WASHINGTON (Reuters) - Downplaying warnings about the potential for hackers to sabotage U.S. power plants at the click of a mouse, the head of the North American electricity standards group said on Monday he is more concerned about physical rather than cyber threats.
“It takes a small number of crews with explosives and you’ve created not only an outage over an area or a city, but smoke and fire and flash-type stuff,” Gerry Cauley, chief executive of the North American Electric Reliability Corp (NERC), told the Reuters Cybersecurity Summit.
“It’s much more complicated, it’s much more technically difficult” to destroy equipment virtually, he said.
NERC is a non-profit agency whose mission is to oversee and ensure the reliability of the bulk power system in the United States, Canada and parts of Mexico. It brings together members of the industry, including municipalities, utilities, power producers and transmission operators.
The U.S. public became more aware of cyber threats against critical infrastructure after President Barack Obama said at the State of the Union address in February that enemies are “seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems.”
Cauley said that while hackers have used computer viruses to spy on electric plants and steal documents, NERC members have yet to find malicious software in their networks that is capable of causing physical damage to a plant.
“You hear a lot of that in this city (Washington), to be frank, that we’re the bullseye,” he told the summit held at Reuters’ Washington offices. “But I don’t think we’re the bullseye yet.”
Cauley, a lead investigator of the wide-ranging U.S. Northeast blackout in 2003, pointed to an incident in San Jose, California, on April 16 as an example of physical threats.
In that case, an unknown person or persons fired a high-powered rifle at electric transformers owned by PG&E Corp’s (PCG.N) Pacific Gas and Electric utility, prompting requests for residents to conserve power. Vandals also cut nearby underground fiber optic cables, disrupting telephone service, in an apparently related incident.
“We don’t do ourselves a favor if we only concentrate on cyber. Physical security is a concern for us as well,” Cauley said.
About 20 percent of NERC’s budget goes to security, of which 80 percent is spent on cyber, he said. But he called the attempts to virtually hack into the power systems “not that overwhelming.”
“Anyone who is smart enough to do those kinds of things has better things to do than shut the lights out,” Cauley said.
(Follow Reuters Summits on Twitter @Reuters_Summits)
Editing by Ros Krasny and Philip Barbara