The Complex

U.S. Electrical Grid Vulnerable to Cyberthreats and Physical Attack, Study Finds

The United States' electrical grid is vulnerable to disruptive attacks by computer hackers that could shut off power to vital sectors of the economy and key public utilities, giving potential adversaries a new way of hitting the United States, according to a new study by a Washington think tank.

The report by the nonpartisan Center for the Study of the Presidency and Congress comes as lawmakers on Capitol Hill consider legislation that would beef up cybersecurity standards for critical infrastructure like the power grid while also encouraging the government and private sector to share more information about cyberthreats and thwarted attacks. That legislation has been in the works for years but has been blocked by business interests that see mandatory security standards as an improper attempt by Washington to dictate how companies manage privately owned facilities in industries ranging from telecommunications to the financial and transportation sectors.

Cyberattacks on the power grid have long been seen as a kind of doomsday scenario that could cripple large swaths of the U.S. economy and society, leading to lengthy power outages and wide-scale panic. The new report identifies a range of potential cyberattackers that have both the motive and the capability to take down portions of the power grid, from countries like China and Russia to terrorist organizations and organized criminals.

"For countries like Iran and North Korea, grid vulnerabilities serve as targets for attacks aimed at disruption or asymmetric effects in terms of national, economic, and civil security," the report's authors write, referring to the idea that a country that will always be outmatched militarily by the United States will look for unconventional ways to attack. Cyberweapons, which can include malicious programs written by individual hackers, offer just such a relatively cheap and easier way of hitting the United States.

U.S. intelligence officials are increasingly concerned about the threat that Iran poses to critical infrastructure, including the power grid and the financial sector, because of rapid advances in Tehran's cyberattack capabilities. In 2012, U.S. intelligence officials say, hackers in Iran launched a series of debilitating assaults on the websites of major U.S. banks. Disabling an electrical grid would require a more sophisticated kind of attack, but U.S. officials and security experts say that Iran is on a path to acquire the means and the know-how to target the power grid.

"Although Iran does lack technological sophistication when compared to other threat actors, such as China or Russia, Iran's diligence and tenacity make it just as formidable an opponent," the report's authors write. "Overall, Iran and government sponsored organizations throughout the country are continuing to expand their ability to conduct a major cyberattack."

The report emphasizes that it's not just cyber-intruders that threaten the U.S. power grid. Electrical systems are also vulnerable to "physical attack, electromagnetic pulse (EMP), geomagnetic storm, and inclement weather.… Focusing on one event or one type of attack fails to account for the overlapping nature of many of these threats," the report's authors write.

The threat of a physical attack was underscored in April 2013 when at least one gunman used a high-powered assault rifle to disable 10 transformers at an electrical facility near San Jose, California, which had few protective measures in place to deter potential intruders.

During the attack, cooling oil leaked from a transformer bank, causing it to overheat and shut down. State regulators urged customers in the area to conserve energy over the following days, but no long-term damage was reported at the facility and there were no major power outages.

Still, the attack gave policymakers in Washington a vivid reminder that electrical facilities are vulnerable to both cyberattacks and physical attacks. In response, the report's authors call on Barack Obama's administration to use more executive actions -- such as presidential orders and recommended industry standards -- to heighten cybersecurity and to work with Congress to pass laws that make it easier for companies to share information about vulnerabilities in their networks with each other and with the government.

Many companies are concerned that if they do share information about potential hacker activity on their computer networks with U.S. law enforcement or intelligence agencies, they could violate privacy laws. That's because monitoring networks for cyberthreats may require examining information about a company's customers, and companies may not be authorized to voluntarily give such information to the government.

The Obama administration has recently tried to assuage companies' concerns and encourage them to share more information with each other, which officials say is essential to preventing attacks. In April, the Justice Department and the Federal Trade Commission announced that companies sharing cyberthreat information, so that they could learn from each other and cooperate on putting defensive measures in place, would not violate federal anti-trade laws.

"Cyberthreats are increasing in number and sophistication, and sharing information about these threats, such as incident reports, indicators, and threat signatures, is something companies can do to protect their information systems and help secure our nation's infrastructure," Assistant Attorney General Bill Baer, who heads the Justice Department's antitrust division, said at the time. "With proper safeguards in place, cyberthreat information sharing can occur without posing competitive concerns."

