As of late, headlines have been filled with updates about the death and suffering caused by the failure of the Texas power grid amidst an unprecedented cold snap for the region. But the events unfolding in The Lone Star State are only a symptom of a much bigger issue, America’s reliance on outdated and insecure infrastructure.
Many journalists have compiled fantastic deep dives into the events that lead to this disaster. From the poor management of ERCOT — the corporation managing power for 90% of Texas’ electrical load — to cost-cutting maneuvers employed by both private enterprise and state officials. So If you would like to read a proper summary I will link some below.
The problem is that all of these articles treat this as if it's a problem unique to Texas. The reality is the majority of the US power grid was built from 1950 to 1960 and designed with an average life expectancy of just 50 years. This wouldn’t be an issue if it were updated and maintained regularly as expected; However, politicians often subscribe to the “if it ain't broke don’t fix it” policy as a way to save money for projects that have more political sex-appeal. Power grid and other infrastructural improvements don’t rake in campaign donations as much as other projects which means they get stuck on the back burner. Because of this most of our electrical system has gone nearly 20 years over its life expectancy with minimal improvements if at all. Couple this with the rising power demands of our country and it's easy to see why a poorly maintained, heavily overloaded grid is ripe to fail.
You don’t have to take my word for it. The American Society of Civil Engineers has a Committee on American Infrastructure, which gives a “report card” to various sections of our nation's infrastructure. In 2017 — the latest year for which data is available — they gave our countries power grid a lowly D+. A grade which the ASCE assigns when “A large portion of the system exhibits significant deterioration” and “Condition and capacity are of serious concern with a strong risk of failure.” This issue extends beyond our power grid. Below is a chart showing every other infrastructure category with a mediocre rating or worse.
There is only a single category of infrastructure in America which the ASCE rated higher than a C+, which is Railroads at a mere B. Overall America scored a horrifying D+ average on its report card. A grade this low would earn a middle schooler a parent-teacher meeting, but for a country with over 328 million citizens and the highest GDP in the world, it is simply unacceptable.
Heavy reliance on an outdated grid poses a bigger risk than just failure. It’s not as though nothing had been updated in the last 70 years. The largest aspect of the power grid's evolution over time has been the transition to a “smart grid.” The one place energy companies and even the governments have allocated money is towards increasing the digital (A.K.A “smart”) control of energy flow through the grid. An easy example of this would be the “smart meter” on the side of your house that tracks how much electricity and gas you are using and reports back to the utility company. In order to make systems like these effective and more profitable, utility companies have increased the amount of broadband networked hardware present in the supply chain. The issue with adding systems like this as cheaply as possible in an industry that is historically terrible at implementing best practices is that they have woefully bad security.
Take for example this video of a team of professional security auditors, colloquially referred to as a “red team”, breaking into a U.S. power station at night and managing to gain access to critical infrastructure.
The footage above was taken during a sanctioned security audit, meaning the electrical company hired these licensed security professionals to attempt to break in so that they could assess the security of the site and recommend solutions to remediate any issues that they found. The problem was how little effort it takes teams like this to get into the systems they are auditing. Nationwide the cybersecurity of our electrical grid is simply not where it needs to be. Attacks need not be as dramatic as midnight break-ins while clad in military fatigues. In the real world cyber-attacks on the grid are likely to take place entirely through the network. In 2016, during a speech at the RSA convention, NSA Director Admiral Michael S. Rogers said that a foreign nation's attack on critical U.S. infrastructure is “a matter of when, not if”.
Cyber attacks on critical infrastructure by foreign powers as a means of control have happened in real life. On December 23rd, 2015 Russian state-sponsored hackers managed to compromise the security of three large energy distribution companies in Ukraine which led to blackouts for over 230,000 residents. This attack was a strategic move that took place as Russia continued its occupation of the Crimean peninsula in Ukraine. They gained access to the grid through a variety of methods including spear-phishing of employees that worked for the utility companies, the removal of files from servers and workstations at the power plant, and network access to SCADA systems that control the equipment responsible for generating and supplying energy to the grid. The U.S Government Accountability Office (GOA) published a congressional report in 2019 that found the U.S. electric grid “is becoming more vulnerable to cyberattacks”. The report also warns “there is increased risk that malicious actors may be able to exploit vulnerabilities in industrial control system devices before patches can be applied. According to DHS, the number of vulnerability advisories for industrial control systems devices has steadily increased, from 17 advisories in 2010 to 223 advisories in 2018”. This means that as time goes on, the number of potential ways hackers can access the grid is growing steadily.
With the events in Texas, we have seen just how bad the collapse of a power grid can. It is time for the U.S. to begin the process of better securing our infrastructure. If what you read in this article worries you, good. That is the natural reaction to seeing how at-risk this system is, but you can help. In order for companies to start taking this seriously and fixing the gaps, it is going to require government assistance and intervention. Call your Senators, tweet at your House Members, write to your Governors. Do whatever you can to let politicians know that you aren’t okay with them being asleep at the wheel when it comes to managing our dangerously insecure and outdated grid. What happened in Texas is a tragedy, so let's make sure it's the only one.
How to contact your elected officials: https://www.usa.gov/elected-officials
Find Your Representative: https://www.house.gov/representatives/find-your-representative