GAO warns on cyber risks to power grid

By Iren Moroz shutterstock ID 566799760 

Optional caption goes here. Optional caption goes here. Optional caption goes here. Optional caption goes here.

The country's electrical systems are increasingly susceptible to cyberattacks, according to government auditors, and there is uncertainty about the extent to which a localized attack might cascade through power distribution systems.

A new report from the Government Accountability Office examines the vulnerabilities of electricity grid distribution systems, how some states and industry actions have hardened those systems and the extent to which the Department of Energy has addressed risks by implementing the national cybersecurity strategy.

Government and industry officials told GAO that a cyberattack on a grid distribution system would likely have localized effects, but a coordinated attack could have widespread consequences. However, the officials conceded that assumption is based on their professional experience, GAO noted, and none of them were aware of an assessment that confirmed their claims.

"Moreover, three federal and national laboratory officials told us that even if a cyberattack on the grid's distribution systems was localized, such an attack could still have significant national consequences, depending on the specific distribution systems that were targeted and the severity of the attack's effects," according to the report.

In 2019, GAO assessed the Department of Energy's efforts to implement the energy portion of the national cybersecurity strategy and found it lacking. The new report states DOE officials intend to update their plans as a result of GAO's findings, but they will not change the extent to which they focus on distribution systems. The officials said an attack on the bulk power system -- larger interconnected electrical systems made up of generation and transmission facilities -- poses a greater threat.

"Officials said a cyberattack on the bulk power system would likely affect large groups of people very quickly, and the impact of a cyberattack on distribution systems would likely be less significant," according to the report.

Patricia Hoffman, a senior official at DOE's primary cybersecurity office, concurred with GAO's recommendation that the energy secretary should work with the Department of Homeland Security and industry to address risks to distribution systems. Hoffman cited two congressionally directed efforts DOE is engaged in to do as much.

About the Author

Justin Katz covers cybersecurity for FCW. Previously he covered the Navy and Marine Corps for Inside Defense, focusing on weapons, vehicle acquisition and congressional oversight of the Pentagon. Prior to reporting for Inside Defense, Katz covered community news in the Baltimore and Washington D.C. areas. Connect with him on Twitter at @JustinSKatz.


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected