Security News > 2021 > March > Electricity Distribution Systems at Increasing Risk of Cyberattacks, GAO Warns
Following a performance audit conducted between September 2019 and March 2021, GAO has discovered that the electricity grid's distribution systems are increasingly vulnerable to cyber-attacks and that the potential impact of such attacks is not yet clear.
After conducting semistructured interviews with 38 key federal and nonfederal entities associated with the cyber-security of grid distribution systems and reviewing reports from both DOE and the Department of Homeland Security and other relevant documentation, GAO has concluded that, in its plans to implement the national cyber-security strategy, DOE needs to fully address cyber-risks to the grid's distribution systems.
"The grid's distribution systems face significant cyber-security risks-that is, threats, vulnerabilities, and impacts-and are increasingly vulnerable to cyber-attacks. Threat actors are growing more adept at exploiting these vulnerabilities to execute cyber-attacks. However, the scale of the potential impacts of such cyber-attacks on the grid's distribution systems is unclear," GAO says.
The growing exposure to cyber-risks, GAO points out, is the result of an increased use of monitoring and control technologies within distribution systems, such as remote control capabilities in industrial control systems, global positioning systems for grid operations, and the connecting of networked consumer devices and distributed energy resources to distribution systems networks.
Vulnerabilities related to the increased use of technology advancements are "Compounded for distribution systems because the sheer size and dispersed nature of the systems present a large attack surface," the report reads.
"Unless DOE more fully addresses risks to the grid's distribution systems from cyberattacks, including their potential impacts, in its plans to implement the national cybersecurity strategy for the grid, the [] documents will likely be of limited use in prioritizing federal support to help states and industry improve grid distribution systems' cybersecurity," GAO says.