Securing the US Electrical Grid

An anonymous reader writes The Center for the Study of the Presidency & Congress (CSPC) launched a project to bring together representatives from the Executive Branch, Congress, and the private sector to discuss how to better secure the U.S. electric grid from the threats of cyberattack, physical attack, electromagnetic pulse, and inclement weather. In this interview with Help Net Security, Dan Mahaffee, the Director of Policy at CSPC, discusses critical security challenges.

Cyber is easy, EMP is possible

[gurps_npc]

Cyber is easy - simply no direct connect to the internet. Anything less is effectively nothing. Anything more is not needed.

If you have data that you absolutely positively must have accessible via the internet, set up a dial and point an internet connected camera at the dial.

EMP pulse is not hard - we know the basics of shielding.

Sabotage and weather are however not easily defensible. No matter what we do, we can't provide complete protection, but we can do pretty well.

Re:Great way to waste your money

[bobbied]

I figured I'd pipe in and call your idea stupid, but I thought better of it. Let me show you why we have a grid..

Transport of power - The power grid is designed to transport power from where it is generated to where it is used. This means we can use hydroelectric power without having to build our houses and businesses near the dam. It also allows us to transfer power from regions where there is generation capacity to regions where power is needed.

Efficiency - Efficient power generation is easier to achieve on an industrial scale, and the ability to put the plant near a fuel source saves transportation costs. It also lets us use the more efficient generation plants from other regions when power is available.

Redundancy - The power grid provides redundant paths for power to flow from where it is generated and where it is used and it also provide the ability to have multiple generation plants providing power so the failure of one plant can be made up by the rest.

The problem you are going to have with "remove the grid" idea is reflected in all of the above. If you need reliable electrical power, you have to keep the grid. If you want efficiency, you need to keep the grid. If you ever need more power than can be generated locally, you need the grid.

I'll conclude with this.. If you want to keep using all the things that make modern life possible, you need reliable, efficient and abundant electrical power and that means you need the grid. Unless of course you don't mind giving up modern life, which I consider a stupid idea...

Assume it isn't secure

[EmperorOfCanada]

The worst thing they can do is to secure it and then depend upon the security working. Thus the system should be designed so that if it is hacked every other Monday that it can survive. There have been a number of recent (last 20 years) events that have shown that single points of failure can have devastating effects. So make sure that if terrible things happen that a lesser grid can be maintained manually.

A great example of this would be a local grocery store chain's SAP system failed shortly before Christmas(some years ago). They were so dependant upon it that their ability to order stuff and manage inventory was pretty much non existent. So the store ended up looking like some kind of soviet grocery store where the only goods on the shelves were pretty much those that are managed by the distributors themselves; things like milk.

This grocery store hopefully has learned from this and now has some kind of manual backup plan where a store manager can actually phone in his orders and crudely manage the store's needs in the case of another serious computer outage.

The same with the grid. Ideally they set some sort of minimal functionality emergency plan whereby humans can crudely manage the system as opposed to a system that either works perfectly by computer or doesn't work at all.

But I worry far less about hackers and far more about system design failures and Carrington events.