Unless you think trees are secretly waging war on humans, the great Northeastern blackout of Aug. 14, 2003, wasn’t caused by an attack. When a transmission line in northern Ohio began to sag because of the intense summer heat, it tangled with the branches of a nearby tree, causing the wire to trip offline. One thing led to another in a perfect storm of equipment and human failure, and in barely four hours, more than 50 million people in the northeastern U.S. and Canada had lost power, including New York City. Power wasn’t fully restored for days, and the blackout, the biggest in North American history, would cost some $10 billion.
That accident showed the U.S. grid for what it was: an antiquated piece of 20th century technology struggling to power the 21st century. Most utilities didn’t know their customers had lost power until they picked up the phone and heard from irate customers. Regulations on utility reliability amounted to little more than industry peer pressure. The grid, in a word, was dumb.
That’s changed in the nearly 14 years since the big blackout as the smart technology we were already using in computers and phones has migrated to the machines that power the grid. Thanks in part to billions of dollars in federal funding from the 2009 stimulus package, utilities have significantly upgraded the intelligence of the grid, making it smarter, more efficient and more responsive to threats and disruptions. About one-third of American consumers are now connected to power with smart meters that can send data back to control systems, enabling utilities to do things remotely–including connecting and disconnecting power–that used to require sending a worker out in a truck.
Deepening these investments is important. Smart infrastructure has already made a difference in the face of the weather-related disruptions that are still the biggest threat to grid reliability. During Superstorm Sandy in 2012, for example, smart meters let the Pennsylvania utility PECO reduce its restoration time by two to three days. And as more energy comes from cleaner but intermittent renewable sources, like solar, a smarter grid will be needed to handle a more unpredictable power supply.
The smart grid’s very intelligence makes it vulnerable to a new kind of attack, one that has the potential to be far more destructive than even the worst hurricane–and that’s the challenge to address in the next round of investment. Cyberattacks on the power grid have become increasingly common–one estimate found that the grid comes under physical or cyberattack once every four days on average–and utility officials fear that a more connected grid is one that can be more easily hacked.
“A smarter grid will help prevent blackouts,” Eric Spiegel, CEO of Siemens USA, a major developer of grid components, said at a 2016 utility conference. “But reliance on software and the Internet of things means it gives more points of entry for people who want to harm us.”
Just how harmful became clear on Dec. 23, 2015, when cyberattackers struck power centers in Ukraine and, with a few clicks, shut down dozens of substations, eventually cutting off electricity to some 230,000 residents in the dead of an East European winter. Power was restored after a few hours, but 2016 saw another hack, this one caused by malware sent to utility workers via email. Both attacks were blamed on Russia, which has been in conflict with Ukraine since 2014.
Analysts warn that a Ukraine-style cyberattack would have been even worse in the U.S., because American utilities often lack the kind of manual backups that Ukrainian operators relied on after they were locked out of their computer systems. In the second installment of its Quadrennial Energy Review, released in January, the U.S. Energy Department warned that the electricity system “faces imminent danger” from cyberattacks.
How devastating could an effective, coordinated cyberattack against the U.S. grid be? Very. Outages from extreme weather can usually be resolved in hours or days. A report by the National Academy of Sciences considered an intelligent, multisite hack by experienced attackers that targeted key components like power transformers. The conclusion: expect widespread, long-term power outages that could take several weeks to recover from, causing enormous economic damage. In their own report, the University of Cambridge Centre for Risk Studies and the insurer Lloyd’s of London concluded that an attack from an organized group of hackers to knock off power across major cities like New York and Washington could cost from $243 billion to $1 trillion.
There’s no going back to a dumb grid, not when the U.S. needs to improve energy efficiency and smooth the adoption of renewable power. But utilities must consider how the complexity they’re introducing into the grid can be used against them. The smart grid “works well for reliability but will not stop skilled, adaptive adversaries,” write energy experts Michael Assante, Tim Roxey and Andy Bochman in a paper titled “The Case for Simplicity in Energy Infrastructure.”
It turns out that the best way for utilities to protect against the threats of the future is by looking to the past. That means contingency plans for the manual operation of grid equipment, like the 1960s-era gear that saved the Ukrainians. “You want to have smart infrastructure, but you want to have backup planning for a day when you need manual operating capacity,” says Scott Aaronson, executive director of security and business continuity at the Edison Electric Institute, a utility trade group. That would give utilities what Aaronson calls an “all-hazards approach” to grid security, providing a reliable backup plan whatever the cause of a blackout.
Recognizing the grid as a vital part of national security may require amending the Federal Power Act to give the Energy Department greater authority to prepare utilities for an attack–and respond to one after it happens. But cyberwarfare almost always favors offense over defense–and the grid is no different than other battlefields. Rogue hackers, however, make for a much more challenging adversary than a rogue tree.
This appears in the April 10, 2017 issue of TIME.