Explainer: Protecting New Jersey’s Power Grid Against Cyberattacks

Cyberterrorism could dwarf the damage done by extreme storms like Hurricane Sandy, shutting down the grid indefinitely

explainer button shadow
The state’s utilities have struggled mightily with extreme weather in recent years, storms that left hundreds of thousands without power, some for more than a week. In response, many are investing hundreds of millions of dollars or more to upgrade their power lines to make them more resilient.

Now, the state Board of Utilities is ordering them to take steps to address a new danger — cyberthreats to the electric grid that keeps America and New Jersey’s economy humming. Cyberthreats are eclipsing terrorism as a primary attacks facing the nation, according to the Federal Bureau of Investigation.

Why it is important: Without power, business and everything else grinds to a halt. Just take a look at the economic toll from power outages caused by severe weather. A Congressional Research Service study found that weather-related outages cost $25 billion to $70 billion annually. Prolonged power outages, as Hurricane Sandy painfully demonstrated, can disrupt communications and food and water supplies, and create fuel shortages.

What the government says: The U.S. Department of Homeland Security reported that attacks against utilities’ digital infrastructure doubled in 2014. A cyberattack in the Ukraine in December, triggered by unauthorized access to industrial control systems, left 225,000 people without power. These attacks can come from a variety of sources, including nations and terrorist organizations

What the state has done previously: In the wake of the September 11 terrorist attacks, the state ordered the utility industry to develop standard security practices. In 2011, the BPU directed utilities to report to its staff how it was using industrial control systems, computerized systems capable of gathering and processing data from utility facilities and customer information systems. Last year, Gov. Chris Christie issued an executive order establish a cybersecurity “cell’’ to coordinate sharing and analysis of critical information among government and the private sectors.

How the state aims to reduce risks posed by cyberattacks: The BPU last month issued a new order that requires utilities to establish cybersecurity programs that meet a host of minimum requirements. The utilities, including gas, electric, and water and wastewater companies or authorities, will maintain “situational awareness’’ of cyberthreats and vulnerability to critical systems that are identified and fixed on an ongoing basis. They also must report cyberincidents and suspicious activity to the board’s staff.

What the state says about the issue: “As cyberattacks against utility systems nationwide continue to increase in number and sophistication, addressing cybersecurity is a top priority to enhancing the security and reliability of utility service in New Jersey and across the nation,’’ said Richard Mroz, president of the BPU.