Lawmakers Warned of Threats to the Grid

Government and private sector executives pointed to yesterday's anniversary of the Sept. 11 terrorist attacks to warn lawmakers about protecting a critical piece of the nation's infrastructure: its electricity grid.

"This is not hyperbole," Kevin Kolevar, assistant secretary of the Department of Energy, told the House Subcommittee on Energy and Air Quality today. "Let me assure you that cyber-attacks have occurred and they are becoming more sophisticated."

Although it was a fitting topic on the seventh anniversary of 9/11, lawmakers noted that the potential threats against the United States no are longer confined to the physical world.

"Let no one accuse us of having a September 10th mindset when it comes to cyber-security," Rep. James Langevin, D-R.I., told the subcommittee in testimony. Langevin appeared as a witness in Thursday's hearing, which was also Webcast. Langevin also chairs the Subcommittee Emerging Threats, Cybersecurity and Science and Technology, which began examining the nation's preparedness in the face of cyber-threats after evidence of an alarming vulnerability came to light.

For example, last September, details emerged of an experimental attack the Department of Homeland Security carried out against a generator at the Idaho National Laboratory. In the so-called "Aurora" attack, DHS hacked into the lab's electrical system and altered the operating cycle of the generator, causing it to explode.

The vulnerability of the nation's electrical infrastructure came into high relief in 2003 when a massive blackout in the Northeast left 50 million people without power, at a cost around $10 billion to fix. That blackout was a result of a system failure. The vulnerabilities exposed in the Aurora test were a wake-up call.

In response, the industry group National American Electric Reliability Corporation (NERC) issued a set of standards to the facilities to shore up their defenses against cyber-threats.

Subsequent auditing by the Federal Energy Regulatory Commission (FERC) found that the self-regulatory approach for electrical producers had fallen short, and that many facilities on the Bulk Power System (BPS) grid were still vulnerable.

"Many -- and really most -- electric facilities are capable of remote operation," FERC Chairman Joseph Kelliher told the subcommittee. The degree of compliance varied from plant to plant, Kelliher said, but a great number of the power companies he audited "didn't appreciate how interconnected their facilities were."

This article was first published on InternetNews.com. To read the full article, click here.