China and "probably one or two other" countries have the capacity to shut down the nation's power grid and other critical infrastructure through a cyber attack, the head of the National Security Agency told a Congressional panel Thursday. Admiral Michael Rogers, who also serves the dual role as head of U.S. Cyber Command, said the United States has detected malware from China and elsewhere on U.S. computers systems that affect the daily lives of every American.
"It enables you to shut down very segmented, very tailored parts of our infrastructure that forestall the ability to provide that service to us as citizens," Rogers said in testimony before the House Intelligence Committee. Rogers said such attacks are part of the "coming trends" he sees based on "reconnaissance" currently taking place that nation-states, or other actors may use to exploit vulnerabilities in U.S. cyber systems.
A recent report by Mandiant, a cyber-security firm, found that hackers working on behalf of the Chinese government were able to penetrate American public utility systems that service everything from power generation, to the movement of water and fuel across the country. "We see them attempting to steal information on how our systems are configured, the very schematics of most of our control systems, down to engineering level of detail so they can look at where are the vulnerabilities, how are they constructed, how could I get in and defeat them," Rogers said. "We're seeing multiple nation-states invest in those kinds of capabilities."
Admiral Rogers declined to identify who the other countries, beside China, because of the classified nature of their identities. Russia is generally regarded as also having an aggressive cyber program. In addition to nation-state actors, Admiral Rogers noted the increasing presence of "surrogate" criminal actors in cyberspace that serve to obscure the hidden hand of criminal activity done on behalf of formal nation-states.
The testimony also comes in the wake of a report from the Pew Internet and American Life Project that cited a prediction by technology experts that a catastrophic cyber-attack that causes significant losses in life and financial damage would occur by 2025. Admiral Rogers told the committee he did not disagree with the assessment.
In addition to the threats from specific nation-states, Admiral Rogers said there are already groups within the U.S. cyber architecture who seek to cause major damage to corporate and other critical sectors of the American economy.
"It is only a matter of the when, not the if, that we are going to see something traumatic." he said.
Jamie Crawford, National Security Producer
A few significant facts about the U.S. power grid:
Electricity cannot be stored, or at least not much of it or for very long. It has to be used the moment it’s produced and transmitting it to where it’s needed is a delicate and precise balancing act. Getting the power to where it’s needed most may not even be possible depending on the number of transmission lines available. If one station produces too little energy during a hot summer day when all of the air conditioners are running, extra power has to be routed from somewhere else…immediately. If too much power is produced at one station that no area needs, the station must shut down. Yes, it’s probably true that there’s always a need, somewhere, but it’s again dependent on transmission lines to that point of need.
Even more troubling, from a security standpoint, are the large transformers which manage the system. When electricity is generated its voltage is “stepped up”, or transformed, into the tens and even hundreds of thousands of volts for transmission over long distances. It’s vastly more efficient to transmit electricity that way as less heat is generated and less electricity is lost. At the “user” end of that transmission another set of large, expensive transformers “step down” the voltage to levels that can be used in factories, malls, houses, etc. The problem is that those transformers are not manufactured in the U.S. and the lead time can be 2-4 years, if we’re lucky.
Yes, you read that correctly. The country that invented the means of mass producing and transmitting electrical power no longer has the capability of making some of the most critical components required to sustain and grow the system. The designs and manufacturing know-how have been “sub-contracted” (or sold outright) to offshore companies years ago and the manufacturing expertise, manufacturing facilities and machine tools no longer exist in the U.S. Some of those off-shore companies are controlled by the governments of the country where they exist. There’s enough blame to go around but the general economic environment of the last 25 years along with the near-term profit goals of corporate America and the short-sighted, attention-deficit nature of our federal elected officials have put us in the position of this accident-waiting-to-happen. The northeast section of our “grid” has already crashed once in the recent past and whether by happenstance or by overt plan, the next event is a matter of WHEN, not IF.
Ten years ago this month (8/14/2003) the Northeast blackout of 2003 occurred throughout parts of the Northeastern and Midwestern U.S. as well as parts of Ontario, Canada. It was the most widespread blackout in U.S. history and lasted for 2 to 5 five days in different parts of the region.
The blackout’s primary cause was a “software bug” (origin unknown) in a control room in Ohio. After transmission lines became overloaded, heated up and burst, the local blackout cascaded into widespread distress on northeast electric grid. The blackout affected an estimated 45 million people in 8 U.S. states and an estimated 10 million people in Ontario.
It only took about 30 minutes to roll through the northeast. From 4:10pm EDT through about 4:40pm EDT outages were reported in Cleveland, Akron, Toledo, New York City, Westchester, Orange and Rockland counties, Baltimore, Buffalo, Rochester, Syracuse, Binghamton, Albany, Detroit, and parts of New Jersey, including Newark. This was followed by other areas initially unaffected, including all of New York City, portions of southern New York State, New Jersey, Vermont, Connecticut and most of the province of Ontario, Canada.
Diesel and gas back-up generators worked initially but eventually failed when supplies of fuel were depleted and electric gas pumps no longer operated. Water systems lost pressure, cellular service failed as a result of loss of power to towers or call overload, subways closed and all Amtrak and airline flights were shut down.
The cost was in the billions and untold deaths were caused, but all in all this was a relatively “mild” event and power was restored in most of the affected areas in 2 to 5 days. Should a larger, more serious outage occur the destruction of property and the loss of lives would be far worse than the Civil war and nothing would ever be the same in the U.S. Only a very small number of large transformers were damaged, most were shut down quickly by regional control stations. However, if 10-12 of these large transformers were to be destroyed it would put us practically back in the Stone Age. Rumors exist to this day that the “software” bug that caused the 2003 blackout was a virus introduced into our grid by a foreign power and that the blackout was a “test”. Was it a computer “virus” and does it still exist? Or does there now exist a more elusive virus? I HOPE NOT!!
The U.S. electrical grid is better managed and more flexible a decade after the largest blackout but remains vulnerable to increasingly extreme weather, cyber security threats and stress caused by shifts in where and how power is produced. According to William Booth, a senior electricity advisor with the U.S. Energy Information Administration, “This job of reliability (assurance) is kind of impossible, in the sense that there are just so many things that could happen that it’s hard to be sure that you’re covering all the bases”.
I believe that having a dependable, safe and affordable “off grid” alternative energy source is a wise and prudent thing to do.
Senator Byron L. Dorgan, William Booth, David Hagberg, Associated Press, Wikipedia, Joe Welch (ITC Holdings Corp)