According to an IDG News Service story, the survey came in response to widespread concerns that hackers could damage parts of the U.S. power grid, causing widespread outages and prolonged economic effects. Power outages and quality disturbances cost the U.S. economy upwards of $188 billion annually, with single outages costing as much as $10 billion, the report said. Replacing large transformers, for example, can take more than 20 months.
The 15-question survey was sent to more than 150 utilities owned by investors, municipalities, rural electric cooperatives and those that are part of federal government entities. About 112 responded to the survey, which was sent in January.
Many utilities were coy in their responses. None reported damage as a result of cyberattacks, and many declined to answer the question of how many attempted attacks were detected, the report said. One utility said it recorded 10,000 cyberattacks per month, while another said it saw daily probes for vulnerabilities in its systems and applications. Cyberattacks are inexpensive to execute and hard to trace, the report said.
"It has been reported that actors based in China, Russia, and Iran have conducted cyber probes of U.S. grid systems, and that cyberattacks have been conducted against critical infrastructure in other countries," the report said.
The U.S. Congress has not delegated oversight of utilities' cybersecurity to a federal agency. An industry organization, the North American Electric Reliability Corporation (NERC), publishes both mandatory and voluntary security standards, the report said. In 2010, the U.S. House of Representatives passed the GRID Act, which would have given the Federal Energy Regulatory Commission the authority to protect the electricity grid. But the legislation did not pass the Senate, and the issue remains inactive in the House, the report said.
Since 2010, the DOE said it has invested more than $100 million in cybersecurity research and development through awards and funding provided to industry, universities and national laboratories.
Earlier this year for example, the DOE spent $20 million on similar tool development. At that time the agency said it wanted to focus research and development of new tools on six critical areas including:
" Energy delivery control system software and updates: Develop techniques needed to formally verify that an update or patch will perform exactly as intended, do nothing unexpected and that the update does not compromise energy delivery system integrity, authenticity and availability. The solution must accommodate third-party and legacy components; be scalable so that updates can be securely deployed to multiple devices; provide a means for devices that require updates to communicate this status to the energy sector end-user and must not impede critical energy delivery functions. The technology and techniques must be demonstrated at an end-user site to validate a clear industry acceptance.
Sign up for CIO Asia eNewsletters.