Nation's electricity grid gets a test
The San Onofre Power Plant in Orange County, Calif.
The U.S. power grid is a patchwork of networks, mostly built a long time ago. The aging grid's main protection against attack is that it's too sprawling and complicated to all go down at once.
The National Geographic Channel's "American Blackout" showed what the U.S. might look like if the grid went out for 10 days: Apocalypse, minus the zombies. No running water. No gas pumps, so no trucks. No trucks, so no food supply.
This week, thousands of people who operate the grid will run a simulation of a major attack on the nationwide system to test what would actually happen if the power grid collapsed.
Joshua Axelrod works at Ernst and Young. He advises companies on cyber-security for "critical infrastructure" - like the power grid. What does he think we'd miss if the grid went down? National defense.
"You take out a couple transformers. Can a military installation ... run for 18 to 24 months without an external electricity provider? Probably not," Axelrod says.
Axelrod spoke at a recent conference sponsored by the agency behind this week's drill, the North American Electric Reliability Corporation, known as NERC. He titled his talk: "How the Grid Will Be Hacked."
"These systems were never really designed with security in mind," he says. "We're looking at an industry that uses technology that sometimes is upwards of 20 or 30 years old and still in place. It's just not built, inherently, for the world that we live in."
And that's just the computer side of things. In the spring, a man with a rifle damaged five transformers at a substation in California. Many installations are located in the middle of nowhere, unmanned.
"You can get to those locations, and you can cut a lock, jump a fence, break into a control-house door, and start manipulating systems," Axelrod says.
Axelrod says what keeps the grid safe from full-scale attack -- or, 'safe-ish' -- is mainly its size and complexity. Players with the capacity to knock it out and keep it out -- big countries like China -- don't have anything to gain. You'd need more of a James Bond super-villain type. And they haven't shown up. Yet.
So, NERC's two-day North American Grid Security Exercise 2013, known as Grid Ex, starts tomorrow. More than 2,000 workers from utility companies, regulators and law-enforcement from across North America will take part.
Ted Gutierrez runs cyber-security for the Northern Indiana Public Service Company, NIPSCO. Two years ago, he took part in the first Grid Ex. "A few minutes into the exercise," he says, "you forget that it's an exercise."
Gutierrez works in the most generic environment imaginable: A concrete one-story office building, dated but clean, in a little campus behind a Home Depot. Across the parking lot, NIPSCO's control room is tucked into a similar building. Gutierrez goes in with his colleague Ed Gordon.
"This is the critical infrastructure protection perimeter, or barrier," Gordon says. It's a glass door.
Inside, it's a big room with dim lights and high ceilings. A 20-foot desk faces a wall of screens. One person sits at the desk, watching, clicking, answering radio calls. Another four or five people lean back at smaller desks or huddle quietly.
"Not super-exciting, and we like to keep it that way," Gutierrez says. But tomorrow, a few of these folks will get a great big jolt.
The scenario for this year's Grid Ex ups the ante from the first one in 2011. Brian Harrell, who runs Grid Ex, says 2011's exercise was just a cyber-attack. This time, expect stuff to blow up.
"We don't throw in the hurricane at the last second," Harrell says. "However, we are really trying to push ourselves to the limits."
But there is one element of a real, nationwide, long-term blackout that Grid Ex will not address: Telecommunications. In the world of the game, the internet and the phone system will keep working.
"It's very difficult to run an exercise without phone lines and email, I'll be honest with you," Harrell says. "That may be something we look at for next time."