Panel Paper:
Physical and Cyber-Enabled Attacks on U.S. Electric Grid Infrastructure: A National Security Threat
*Names in bold indicate Presenter
One of the more publicized and costly physical attacks on the grid occurred in 2013 at the Metcalf Power Station, located in San Jose, California. This attack, which resulted in $15 million in damages and required the substation to be shut down for three while initial repairs took place, served as a catalyst for a series of attack mitigation strategies aimed at improving grid security. To prevent a similar attack from happening again, utility companies and North American Electricity Reliability Corporation (NERC) outlined a range of security improvement measures, including more robust physical barriers around key infrastructure, additional security technology and security personnel on site, and new risk mitigation audits to identify and communicate about vulnerabilities amongst sites.
This research first explores the motivating factors for grid owners and operators to invest in both physical and cyber security improvements and whether basic improvements actually help mitigate attacks. Given what is known about past attack methods and what is suspected for potential attacks, will the security improvement strategies adequately mitigate future threats? Next, compared to incidents that cause significantly damages in other critical infrastructure sectors (as defined by the Department of Homeland Security), how do policymakers respond to attacks against the electrical infrastructure sector? Is there a relationship between monetary damages and policy response? To answer these questions, attack scenarios are modeled using data from past grid attacks as well as major incidents that caused monetary damages across the other critical infrastructure sectors. Preliminary results indicate a need to consider not only past attacks against the grid when creating physical and cybersecurity improvement regulations, but also factor in what can reasonably be anticipated for future sophisticated and coordinated attack methods.