The national electricity grid is wide open to a devastating cyber attack that could wreak havoc on the economy and make the 2008 financial crisis seem puny by comparison, a leading computer industry guru has told The Independent.
James Martin, who has made a fortune from making predictions about future developments in computers, warned that the only sure way of safeguarding the electricity grid against a coordinated cyber assault is to disconnect it completely from the internet.
Martin, who has advised various governments during his long career and has donated $150m (£95m) to Oxford University for studying future problems, said that the national electricity grids of Britain and the United States are especially vulnerable because they are controlled by computers that use the internet to communicate.
In a wide-ranging interview with The Independent at his home on a private island off Bermuda, Martin warned that there is ample evidence that hostile foreign agents have already targeted the American electricity grid in order to test whether it would be possible to cause widespread blackouts for long periods of time.
“There is quite a lot of evidence that people have been hacking into the American grid, and probably the grids of other countries to,” Martin said.
“In the American grid they’ve found quite a large number of Trojan horses and trap doors, they’ve found quite a lot of hidden malware, not coming from the States but coming from somewhere outside the States,” he said.
“If you knocked out all the power in America, it would be devastating. Normally when you get a blackout it comes back very quickly but there have been some that don’t. If it was a deliberate attack, then the people attacking it would try to do damage that could not be repaired quickly,” he said.
“If they caused the grid to crash it would be much worse than 2008. This is known today, but what I find rather alarming is that although it is known the authorities are not really trying to stop it by making it secure.
“You could make it extremely secure and one very important part of it would be to disconnect it from the internet completely so there is no on-line interface between the internet and the grid,” Martin explained.
The computers controlling the electricity grids in Britain and the United States are constantly sending messages to one another over the internet in order to balance supply with demand. This enables hackers to gain access to critical control systems, Martin said.
“The country is totally dependent on its electricity. It’s totally dependent on its power grid and, in the US, there are 10,000 electric power stations and there are many hundred thousand miles of grid connecting them together, and the grid is exceedingly complex.
“There is almost no storage so it’s got to switch electricity constantly to get the electricity from the generator to the customer by a very complex path and it’s doing that all the time, constantly. And everything is controlled by computers, totally and absolutely,” he said.
“Computers are doing the buying and selling. Computers are giving the instructions to the generators and the transformers and the sub-grids.”
Officials in both the US and Britain have already warned that their respective electricity grids have been targeted by hackers. In Britain, Iain Lobban, the director of GCHQ, said last October that the threat of a cyber attack on critical national infrastructure such as the grid “is a real and credible one”.
Meanwhile, Joel Brenner of the US National Counterintelligence Executive said in April 2009 that the US authorities have detected “Chinese network operations inside certain of our electricity grids”.
Despite knowing the risks, however, Martin believes that not enough is being done by western governments to address the threat, largely because the security of the power supply is seen as the responsibility of the private companies in charge of the grids.
“If you talk to government they say it’s not their problem because everything on the grid is private corporations and we can’t tell individual corporations how to behave so it’s up to them to make it secure,” Martin said.
“Certainly an outside entity could have a capability today to send many different malware messages into the grid at the same time in such a way that you could take down most of the grid, and may be all of the grid,” he said.
“That avalanche could be done deliberately, by hackers or by a country that is deliberately planning a cyber-attack for some reason on another country,” he said.
“The grid is full of huge transformers and pumps that are one off, which means that if you knock them out you can’t go and buy them off the shelf. If you picked out the things that could not be bought or not replicated quickly, and there a lot of those, then that would be damage that you couldn’t repair quickly.
“You have a large amount of company-to-company automation and all of that could be put out of operation. If it was put out of operation it could do immense financial damage, enormously greater than the 2008 crash,” he told The Independent.
The only real solution to the problem posed by a cyber attack is to develop a completely secure communications network that is not connected to the internet. However, Martin fears that this will only be done after a major crisis.
“If you set out very rigorously it would probably take about five years to make the grid really secure, but what might trigger that would be some kind of electronic 9/11, some kind of cyber attack that was equivalent to 9/11,” he said.