WASHINGTON — Sen. Angus King, I-Maine, said the United States can learn something from Ukraine when it comes to cybersecurity.
King, who serves on the Senate Energy Committee, wants the government to consider unplugging some digital systems at strategic positions in the nation’s power grid and replacing them with physical ones that hackers can’t compromise.
This is what helped Ukraine recover after a massive cyberattack that hit its electrical grid in 2015 and shut off power for about 225,000 customers. Three companies targeted in the attack were able to recover power by switching off their digital systems and reverting to manual operations.
Yet the U.S. is far more reliant on its digital systems, and King warned that switching to manual on the fly after a crippling attack would be difficult.
“The grand fear is that a cyberattack could take down the grid and that would take down with it hospitals, financial centers, people’s day-to-day lives,” King said. “There’s no question lives would be lost.”
King compared the idea of taking key parts of the electric grid offline to the push among election cybersecurity experts for paper ballots rather than voting machines that record ballots digitally — and are more vulnerable to tampering.
“Sometimes the old stuff is the best,” King said.
As the Homeland Security Department warns that Russian government-backed hackers have been trying to infiltrate the U.S. energy sector since at least March 2016, King is sponsoring a bill with Sen. James Risch, R-Idaho, that would fund a $10 million National Laboratories study focused on isolating key portions of the grid. The Securing Energy Infrastructure Act would also establish an Energy Department-led working group that would create a grid cybersecurity strategy focused on helping energy companies defend their most critical systems from attacks.
The bill passed the Senate last Congress but not the House. Given its record of bipartisan support, King is hopeful the study can pass both chambers within a couple of months this go-round.
Rep. Dutch Ruppersberger, D-Maryland, who’s co-sponsoring the House version of the grid study bill with Rep John Carter, R-Texas, described it in a news release as a “‘back to the future’ approach” to grid security.
The idea for the study came from Idaho National Lab researchers who had studied the Ukraine attack, King said. In the case of that attack — which Ukrainian officials attributed to Russia — the lights were back on after only a few hours. The Ukraine attack was accompanied by a denial of service strike that overwhelmed telephone networks with phony traffic, seemingly designed to prevent customers from getting information about the outage.
A massive attack against the electrical grid has long topped the list of cyber experts’ greatest fears, but the 2015 Ukraine attack is the only known case of a significant grid attack.
That’s partly because it requires far more specialized knowledge to hack into industrial control systems that run power grids than it does to hack into consumer technology such as computers and smartphones. And the nation-state-backed hacking groups that are capable of such attacks are also probably hesitant to launch them for fear they will quickly escalate into military conflicts.
Still, Russia has made aggressive moves to develop cyberweapons that could be used to disrupt the electric grid. And the risk of such an attack would only become more likely if the United States and its Cold War adversary were engaged in a broader military conflict.
King warned during a hearing last week of the Senate Energy Committee that Russian hackers are already attempting to penetrate the grid. If they successfully compromised major electrical utilities, he warned, they could shut down power to large segments of the United States, bringing critical services to a halt.
“This is not a threat. This is happening now,” King said. “This is not something that may happen next year or two years from now.”