AN APRIL 2009 Wall Street Journal story said Chinese and Russian cyberspies penetrated the U.S. electric grid and left behind software programs that could disrupt its operations. As reported in the Journal of Energy Security two months later, security firm IOActive told the Department of Homeland Security that a hacker with a $500 piece of equipment could take over a smart grid’s two-way communications system, disrupt service to homes and businesses and, potentially, cause a blackout. IOActive said it had “created a computer worm that could quickly spread among smart grid devices, many of which use wireless technology to communicate.”
The energy act of 2005 gave the Federal Energy Regulatory Commission oversight for the electric system’s security. In 2006, FERC made the North American Electric Reliability Corp. responsible for developing and enforcing security standards. In 2008, NERC issued the Critical Infrastructure Protection standards.