Cybersecurity vulnerabilities can arise from weaknesses in personnel, processes, technology and the actual physical environment, says, the "Future of the Electric Grid" report by the Massachusetts Institute of Technology.
"Millions of new communicating electronic devices ... will introduce attack vectors -- paths that attackers can use to gain access to computer systems or other communicating equipment," the report authors wrote.
That increases the risk of "intentional and accidental communications disruptions" including "loss of control over grid devices, loss of communications between grid entities or control centers or blackouts," the report states.
Cybersecurity risks, the report says, could stem from errors or by tampering with data communication from control equipment and central offices. Those breaches of confidential data, it says, could provide information for terrorist activities, such as revealing which power lines are most vital for distribution of electricity; for physical security threats, by indicating which homes are vacant as well as data for identity thefts and corporate espionage.
While the Federal Energy Regulatory Commission and North American Electric Reliability Corp. handle cybersecurity standards development and compliance for the bulk power system, no single agency handles cybersecurity issues for the distribution system, the grid.
"The federal government should designate a single agency to have responsibility for working with industry and to have appropriate regulatory authority to enhance cybersecurity preparedness, response and recovery across the electric power sector, including bulk power and distribution systems," the report suggests.
"We would welcome a single authority," Patrick Miller, president and chief executive of the National Electric Sector Cybersecurity Organization, told TechNewsWorld, referring to the MIT report.
"We've seen a lot of confusion around who would have authority in the event of a cyberattack [on the power grid]."
It would take "a determined cybersecurity-aware review of the design and implementation of grid components and operational processes to reduce the likelihood of attack and the scope of potential impact," the report says.
A separate report from the Electric Power Research Institute this year estimates that a $3.7 billion investment is needed for grid cybersecurity.
On a positive note, the 268-page MIT study -- which also examines risks from weather, the impact of federal regulations, rising prices for fossil fuels and competition from sources of renewable energy -- says that with new policies, the nation's grid most likely could handle new energy sources such as solar and wind power as well as the expected influx of electric and hybrid cars.