The U.S. needs standards to guard against cyber attacks on power lines that run to homes and businesses, according to a Massachusetts Institute of Technology report.
Federal standards to secure the nation’s high-voltage electricity grid against sabotage from hackers, disgruntled employees and terrorists don’t cover almost 6 million miles (9.7 million kilometers) of lower-voltage power lines, according to the 268-page study released today.
“The Web is going to be a far more important player in the grid, and the concerns about cybersecurity are going to be heightened as we go forward,” John G. Kassakian, an MIT professor of electrical engineering and computer science and a co-chairman of the study, said today at a discussion in Washington about the findings.
The study focuses on challenges to the U.S. power network over the next two decades, including the addition of renewable sources of energy, such as wind and solar power, and electricity pricing. U.S. officials are studying whether reliability may be jeopardized by attacks on the network or by Environmental Protection Agency rules, which utilities say will force them to shut down some generating plants fueled by coal and oil.
“If regulatory policies and the technologies employed in the grid do not change, it is likely to be difficult to maintain acceptable reliability and electric rates,” the scientists from MIT in Cambridge, Massachusetts, said in today’s report.
The U.S. power grid includes about 170,000 miles of high-voltage lines that carry electricity over long distances and the lower-voltage or distribution lines that fan out through neighborhoods and deliver power to retail and commercial customers.
Cyber attacks may even shut down power to individual homes, Jerrold M. Grochow, a member of the study group and a former MIT vice president for information services and technology, said in an interview. Customers also need to feel secure that private information collected by utilities about individuals’ energy use isn’t leaked publicly, he said at the event.
“We need some kind of coordination in order to make sure that the privacy concerns are appropriately dealt with,” Grochow said.
A 2011 report from the Electric Power Research Institute said that about $3.7 billion in investment is needed to protect the grid from cyber attacks, according to the MIT study.
Attacks on the power network are “a greater threat to our reliability” than air-pollution rules, John Norris, a member of the Federal Energy Regulatory Commission, said at an agency conference Nov. 30. The EPA will ensure its regulations don’t endanger grid reliability, Gina McCarthy, the environmental agency’s assistant administrator, said at the conference.
The MIT study also calls for designation of a single federal agency to combat cyber attacks on the U.S. power network.
President Barack Obama’s administration has proposed that the Homeland Security Department lead cybersecurity efforts for the power network, while Congress has placed more emphasis on the Energy Department and FERC, according to the study.
“Ongoing jurisdictional confusion raises security concerns, underscoring the need for action,” according to the MIT study, led by Kassakian and Richard Schmalensee, a professor of economics and management.
The North American Electric Reliability Corp., an Atlanta-based organization that serves as the government’s power-grid watchdog, has measures in place to guard against cyber attacks and can fine utilities as much as $1 million a day for violating reliability standards. The National Institute of Standards and Technology is also taking steps to bolster cybersecurity.
The agency chosen to lead grid-cybersecurity efforts should work with state and federal authorities as well as industry experts, the MIT group said.
FERC should also have greater authority to let high-voltage power lines be built across state lines over local opposition, according to the study.
The MIT group is meeting with officials from FERC, the White House and Congress over the next few days to discuss its report, Kassakian said.