The United States Government Accountability Office (GAO) recently completed and published a study on electricity grid cybersecurity that concluded that the Department of Energy (DOE) needs to ensure its plans fully address risks to electricity distribution systems.

The GAO completed two prior studies of the generation and transmission functions of the electricity grid and found that they are increasingly vulnerable to cyber-attacks. The third function of the electricity grid is distribution, which was the subject matter of this study.

According to the study, the U.S. electricity grid distribution system, which comprise the conduits from electric companies to consumers, and which are regulated by states, “are increasingly at risk from cyber-attacks.” According to the study, “Distribution systems are growing more vulnerable, in part because their industrial control systems increasingly allow remote access and connect to business networks.” Therefore, they can be attacked through “multiple techniques” which can potentially disrupt operations.

The DOE has developed plans for the national cybersecurity strategy for the electricity grid. According to GAO’s study, the DOE’s plans “do not fully address risks to the grid’s distribution systems.” The GAO “recommends that DOE more fully address risks to the grid’s distribution systems from cyberattacks—including their potential impact—in its plans to implement the national cybersecurity strategy.” The DOE agreed with the recommendation and provided information on two research projects that are designed to improve the cybersecurity of distribution systems.

There are several diagrams of the risks to distribution systems in the study which are quite chilling.  The study can be accessed here.