply is no more or less reliable than the Internet, since we engineered both with the same disregard for security and made ourselves so reliant on them we can’t operate in their absence. Then we interconnected them.
The Smart Grid is still young and disaster is not inevitable. There is still plenty of time to avoid building a perfectly bad system, one practically designed to fail either regularly or spectacularly. The US government (especially the DHS, NIST, DoE and others) are working on standards and solutions but security all too often takes a back seat in the face of a politicized economic priority. There have been sufficient warnings and there are people working hard on the right solutions. Hopefully this will all be enough to do Smart Grid smartly, not necessarily quickly.
Jason Healey is the Director of the Cyber Statecraft Initiative at the Atlantic Council of the United States. You can follow his comments on cyber cooperation, conflict and competition on Twitter, @Jason_Healey.