There’s been a lot in the news recently about the vulnerability of the electric power grid in the United States. Last month’s incident in which a severed transmission line in Maryland cut power to much of Washington came on the heels of a March USA Today report about “bracing for a big power grid attack.” That report spotlighted a coordinated attack in April 2013 on Pacific Gas & Electric's Metcalf substation in California, which resulted in $15 million in damage to its fiber-optic lines and transformers.
“The country’s aging power grid leaves millions vulnerable and could have devastating consequences for not only everyday Americans, but some of the nation’s largest enterprises,” said Robert DiLossi, director of crisis management at Sungard Availability Services, a cloud computing, disaster recovery, and managed hosting services provider in Wayne, Pa. In a recent email interview, DiLossi shared some enlightening tips for CIOs and other IT leaders on how to prepare for an attack on the power grid.
“Increasingly, chief information officers and security leaders at enterprises are turning to resiliency plans to mitigate the impact of any attempt or success at hacking into their IT systems,” DiLossi said. “They are considering or employing several defenses in the event an attack strikes the nation’s power grid.”
DiLossi said these defenses include recovery testing, which involves assessing current business continuity plans and adjusting them where needed. He noted that Sungard, for example, employs a 12-week cycle in assisting customers with disaster-recovery planning. He noted that the customer’s employees who would actually be involved in a disaster take part in the testing, so as to create a realistic experience. DiLossi said the program determines how often testing should occur, which is preferably twice a year.
Another defense, DiLossi said, is crisis planning, which includes helping customers plan and prepare for a disaster by monitoring weather across the country and obtaining and grasping cybersecurity intelligence gleaned by a number of private and government agencies. In this context, DiLossi suggested that companies:
DiLossi suggested that CIOs consider what companies learned in April 2003, when a power blackout in the Cleveland area spread to become the biggest in U.S. history. He said the lessons they learned can apply to preparing for an attack on the power grid:
A contributing writer on IT management and career topics with IT Business Edge since 2009, Don Tennant began his technology journalism career in 1990 in Hong Kong, where he served as editor of the Hong Kong edition of Computerworld. After returning to the U.S. in 2000, he became Editor in Chief of the U.S. edition of Computerworld, and later assumed the editorial directorship of Computerworld and InfoWorld. Don was presented with the 2007 Timothy White Award for Editorial Integrity by American Business Media, and he is a recipient of the Jesse H. Neal National Business Journalism Award for editorial excellence in news coverage. Follow him on Twitter @dontennant.