A recent report from the Government Accounting Office warns that vulnerabilities in national electrical distribution systems are not being addressed, and the results of a cyber attack on those systems could be dire. The report acknowledges and does not dispute the Department of Energy’s assumption that attacks on power generating facilities are a priority and would immediately affect large numbers of people. But it emphasizes that the result of distribution system attacks, although “not well understood,” could be serious, and preventing them is a more difficult challenge. Distribution systems are by definition decentralized, providing a wider target than the generators, while at the same time advances in remote data gathering and maintenance have introduced new vulnerabilities. These factors are compounded by the fact that distribution systems are under regulation of individual states, unlike generation and transmission systems, which are under federal jurisdiction.
The Department of Energy is said to concur with the report and to be preparing improvements in distribution-system cybersecurity, in part under two Congressional initiatives that will become operational starting next year.