Hackers could cause blackouts to the nation’s power grid by feeding the system incorrect load data that forces officials to mistakenly believe they need to conserve power supply, according to a new report.
The National Association of Regulatory Utility Commissioners released a report that outlines the vulnerabilities of the power grid and ways to protect it. The report found three vulnerabilities – information technology, control systems and smart grid.
Those vulnerabilities could open the system up for cyber attacks, threatening reliability and added additional expense to the system, the report found.
Politicians have been warning utilities about the rising risks of cyber attacks on the power grid. Those warnings have prompted some utility companies to unplugging certain critical functions from the internet completely.
“This isn’t science fiction,” U.S. rep. Michael McCaul told the Austin American-Statesman earlier this year. “This is real.”
According to the NARUC report, a group of hackers could replace load and generation information with erroneous data. The incorrect data could force officials to unnecessarily conserve power, prompting blackouts.
To ensure reliable data in that situation, officials would incur more expenses.
“This is a pretty bad scenario, but far from the worst case,” the report said. “A dedicated hacker group could accomplish the situation above. A nation-state or well-funded criminal syndicate could theoretically accomplish worse.”
The report, however, found the most likely scenario was a much smaller attack that compromises data without impacting the operation of the grid.
Hackers could gain access to the system through information technology, supervisory control and data acquisition or the smart grid. If someone did, they could change password to critical systems, input incorrect load data or disrupt the power connection to homes.
“Regulators are already hard at work to address cybersecurity risks to the American power grid and the greater infrastructure of utilities,” the report said. “But there’s more to be done and, in the face of shrinking budgets, fluctuating workforce and the absence of comprehensive legislation, regulators need a dynamic strategy to strike the right balance of security and resources.”