Automation and remote monitoring has helped the high voltage electric transmission industry grow, but it also has become an area of vulnerability.

"Fully protecting the system from a coordinated attack is not possible," states a report from a working group led by the North American Electric Reliability Corporation and the Department of Energy that analyzes the high-impact, low-frequency risks to the North American bulk power system.

Currently, about 85 percent of all system relays are now digital. Electricity operations have a high occurrence of connections to IP networks and the Internet--which can present opportunities for international terrorists and domestic extremists, such as environmental groups, to cause disruption.

Still, steps can be taken to ramp up protection, the report states. "Enhanced 'defender actions' should be developed giving system operators more tools to combat an attack and isolate and maintain core functions were other auxiliary functions compromised," suggest the analysts.

Fortunately, the redundant design of the power system makes it inherently resilient against many threats in the low- and intermediate-attack range. "A highly-coordinated and structured cyber, physical or blended attack on the bulk power system, however, could result in long-term (irreparable) damage to key system components in multiple simultaneous or near-simultaneous strikes," the report says. 

A new consideration within the cyber sphere is that a single exploitation can often be felt across an entire class of assets at once. If key assets are attacked simultaneously, restoration can be difficult. Risk-based planning across private and government, particularly military, sectors should be arranged, as a failure in one node could indicate similar failures in another node, the report reccomends.

Advanced persistent threats are becoming a significant concern. With such threats, attackers install multiple backdoors into a cyber network, that is being infiltrated under the radar despite antivirus protection, then programs are installed to siphon data from the network to external servers.

Fore more:
- here's the NERC report (.pdf)

Related Articles:
U.S. electrical grid probed but not yet attacked, says paper
NIST: Continuous monitoring can lead to false sense of security
GSA refreshes cloud computing RFQ with focus on security
DHS probes power grid threat