Electric companies in the United States might not be able to protect the power grid in the United States from a cyber attack, said the director of the National Security Agency (NSA).
“When you look at it, if you were to ask me to rank order where industries are in terms of their cyber security capability, I think power is at or close to the bottom of the list, not because they’re bad, but because that’s not a focus area for them right now,” said Keith Alexander, a four-star Army general who also commands the U.S. Cyber Command.
“Not only that, they don’t have the technical expertise nor the government help that they need and we ought to give it to them,” he said. “And, so I think that partnership is going to be key for the future.”
During a talk at a cyber security symposium held last week at the University of Rhode Island, Alexander discussed the August 2003 blackout that affected 45 million people in eight Eastern states and 10 million others in Ontario, and was aggravated by a software problem initially unknown to the systems operators.
He also talked about the August 2009 sensing-system failure at the world’s third largest hydroelectric plant at the Sayano-Shushenskaya dam in Russia, in which engineers remotely turned on a turbine that violently tore apart, causing a ceiling to collapse at the power plant, damaging eight other turbines and killing 75 people.
“What I’m concerned about: These are issues that were caused by people with good intentions,” Alexander said. “What about those without? And there are two forms of the destruction that I’m concerned about. One is data, destroying data, and the other is equipment and I think we have to be ready for both of those.”