While American lawmakers and security officials repeatedly warn of a catastrophic cyberattack that will cripple the nation's power grids, in reality, squirrels and tree branches are proving more troublesome than hackers when it comes to actual power outages.
According to numerous reports and headlines: America's power grid is "too vulnerable to cyberattack;" thousands will die if terrorists attack the grid; cyber attacks could keep America in the dark for nine to 18 months; and electric companies face "daily" cyber attacks, which over a month can build to 10,000.
With cyber security so abysmal, incentive so high, and attacks constant, why hasn't there been a massive hacker-triggered power failure yet? Simply put, because it's not that easy.
To be clear, attacks on the power grid would be disastrous and there are significant gaps that must be addressed — procedures improved, vulnerabilities patched, software updated — but even with these glaring weaknesses, an ordinary hacker wouldn't be able to take down the electrical grid. Turning America's lights off remotely is a complex operation that requires not only hacking expertise but an array of intelligence and analysis — something only the most sophisticated terrorist organizations or nation states can muster.
Take one of the grid's greatest cyber vulnerabilities, SCADA (supervisory control and data acquisition) software. It allows utility companies to remotely monitor and control facilities, which has the unfortunate consequence of also giving hackers the ability to sabotage the grid from afar.
While terrifying in theory, cyber security expert Bruce Schneier explains that SCADA vulnerabilities are "overblown" and the reports are "hype." Actually hacking into SCADA software and causing physical damage to a system is exceptionally difficult. In fact, the only known SCADA attack to cause damage was the Stuxnet virus, which was created after years of intensive research and espionage by Israel and America's most advanced spies and engineers to damage a secret Iranian nuclear facility.
Veteran intelligence officer Michael Tanji points out in Wired just how complex such an attack would be. For starters SCADA systems are "rarely connected directly to the public internet," which makes "gaining access to grid-controlling networks a challenge for all but the most dedicated, motivated and skilled — nation-states, in other words."
If hackers were somehow able to enter the system, to actually cause physical damage Tanji explains, they would still need to have advanced intelligence gathering abilities to learn which SCADA software utilities are running, how they are connected, what the generator blueprints look like, which weaknesses exist in equipment, how to exploit those weaknesses, which machines are linked, how to override safety mechanisms and keep engineers or automatic safeguards from stepping in, and much more.
In other words, "a purely online approach is simply not going to provide you with the type and volume of information you are going to need to accomplish your mission," Tanji said. "You're going to have to deploy national-level resources."
Meanwhile, as lawmakers worry over these highly sophisticated hypothetical attacks, the nation's aging power grid is falling apart all by itself.
In its annual report on US infrastructure, the American Society of Civil Engineers gave the electric grid, some of which dates back to the 1880s, a "D-plus" as the number of power failures continues to rise.
According to a study by the Institute of Electrical and Electronics Engineers, between 1965 and 1988, there were three major power failures. From 2000 to 2005, there were 11 and from 2006 to 2009, there were 33. The primary cause of these failures was weather.
More troubling is the fact that the second largest blackout in history, the 2003 Northeast blackout that left more than 50 million without power for two days, was caused by power lines brushing against tree branches in Ohio.
Even squirrels are proving to be, well, a squirrelly problem. No one really knows how much damage the rodents do, but it's certainly more than hackers manage. A cursory analysis in The New York Times found that over a four month span last year, squirrels caused at least 50 power outages across the country — and those were just the ones that made the news. And while no one knows how many people are affected by squirrel-related outages each year, in just two days last June, four squirrel-related incidents left more than 18,000 homes in four different states in the dark. How do squirrels manage such mayhem? They simply chew through wires or scamper over fragile electrical equipment.
If squirrels weren't troublesome enough, on the more malicious end, there has been a sharp increase in the number of physical attacks on America's energy infrastructure and authorities are struggling to find who's responsible.
Last year, Arkansas suffered three separate attacks on the electrical grid that left thousands without power including a substation being lit on fire, the chopping down of two key utility poles with a stolen tractor, and an attempt to use a train to pull down a 100-foot transmission tower.
Meanwhile in California, an individual entered a substation and cut several cables, knocking out 911 calls, landlines, and cell service in the area before firing a high-powered rifle at transformers, which ultimately shut down the transformer bank.
Military-grade hackers could certainly trigger a blackout for the ages, but with saboteurs waltzing into power stations and causing mayhem with impunity, tree branches leaving millions in the dark, and squirrels wrecking havoc, there are more clear and present dangers to worry about.