Pacific Northwest National Laboratory scientists practiced for a potential disaster that few people likely worry about last week -- a cyber attack on the nation's electric grid.
But such an attack has the potential to spread quickly across the nation's grid, disrupting power supply and crippling the ability to provide the basic and emergency goods and services on which the nation relies.
Operators could lose control over the distribution of electricity or the attack could cause a prolonged blackout.
"A local problem could at light speed become a regional problem, a state problem, a whole western side of the nation problem," said Phil Craig, a senior cyber security research scientist at Pacific Northwest National Laboratory in Richland.
The drill, called GridEx II, was the largest that has been held in the nation, allowing about 200 agencies, including PNNL, to participate from their normal workplaces and practice defending against a cyber attack on the nation's electric grid.
The drill also will provide information to assess how prepared the nation is for a cyber attack on the grid and the ability of public and private agencies to work together in a crisis.
It was organized by the North American Electric Reliability Corp., which is under the oversight of the Federal Regulatory Commission, following an initial and much smaller drill in 2011.
PNNL not only used the drill to test its own capabilities, but also to collect data about communication among the agencies participating in the drill for an assessment on how well the players were able to identify cyber security issues and how well they collaborated to make sure the attack did not spread, Craig said.
Among the scenarios was a breach of a single substation, originally thought to be a copper theft. Instead, a computer hacker had infiltrated the property to insert a flash drive into the control system to upload malicious software.
As the nation moves to a "smart grid," one where there is two-way communication to efficiently integrate the supply and demand for electricity, the risk of a cyber attack grows. With two-way communication between the electric system and a large number of devices located outside of utilities, the number of potential access points for attackers increases, according to information provided to the House Energy and Power Subcommittee by FERC in May 2011.
An attacker who gains cyber access to grid communication channels could order metering devices to disconnect customers or could order electric generation sources to turn off, causing instability and outages, according to FERC.
While the results of the drill are still being analyzed, Craig said it did confirm the ability of law enforcement agencies, from the Federal Bureau of Investigation to local law enforcement, to participate in solving problems for power companies.
"Exercises like this help strengthen relationships, improve crisis response plans and increase the flow of critical information to the electricity sector," said Brian Harrell, associate director of Critical Infrastructure Programs at the North American Electric Reliability Corp., in a statement.
-- Annette Cary: 582-1533; firstname.lastname@example.org; Twitter: @HanfordNews