INL cyber security scientists explore what could happen in a national blackout

National Geographic examines the threat Idaho cybersecurity scientists are working to prevent.

rbarker@idahostatesman.comOctober 27, 2013 

Imagine 10 days without power. Not just in Idaho, but across the country.

No smartphones, no ATMs, no streetlights, no gasoline pumps. No open food stores, no computers, no television.

That’s the story National Geographic Channel’s “American Blackout” tells Sunday at 7 p.m. The two-hour docudrama will look at what would happen in the event of a cyberattack like the one first brought to light by an experiment at the Idaho National Laboratory.

In March 2007, researchers at the laboratory triggered a simulated cyberattack, called Aurora, and watched as an electric generator self-destructed. This experiment led to changes in software and hardware to reduce the threat to the nation’s utility grid.

The laboratory experiment became reality in 2010, when a program called Stuxnet infected an Iranian nuclear fuel processing plant, destroying hundreds of centrifuges that were concentrating uranium. News reports at the time revealed the role the INL plays in the nation’s critical cybersecurity defense.

Is the scenario presented in “American Blackout” within the realm of possibility?

“I have only seen a short program clip and some introductory materials, so I cannot comment to the validity of the program or any conclusions,” Brent Stacey, INL associate laboratory director of national and homeland security told the Statesman in an email.

Idaho Power Co. officials say the electric power industry works with the government on preparation, prevention and detection, information-sharing and response and recovery of the grid and its systems.

“Cybersecurity is a top priority for the electric power industry,” said Stephanie McCurdy, an Idaho Power spokeswoman, also via email. “The industry never stops working to make the grid stronger, more reliable, and more resilient in the face of any threat.”

The U.S. electrical grid connects customers to 5,800 major power plants with more than 450,000 miles of high-voltage transmission lines. Seventy percent of key power grid components are more than 25 years old, and the average power plant tops 30 years of age.

More than a dozen utilities reported “daily,” “constant” or “frequent” attempted cyberattacks, with one reporting approximately 10,000 attempts per month, a 2013 congressional report showed. Since 2003, 679 widespread power outages occurred due to severe weather, costing the U.S. an annual average between $18 billion and $33 billion.

“The next Pearl Harbor we confront could very well be a cyberattack that cripples our power systems, our grid, our security systems, our financial systems,” Leon Panetta, the former U.S. Secretary of Defense, said at his confirmation hearing in 2011.

Idaho Power meets national reliability standards that include cybersecurity, McCurdy said. It also has its own cybersecurity program to protect its grid and power plants.

It also does exercises that simulate a cyberattack.

“Given the dynamic threat landscape and changing cybersecurity risks, we continue to evaluate and adjust the specific mechanisms used to detect and prevent cybersecurity threats from creating an impact,” she said.

Of course, the company keeps details about those cybersecurity efforts confidential.

Researchers use INL’s electric power test grid and Wireless National User Facility to explore cyber and physical security issues.

“These include efforts to defend the nation’s critical infrastructure from cyberattacks, increase robustness of wireless communications for emergency responders, develop innovative ways to make the grid more resilient, and quantify the risks from potential event scenarios,” Stacey said.

In addition to cybersecurity, the lab also looks at the effects of solar flares and integrating renewable power on the nation’s power grid, Stacey said.

A lot of this work is classified, so the lab doesn’t go out of its way to talk about these programs. But homeland security research is one of the growth areas for the Idaho Falls-based research facility. INL officials are always looking for cybersecurity experts to hire, even as other programs face cuts.

Rocky Barker: 377-6484

Idaho Statesman is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere in the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

Commenting FAQs | Terms of Service