By Timothy Cox Special to the [Evansville] Courier & Press
INDIANAPOLIS —State utility regulators plan to investigate during a series of meetings in the coming months whether Indiana’s power companies are adequately prepared to combat cyber attacks.
Indiana Utility Regulatory Commissioner Carolene Mays provided a peek at the concerns last week when she asked the companies — which were gathered for a forum to talk about the summer cooling season — about the issue.
Mays serves as vice chair of the National Association of Regulatory Utility Commissioners’ Committee on Critical Infrastructure and said concern about cyber hackers keeps her up at night.
“It’s one of our major focuses right now because utilities across the country are just not prepared,” Mays said. “Nationally, they’re proving they’re not prepared for potential cyber security issues.”
If hackers break through an electric provider’s network security, they could have the power to stop energy transfer to entire cities.
It’s an issue utility companies are constantly battling. But while they offered some information at the commission’s forum last week, regulators will push for more.
“There are hundreds of attempts everyday to break into the grid, and if there is an outage based on cyber security, it could affect so many things that people don’t realize,” Mays said.
Power lines throughout the country are generally connected, forming “the grid,” a nationwide web of wires that connect generating plants to substations, industries, businesses and homes.
“There’s a lot of worry about the vulnerability of our electrical grid and the damage that could be done by disrupting the power supply even for a short period of time,” said former Congressman Lee Hamilton, who served as co-chairman of the 9/11 Commission. “Because of their vulnerability, they obviously make attractive targets.”
Hamilton’s role in the 9/11 Commission provided insight into areas of the U.S. that terrorists are most likely to target. He said the nation is “much further along than it was a few years back” in defending against utility cyber attacks, but there’s room for improvement.
“If you talk to national security officials in Washington, almost all of them will say that cyber attacks are among their chief worries — if not their chief worry — from a national security standpoint,” Hamilton said.
Officials — and citizens — have reason to worry. The leader of the U.S. Cyber Command — a fairly new unit charged with protecting the nation’s military computer systems — recently reported that its networks are “probed roughly 250,000 times an hour.”
Last month, the U.S. Department of Homeland Security was working to fight off an anonymous group of hackers targeting gas pipelines, according to a number of national reports.
Hamilton said last week that electric utility industries are more protected than other infrastructure like the gas pipelines. The Federal Energy Regulatory Commission has industry-developed security standards that electric companies have to comply with, whereas other utilities don’t have those standards.
The difficulty in better-protecting utilities, Hamilton said, is that many are owned by the private sector while others are government-owned.
“Government cannot do it by itself, private sector cannot do it by itself, probably, and (they) need to have a lot of cooperation and coordination,” Hamilton said.
The IURC will do just that: Cooperate and coordinate with both government and private electric providers in Indiana to analyze the state’s preparedness for a cyber security attack and determine if more needs to be done.
“We just want to make sure that the utilities are prepared,” Mays said, “or beginning to ramp up even more because the issues are so big and the hackers are becoming a lot more sophisticated.”
Leave a Reply