A cyber-risk we’re not prepared for: What if the power grid collapsed and America went dark?

The following article is from The Washington Post and is published by the Editorial Board. Click here to read the article on The Washington Post Website.

EVERY CATASTROPHE comes as a shock, but many shouldn’t come as a surprise. Just as we knew a pandemic was a possibility yet failed to plan for it, power-grid collapse is a threat we should be prepared for — but aren’t.

The National Commission on Grid Resilience, chaired by former NATO supreme allied commander Wesley K. Clark and former congressman Darrell Issa (R-Calif.) and convened to assess our ability to prevent or respond to a so-called black sky event, concludes in a report released Thursday that the country has fallen behind. The danger of a nation gone dark is rising. There have always been natural disasters to contend with, but now adversaries’ cyber capabilities are growing: 2015 saw Russia deprive more than 200,000 people in Ukraine of power for almost six hours in the middle of winter. Russia even managed to cause physical damage to equipment from afar. The search for efficiency in the electric energy market has added vulnerability; replacing mechanical controls with remote ones opens a new vector of attack, for instance, and so do the smart devices proliferating on the edge of the grid. Society’s increasing reliance on the Internet more generally pushes the stakes higher.

The United States’ electric grid is dynamic and diverse. This is perhaps a boon to consumers looking for lower costs, but a burden when it comes to securing the system. Generators, transmitters, distributors and retail providers are so interconnected that a salvo against one could set off a chain reaction across companies and states. Because the private sector largely owns and operates these critical assets, the government can’t simply execute a course of action. Then there’s the problem of classified information: You can’t very well counter a threat if you don’t know what it is because you don’t have the appropriate clearance.

The report offers several recommendations, including: Establish a clearinghouse to give system operators the information they need — and help them get access to classified information. Create and fund an agency to identify emerging threats and vulnerabilities. Build a nationwide testing network of microgrids designed to survive blackouts at federal facilities. Improve standards and reporting practices for the private sector, and reward those that demonstrate resilience. Invest in U.S. manufacturers to supply the largest and most essential transformers. Experts suspect China has already implanted malware in critical infrastructure.

This will require leadership and an ability to imagine a disaster that has yet to occur but too easily could — so that if the shock comes, we will be ready instead of surprised.

In Other News…