A major cyber attack on the U.S. electric grid could cause over a $1
trillion in economic impact and roughly $71.1 billion in insurance
claims, said a report released Wednesday. The report
looks at the financial impact of a scenario in which 15 states and
Washington, D.C. suffer a blackout as a result of a cyber attack on the
power grid. The scenario is created by the University of Cambridge
Centre For Risk Studies, which uses some real life, publicly known cases
to create the model.
The report is also co-produced by Lloyd’s, the
London-based insurance service provider that has been working with the U.K. government about managing cyber security risks. “Cyber attacks are often treated as a problem of technology, but they
originate with human actors who employ imagination and surprise to
defeat the security in place,” said Tom Bolt, director of performance
management at Lloyd’s, in the report. “The evidence of major attacks
during 2014 suggests that attackers were often able to exploit
vulnerabilities faster than defenders could remedy them. In order to
achieve accurate assessment of risks, insurers need insight into the
evolution of tactics and motives across the full spectrum of threats.”
Protecting the grid from cyber attacks has weighed heavily
on the minds of governments and utilities lately as more standard-based
digital technology is installed to replace the analog and proprietary
equipment that has run the electric generation, transmission and
distribution systems for decades. And they are looking for malicious
attacks not only from the outside but also from within the grid operations (by untrained or disgruntled employees, for example).
The Lloyd’s report also is coming out just before one of the largest U.S. solar energy conferences, Intersolar,
will take place in San Francisco next week. The emergence of solar
energy generation, particularly the rooftop installations that rely on
digital electronics to monitor and manage their production and energy
flow into the grid, has forced utilities to consider changing how they
run the grid.
In fact, Southern California Edison last week filed a plan with the California Public Utilities Commission that proposes new ways to manage its grid that will need to serve a growing number of solar energy systems, energy storage equipment such batteries and electric cars at home and business.
The scenario in the Lloyd’s report
imagines a severe blackout in the Northeastern part of the U.S.,
including New York City, that plunges 93 million people into darkness.
While the scenario seems unlikely, it’s technically possible to realize,
the report said. What it would take is a malware that infects the
computers that control power plants, and in this case, the malicious
code takes control of 50 generators and causes them to overload or even
catch fire. Also in this scenario, utilities are able to restore power
in some areas within 24 hours but spend several weeks to do the same for
other parts.
The report then looks at the potential economic impact of the
blackout, including damage to power plants and the grid, lower
electricity sales and revenue losses for businesses. It estimates that
the impact could range from $243 billion to over $1 trillion. It also
estimates that the insurance industry could be paying anywhere from
$21.4 billion to $71.1 billion in claims.
The electric grid has seen 15 cyber attacks since 2000, according to
the U.S. Department of Energy. The U.S. Industrial Control System Cyber
Emergency Response Team said 32% of its responses to threats against
“critical infrastructures” in 2014 happened in the energy sector. Sharing information about the attacks and solutions will be important for crafting good defensive plans, the report said.
http://www.forbes.com/sites/uciliawang/2015/07/08/report-the-trillion-dollar-risk-of-a-cyber-attack-on-u-s-power-grid/2/?ss=energy