The U.S. must be more aggressive in putting critical energy infrastructure out of reach of cyberattacks, a top official of the government’s Idaho National Laboratory warned lawmakers.
Brent Stacey, the lab’s associate director, told a pair of House subcommittees Wednesday that the problem is bad and getting worse.
“The dynamic threat is evolving faster than the cycle of measure and countermeasure, and far faster than the evolution of policy,” he said.
There are more cyberattacks against the energy sector than any other industry. Energy companies say they are under constant assault, and the Department of Homeland Security’s Cyber Emergency Response Team responded to 79 attacks on American energy assets last year.
“Reported incidents affecting the electricity subsector have had a variety of impacts, including hacks into smart meters to steal power, failure in control systems devices requiring power plants to shut down, and malicious software disabling safety monitoring systems,” according to a U.S. Government Accountability Office statement released Wednesday.
A study this summer by the insurance company Lloyd’s of London and the University of Cambridge found that a major cyberattack on the U.S. power grid has the potential to cause a trillion dollars in damage.
“The scenario predicts a rise in mortality rates as health and safety systems fail; a decline in trade as ports shut down; disruption to water supplies as electric pumps fail; and chaos to transport networks as infrastructure collapses,” according to the report from Lloyd’s and Cambridge.
The scenario described in their report involves an electricity blackout that plunges New York City, Washington, D.C., and 15 states into darkness, leaving 93 million people without power.
“The scenario, while improbable, is technologically possible,” the report said.
Bennett Gaines, senior vice president of FirstEnergy Service Co., said Wednesday that utilities have been effective at blocking attacks but that greater efforts will be needed. Those include the faster sharing of information between government and the industry, he said.