IE 11 is not supported. For an optimal experience visit our site on another browser.

Power Grid Security Fears Surge Since 2003 Blackout

A massive cascading outage could leave millions without power.
Image: FILE: Two Years After Hurricane Sandy
Power is out in Manhattan on October 29, 2012, during Superstorm Sandy.Allison Joyce / Getty Images

Editor's Note: This story originally appeared in USA Today.

Experts say a massive cascading power outage affecting large swaths of the nation is unlikely. But it could happen, and it could be devastating.

A sense of the high stakes in the nation's effort to secure the grid from a mass outage became clear for many in August 2003, when a sudden blackout wiped out power across seven Northeastern states and the Canadian province of Ontario.

Triggered by an unpruned tree branch in Ohio — coupled with a software glitch and human error — the chain-reaction outage snarled transportation systems, shut down stock exchanges and was blamed for contributing directly to 10 deaths as it spread through the Northeast's population centers.

However, epidemiologists believe the indirect effects were much worse. A 2013 study estimated the outage caused approximately 90 excess deaths in New York City alone because of air pollution and sweltering summer heat.

Read the USA Today version of this story.

Even though there was no significant damage to infrastructure connected to the 2003 blackout, it took at least six hours and as much as two days to return electric service to the affected areas.

Chris Blask, chair of the non-profit Industrial Control System Information Sharing and Analysis Center, which advises industry on vulnerabilities, said the Northeast blackout points to potential for a more prolonged outage in any situation involving serious damage to sensitive infrastructure.

"The 2003 blackout is a good metric," he said, "where there was no significant damage but it nonetheless took days to come back online."


Bracing for a Big Power Grid Attack: 'One Is Too Many'

In 2011, the nation was hit by another massive cascading blackout, which left nearly 3 million people without power in Arizona, California and parts of Mexico. The outage was caused by the downing of a single power line and took as many as 12 hours to return power to parts of the affected area.

The solution to preventing cascading outages, suggested former Federal Energy Regulatory Commission chairman Jon Wellinghoff, may be moving to a system of "micro-grids" that operate independently of the larger power infrastructure.

The military is moving its domestic bases to independent grid systems, and a "micro-grid" is also in place at Princeton University, where the power stayed on during the area's mass outage following Hurricane Sandy in 2012.

But the transitions to independent grid systems will take time and cost money.

Until then, experts have varying opinions on the likelihood an intentional attack might lead to a cascading outage of the type that struck the Northeast in 2003 and the Southwest in 2011.

Seattle-based cybersecurity expert Jeffrey Carr said the grid has so many weak spots that the focus should be building redundancies so the grid can be brought back on line quickly in the case of a successful attack.

"There are so many ways to take down a power company," he said. "Unfortunately, the reality is that a dedicated hacker is always going to find a way in."

Current FERC chairman Cheryl LaFleur said backup systems are in place to help prevent wide-scale outages, and regulators and industry are constantly working to stay a step ahead of would-be attackers.

"The people who are attempting to have an impact on critical infrastructure with cyber intrusions are always developing new tactics," she said, "so we have to definitely try to stay vigilant and not rest on what we know but keep learning about the new threats."

Patrick Miller, a Portland, Ore.-based critical infrastructure and regulatory adviser and managing partner at Archer Energy Solutions, said a single probe into the system on its own is unlikely to cause a cascading outage.

But coupled with a physical attack, there could be serious concerns.

The systems that control the power grid were designed to withstand severe weather but not ill-intentioned humans, he said. The software guiding the grid was built by engineers who have no concept of an attack.

"The problem is they didn't think about malice," Miller said. "Mother Nature is what they're dealing with in most cases. Mother Nature may be harsh, but Mother Nature is not malicious. That's something they haven't quite factored in."