Citation[]
General Accounting Office, Critical Infrastructure Protection: Actions Needed to Address Significant Cybersecurity Risks Facing the Electric Grid (GAO-19-332) (Aug. 26, 2019) (full-text).
Overview[]
The nation's electric grid is becoming more vulnerable to cyberattacks — particularly those involving industrial control systems that support grid operations. Recent federal assessments indicate that cyberattacks could cause widespread power outages in the United States, but the scale of such outages is uncertain.
The electric grid faces significant cybersecurity risks:
- Threat actors. Nations, criminal groups, terrorists, and others are increasingly capable of attacking the grid.
- Vulnerabilities. The grid is becoming more vulnerable to cyberattacks particularly those involving industrial control systems that support grid operations. The increasing adoption of high-wattage consumer Internet of Things devices — "smart" devices connected to the internet — and the use of the global positioning system to synchronize grid operations are also vulnerabilities.
- Impacts. Although cybersecurity incidents reportedly have not resulted in power outages domestically, cyberattacks on industrial control systems have disrupted foreign electric grid operations. In addition, while recent federal assessments indicate that cyberattacks could cause widespread power outages in the United States, the scale of power outages that may result from a cyberattack is uncertain due to limitations in those assessments.
The Department of Energy (DOE) plays a key role in helping address cybersecurity risks in each component of the electric grid's infrastructure. However, DOE has not developed plans for electric grid cybersecurity that address the key characteristics needed for a national strategy. The GAO recommends that it do so.