A theoretical paper by a Chinese graduate student and professor about the vulnerability of electric power systems like those in the United States to cascading failure has drawn attention in the U.S. press and prompted testimony to U.S. Congress. The paper, "Cascade-Based Attack Vulnerability on the U.S. Power Grid," compares "the effects of two different attacks for the network robustness against cascading failures, i.e., removal by either the descending or ascending orders of the loads." It concludes counterintuitively that that "the attack on the nodes with the lowest loads is more harmful than the attack on the ones with the highest loads."
The Chinese authors have said that their work is a theoretical exercise that just happens to model a U.S. electrical subsystem because good data is available for such a system. But because the word "attack" appears in the headline--and no doubt because there is a high level of paranoia in the United States about the country's economic and even military vulnerability to China--the article has been interpreted in some quarters as evidence the People's Republic is actually positioning itself to mount an assault on the U.S. power system.
Concerns about the fragility of the U.S. electrical grids are nothing new, and with the advent of more complex smart grids, there are well-founded worries that power system vulnerability could become greater, at least in the short run. "Although researchers have spent considerable time on smart-grid cybersecurity issues, major problems remain unsolved," a recent article in the IEEE Security & Privacy magazine reported. In a study issued last fall by the U.S. Department of Energy and the National Institute of Standards and Technology, the mounds of additional data generated in smart grids were deemed immensely helpful to grid operators and stakeholders--but also to people who could use it with ill will, as Earth2Tech's Katie Fehrenbacher put it.
To the extent grids are vulnerable to cyber intrusion, they would seem to be as vulnerable to malicious foreign attackers as to home-grown vandals. But is there realistic reason to fear such foreign attacks, and specifically a Chinese one?
As is well known, China is by far the biggest holder of U.S. national debt, and its economy is critically dependent on exports to the United States. At last tally, it owned $740 billion in U.S. Treasury securities, and it was exporting $24.7 billion in goods to the United States each month, running a positive trade balance of more than $20 billion--roughly $250 billion per year.
Under the circumstances, it's hard to imagine how it would be in China's interest to sorely disrupt the U.S. economy. The only scenario in which economic warfare would make sense would be one of all-out military warfare, say over Taiwan. But if the two countries were at war, disruption of the U.S. power grid would be the least of America's problems.
Russia, however, may be another matter. Criminal hacking is big business there and has global scope. Several years ago, when a local dispute in Estonia pitted ethnic Russians against Estonian nationals, seriously disruptive cyber attacks were mounted against the small Baltic country from sources in Russia. The culprits may have been members of the Russian intelligence services, ultra-nationalists, or just malicious hackers--and it's not reassuring that the outside world has no sure way of knowing which.
Suppose there were a military confrontation between Russia and Europe over the sovereignty of Ukraine, and suppose Russia wished to discourage the United States from coming to Europe's help. Might a cyber attack on the U.S. grid seem a tempting way of sending a shot across the U.S. bow?