Photo by Justin Sullivan / Getty Images News

The Complex

Iraq Is Afghanistan Prologue for Some Senators

Hanging over the confirmation hearing Thursday for the next U.S. commander in Afghanistan was not the country's disputed election or its widespread corruption, both of which threaten to unravel any progress the United States has made there.

Instead, Gen. John Campbell faced questions about Iraq, where, in parts of the country, militants from the Islamic State have overrun security forces trained by the United States at a cost of more than $25 billion. Now it's believed that, without help, the Iraqi security forces will be unable to retake areas seized by the Islamic State.

But not so long ago, U.S. military officials were confident in the capabilities of the units they were training in Iraq and would update Congress and the media about the progress they were making in building those units' capacity.

What members of the Senate Armed Services Committee heard Thursday morning about the Afghan military -- that it's capable and mostly responsible for the largely nonviolent elections that took place in April and June -- sounds eerily familiar. And they fear that as U.S. troops withdraw from Afghanistan, what's happening in Iraq is a preview of what could happen in Afghanistan.

"I watch and analyze the mistakes in Iraq, and I think many of them are going to come to pass in Afghanistan," said Sen. Claire McCaskill (D-Mo.), referencing the failures of the Iraqi Army but also the facilities, roads, and governance structures that the United States rebuilt in Iraq and that have since fallen apart or fallen to the Islamic State, formerly known as ISIS.

And now some of the military equipment left behind by the United States is also in the Islamic State's control.

Sen. John McCain (R-Ariz.) asked Lt. Gen. Joseph Votel, the nominee to take over U.S. Special Operations Command, whether it's true that the Islamic State has moved U.S. armored vehicles -- known as MRAPs -- out of Iraq and into Syria.

Votel said that "at a classified level" he has seen reports that would indicate equipment is moving across the "former border between Iraq and Syria." Votel currently serves as head of Joint Special Operations Command, which carries out the military's most top-secret missions.

The equipment seizure means that the moderate rebel groups supported by the United States in Syria will be facing an enemy armed with U.S. equipment stolen in Iraq.

To keep Afghanistan from going down a similar road, lawmakers asked Campbell to provide his own independent assessment of how quickly U.S. troops should leave Afghanistan, even if it means keeping them stationed beyond President Barack Obama's goal of a complete withdrawal by 2017.

"I would suggest that one of your missions is to continue to assess the readiness and the effectiveness of the Afghan security forces, because it wasn't ISIS so much as the collapse of the Iraqi Army that led to the debacle that's currently unfolding in Iraq," said Sen. Angus King (I-Maine).

Another concern is whether the ethnic makeup of the Afghan security forces will threaten their cohesion in the absence of U.S. presence like it has in the Iraqi security forces.

Sen. Joe Donnelly (D-Ind.) noted that many of the generals the United States trained in Iraq were later replaced by people with political connections to Prime Minister Nouri al-Maliki's government.

"We want to make sure the same thing doesn't happen in Afghanistan," he said.

Seeking to reassure the committee, Campbell responded: "I don't want to see what's happening in Iraq today happen in Afghanistan."

Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, argued last week that the collapse of the security forces in Iraq didn't happen overnight and that their defeat in cities such as Mosul was about more than a lack of military capability. Some of the Iraqi soldiers were bribed or bullied into laying down their arms by the Islamic State, he said.

"They undermined [the Iraqi security forces] by stripping away their will to fight for a government that didn't support them," Dempsey said on July 3. "They didn't collapse in the face of a fight. They collapsed in the face of a future that didn't hold out any hope for them."

For McCaskill, both Iraq and Afghanistan represent proof that the U.S. love affair with counterinsurgency strategy has been a disaster.

"We put a Band-Aid on a cancer," she said, describing how the U.S. military was able to impose order in Iraq while it was in the country, but that it all fell apart once U.S. troops left.

And in Afghanistan, "I think you're being given an impossible task," she told Campbell.

Photo by Scott Olson/Getty Images