How to protect U.S. energy grid from cyber attacks

While Russia and other potential adversaries seek to implant increasingly sophisticated cyber weapons on our power grid, the United States has an unprecedented opportunity to deter adversaries from using those weapons and to prevent catastrophic blackouts if deterrence fails, says a former Department of Defense official who now serves as senior fellow at the Johns Hopkins Applied Physics Laboratory.

In a new paper, Paul Stockton, who served during the Obama administration as assistant secretary of defense for homeland defense and Americas’ security affairs, examines how power companies can partner with the Department of Energy to defeat attacks on the U.S. electric system.

In particular, the study analyzes how these partners can develop emergency orders under the Federal Power Act and coordinate their operations when attacks are imminent or underway.

The paper also explores how emergency orders can assist power restoration even if adversaries continue striking the grid.

“We need better plans and capabilities to ‘play defense’ in cyber warfare,” said Stockton, who supervised homeland defense activities for the Department of Defense and who helped lead the department’s utility power restoration efforts during Hurricane Sandy in 2012.

“Power companies are rapidly improving their own resilience against cyber and physical attacks.

What is missing is operational coordination between government and industry, so that if adversaries strike, federal agencies will be ready to support grid operators through integrated, preplanned emergency orders.”

The study, titled “Resilience for Grid Security Emergencies: Opportunities for Industry–Government Collaboration,” proposes specific orders to provide for such unity of effort in grid security emergencies and recommends how power companies and government agencies can craft emergency orders to sustain electric service to vital military bases, regional hospitals, and other critical facilities.

By ensuring that these facilities—potentially lucrative targets—have the power they need to keep functioning during a cyberattack, emergency orders can help raise adversaries’ doubts as to whether they can achieve their goals in striking the grid.

Emergency orders can also help ensure that U.S. defense installations and supporting civilian infrastructure systems have the electricity they require to project power abroad and prevail against attackers.

Both of these resilience improvements can help deter strikes on the grid, and advance the study’s ultimate goal of reducing the likelihood that cyberattacks will ever occur.

In addition to Stockton’s work, APL supports government agencies in ensuring the cyber and physical security of national and defense critical infrastructure through its Cyber Operations and Homeland Protection mission areas.

Source: Johns Hopkins University.