Academic journal article Current Politics and Economics of the United States, Canada and Mexico

Cybersecurity Issues for the Bulk Power System *

Academic journal article Current Politics and Economics of the United States, Canada and Mexico

Cybersecurity Issues for the Bulk Power System *

Article excerpt


In the United States, it is generally taken for granted that the electricity needed to power the U.S. economy is available on demand and will always be available to power our machines and devices. However, in recent years, new threats have materialized as new vulnerabilities have come to light, and a number of major concerns have emerged about the resilience and security of the nation's electric power system. In particular, the cybersecurity1 of the electricity grid has been a focus of recent efforts to protect the integrity of the electric power system.2

Power flows on the nation's electricity grid are remotely controlled by a combination of older, legacy systems and newer control technologies. Many of these legacy technologies are analog in design and were not originally connected to the Internet3 (although many are equipped with radio or other communications capabilities). But as the grid is modernized, the new "intelligent" technologies replacing them use advanced two-way communications and other digital advantages that likely will be optimized by Internet connectivity. While these advances will improve the efficiency and performance of the grid, they also potentially increase the vulnerability of the grid to cyber attacks.

Cybersecurity is today, and will continue to be, a major issue and focus area for the electric power sector. The energy sector (i.e., electricity, natural gas, and petroleum) is one of 16 critical infrastructure sectors designated by the Department of Homeland Security.4 Incidents of reported cyber intrusions and attacks aimed at undermining the U.S. grid appear to be increasing.5 While parts of the electric power subsector have mandatory and enforceable cyber and physical security standards,6 some have argued that minimum, consensusbased standards are not enough to secure the system.7 Further, the electric grid is not isolated from attacks on other critical infrastructure sectors on which it depends (i.e., the natural gas subsector, water, and transportation), and mandatory and enforceable cybersecurity standards apply to only a few of the 16 critical infrastructure sectors.8

This report will discuss the current state of electric sector cybersecurity, surveying existing regulations and proposed efforts to improve cybersecurity in the wake of recently reported threats and potential vulnerabilities. The report will focus on the bulk power system9 under authority of the Federal Energy Regulatory Commission (FERC), which Congress directed to establish mandatory and enforceable reliability standards.10 Many cybersecurity standards and actions are in response to cyber events. As such, basic compliance with standards by electric utility companies may not be enough to achieve effective cybersecurity protections. Areas for possible further congressional consideration or action will be highlighted in this report.

Grid Components and Potential Vulnerabilities

The electric utility business encompasses the process of generating electricity and sending power to the ultimate user. The electrical grid is the name given to the machinery and power lines that enable power to be sent from the power plant to the ultimate user of electricity. As seen in Figure 1, this generally requires an infrastructure made up of generating stations (where the power is produced), step-up transformers and transmission lines (whereby transformers increase the voltage so that the electricity can be sent over very long distances), and step-down transformers and distribution lines (whereby the voltage can be lowered allowing the electricity to be sent to businesses and homes to power machinery and devices). Depending on the regulatory regime in place, these system elements may be controlled by companies under state jurisdiction or entities under federal jurisdiction (such as regional transmission organizations or federal power marketing administrations).

Controlling and monitoring the various parts of the grid are industrial control (IC) systems, some of which are connected to the Internet. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.