Infiltrating Power Grid Would Be Difficult; Here's Why
RACHEL MARTIN, HOST:
We are learning more about why the Trump administration has sanctioned 19 Russians and five other entities. Yes, in large part, it was about the interference in the U.S. election in 2016. But it's also payback for a series of Russian cyberattacks on U.S. infrastructure, like power plants and water systems. A report from the Department of Homeland Security released yesterday said Russia could have sabotaged America's power plants if they wanted to. So far that hasn't happened though.
Philip Bump is a reporter with The Washington Post. His reporting finds that hacking into America's national power grid is practically impossible. He joins us now. Philip, thanks for being here.
PHILIP BUMP: Of course.
MARTIN: First off, if you could, explain what exactly the Russians are accused of doing in these cyberattacks.
BUMP: So essentially, beginning at least in March of 2016, the United States government believes that Russian hackers or able to infiltrate control systems at infrastructural facilities, like power plants, like water systems, that essentially meant they were able to find their way into the actual internal mechanisms that allow these facilities to turn on and off - generation systems to turn on and off the way that water flows - things along those lines - which, of course, by itself is precisely what you don't want hackers to be able to do.
MARTIN: But they didn't actually do it. They have access to the on and off switches. They just didn't pull them.
BUMP: According to what the Homeland Security Department released yesterday, yes, at least one facility gained access to a control mechanism. But there's no indication that they actually used those controls to affect operations.
MARTIN: But your reporting shows that it would actually be pretty tough to turn the lights off on America - that flipping off the switch to the national power grid would be almost impossible. Why?
BUMP: That's exactly right. And I think it's important for people to - people sort of hear that the Russians have access to the power system and worry about the scale of this thing. And really what we're focused on here is scale. The national electric grid is essentially three separate grids. There's everything east of the Rockies. There's everything west of the Rockies - and then Texas because Texas is Texas. And that means that, at the most, what you'd be able to affect is probably one of those three areas.
MARTIN: Although that's a lot.
BUMP: Although, of course, of course - you know, that leads me to my next caveat, which is that within those systems - within each of those three areas, there are thousands of independent operators which control, you know, different power companies, right? These are different power companies that aren't themselves connected to one another. And that makes it very hard - if a hacker gains access to, say, Con Edison in the Northeast, there's a limited range of effects that they can have. Obviously, it would still be damaging and problematic. But it's not as though the entire country is suddenly going to go black.
MARTIN: It's interesting because we think of our lives as being so connected and everything as being so connected. What you're saying is our national power grid isn't as connected as you think it is, and that's a good thing.
BUMP: And not only that, but bear in mind that the power grid is built to be very resilient. One of the experts I spoke with yesterday pointed out that, you know, constantly there are - squirrel - I mean, if you do a search for power outage and squirrel on Google, it's amazing how many results you get. The power grid is built to be resilient. It's built to deal with outages. These are just...
MARTIN: Squirrels and even Russian hackers - two very different threats but nonetheless.
MARTIN: In seconds remaining, what do you know about U.S. efforts to combat this threat?
BUMP: So essentially the Department of Homeland Security released an alert in conjunction with the FBI yesterday - essentially to give people fingerprints to look for within their systems. They asked for private partners to help by saying what they're seeing, to share information - to share information about how hackers have accessed their systems. So this was really an effort by them to let people know, hey, here is what to look for as a way of keeping Russians out in the future.
MARTIN: Philip Bump - he's a reporter with The Washington Post. Thanks so much for sharing your reporting on this. We really appreciate it.
BUMP: Thank you. Transcript provided by NPR, Copyright NPR.