GAO warns on cyber risks to power grid
The country's electrical systems are increasingly susceptible to cyberattacks, according to government auditors, and there is uncertainty about the extent to which a localized attack might cascade through power distribution systems.
Optional caption goes here. Optional caption goes here. Optional caption goes here. Optional caption goes here.
The country's electrical systems are increasingly susceptible to cyberattacks, according to government auditors, and there is uncertainty about the extent to which a localized attack might cascade through power distribution systems.
A new report from the Government Accountability Office examines the vulnerabilities of electricity grid distribution systems, how some states and industry actions have hardened those systems and the extent to which the Department of Energy has addressed risks by implementing the national cybersecurity strategy.
Government and industry officials told GAO that a cyberattack on a grid distribution system would likely have localized effects, but a coordinated attack could have widespread consequences. However, the officials conceded that assumption is based on their professional experience, GAO noted, and none of them were aware of an assessment that confirmed their claims.
"Moreover, three federal and national laboratory officials told us that even if a cyberattack on the grid's distribution systems was localized, such an attack could still have significant national consequences, depending on the specific distribution systems that were targeted and the severity of the attack's effects," according to the report.
In 2019, GAO assessed the Department of Energy's efforts to implement the energy portion of the national cybersecurity strategy and found it lacking. The new report states DOE officials intend to update their plans as a result of GAO's findings, but they will not change the extent to which they focus on distribution systems. The officials said an attack on the bulk power system -- larger interconnected electrical systems made up of generation and transmission facilities -- poses a greater threat.
"Officials said a cyberattack on the bulk power system would likely affect large groups of people very quickly, and the impact of a cyberattack on distribution systems would likely be less significant," according to the report.
Patricia Hoffman, a senior official at DOE's primary cybersecurity office, concurred with GAO's recommendation that the energy secretary should work with the Department of Homeland Security and industry to address risks to distribution systems. Hoffman cited two congressionally directed efforts DOE is engaged in to do as much.