Blackout '03: An Invitation To Terrorists?

In those first few moments when the power went down, who didn't wonder: Is this the work of terrorists? Within an hour, New York City Mayor Michael Bloomberg assured us it was not. Yet we are left with a nagging worry: Even if this was an accident, could terrorists pull off something similar?

Certainly, terrorists might be tantalized by the massive social and economic disruption the blackout caused. The episode brought chaos to 50 million people in eight states and Canada and showed just how vulnerable the tightly knit network of generators and transmission lines is. In the wake of a similar wholesale crash of the system that sent the Northeast into darkness 38 years ago, the powers that be said they had enacted safeguards to ensure that such an epic loss wouldn't happen again. The experts assumed that if something went wrong, the culprit would be an act of nature, an equipment failure or a human error--any of which they could contain. But it is now obvious that a single failure can still ripple through the complex interconnections and delicate balance of supply and demand that govern the nation's electric supply--with disastrous results.

Is the system vulnerable to terrorist threat? Not wanting to find out the hard way, power-industry executives have beefed up security since 9/11. But while key facilities are probably better protected, they are hardly foolproof. Attackers could break into a remote generating station and seize control, or cut through a fence to plant a time bomb during the night. "The bottom line is, it's pretty vulnerable," says a Senate energy expert. "There are key nodes out there that, if attacked, can knock out a pretty large section of the country."

That said, it isn't likely to happen. Bruce Hoffman, a Rand Corp. terrorism analyst, says that setting off a systemwide collapse with a physical attack that cuts through all the backup systems and redundancies would be technically difficult. The terrorists would need an uncommonly detailed knowledge of U.S. facilities and sophisticated engineering expertise. "Utilities are vulnerable," says Gary Seifert of the Idaho National Engineering and Environmental Laboratory, "but not to systemwide outages, without a lot of skill."

The bigger risk is a digital attack. Richard Clarke, former cyberspace security czar in the Bush Administration, thinks an attack on the electricity-generating system is more likely to come from computer hackers than bombers. "The power grid is controlled by software, so the question is, Is there a way you can get into the control system?" Clarke asks. "And, yeah, there is."

A skilled hacker could disable a network of several plants without ever entering a facility by seizing digital controls at the point where computers meet the infrastructure they run. The weak links are the devices called supervisory-control and data-acquisition systems, which monitor power flows. Much of the information terrorists would need to hack into them is available on the Internet. And since energy deregulation, many companies have adopted common platforms for their computer systems. The control systems often lack rudimentary security, leaving technical specifications and flaws on view to potential attackers.