GAO warns on cyber risks to power grid

By Iren Moroz shutterstock ID 566799760 

Optional caption goes here. Optional caption goes here. Optional caption goes here. Optional caption goes here.

The country's electrical systems are increasingly susceptible to cyberattacks, according to government auditors, and there is uncertainty about the extent to which a localized attack might cascade through power distribution systems.

A new report from the Government Accountability Office examines the vulnerabilities of electricity grid distribution systems, how some states and industry actions have hardened those systems and the extent to which the Department of Energy has addressed risks by implementing the national cybersecurity strategy.

Government and industry officials told GAO that a cyberattack on a grid distribution system would likely have localized effects, but a coordinated attack could have widespread consequences. However, the officials conceded that assumption is based on their professional experience, GAO noted, and none of them were aware of an assessment that confirmed their claims.

"Moreover, three federal and national laboratory officials told us that even if a cyberattack on the grid's distribution systems was localized, such an attack could still have significant national consequences, depending on the specific distribution systems that were targeted and the severity of the attack's effects," according to the report.

In 2019, GAO assessed the Department of Energy's efforts to implement the energy portion of the national cybersecurity strategy and found it lacking. The new report states DOE officials intend to update their plans as a result of GAO's findings, but they will not change the extent to which they focus on distribution systems. The officials said an attack on the bulk power system -- larger interconnected electrical systems made up of generation and transmission facilities -- poses a greater threat.

"Officials said a cyberattack on the bulk power system would likely affect large groups of people very quickly, and the impact of a cyberattack on distribution systems would likely be less significant," according to the report.

Patricia Hoffman, a senior official at DOE's primary cybersecurity office, concurred with GAO's recommendation that the energy secretary should work with the Department of Homeland Security and industry to address risks to distribution systems. Hoffman cited two congressionally directed efforts DOE is engaged in to do as much.

About the Author

Justin Katz is a former staff writer at FCW.


  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected