THE BLOG

You Won't Believe How Off-Target Grid Security Really Is

06/10/2014 10:40 am ET | Updated Aug 10, 2014

The British government wants to put cybercriminals who target the nation's energy sector behind bars for life. Many of the worst power outages in history, however, had more to do with system failures than anything else. So is the British model the new normal or just window dressing for more prosaic problems?

Queen Elizabeth II outlined the stiff sentencing guidelines last week in her annual address to parliament. Computer criminals who target national infrastructure like telephone networks or the electricity grid would get life in prison, if convicted.

The British Home Office, the ministry in charge of national security, said a widespread power outage caused by a potential cyber attack could spark "severe social disruption." Though less of a threat than a chemical or nuclear attack, the British government ranks cyber attacks on the nation's energy grid alongside international terrorism in terms of threat severity.

The Stuxnet computer virus reportedly ruined about 20 percent of Iran's nuclear centrifuges when it struck in 2010. When the virus emerged, computer security company Trend Microsystems warned that Stuxnet variants could exploit vulnerabilities in computers running Windows software and possibly take down a nation's power plants.

"Critical infrastructures such as a SCADA network [electrical grids and factory software] will become another serious potential target for cybercriminals," the company said in a 2010 threat assessment.

The threat has yet to surface, however. According to a review from the Union of Concerned Scientists, the July 2012 blackout in India, the largest in world history, was the only blackout among the world's 10 biggest to be sparked by a power failure. Floods, storms and fires were behind the worst blackouts in history. A cascading series of failures in August 2003, from trees interfering with power lines to inadequate coordination among operators, left 50 million people across eight U.S. states and parts of Ontario without power for nearly a week.

Last year, U.S. President Barack Obama said cybercriminals that could target critical infrastructure like the electric grid are among the "gravest security dangers" in the digital age. Computer crime, in general, costs the global economy as much as $575 billion each year. The damage, analysts at the Center for Strategic and International Studies say, may become worse as more and more systems rely on computer networks.

The proposed British punishment for cybercrime is on par with sentences for people convicted of terrorism. And the British government is not alone in going after computer criminals. In May, the FBI announced the arrest of more than 100 people tied to something called the "Blackshades Remote Access Trojan," dubbed RAT. For just $40, the U.S. Justice Department said, a would-be criminal can unleash a "computer plague" with the click of a mouse-using RAT.

But are legal policing and life sentences the right response to a crime that's not only becoming easier to commit but also whose perpetrators are moving deeper underground?

More than 1 million people lost power in Britain over the Christmas holiday last year because of severe weather. The "severe social disruption" the British Home Office is worried about there was caused by an act of God rather than an act of sabotage. Working to prevent the former may be more advantageous than targeting the latter.

By Daniel J. Graeber of Oilprice.com

Daniel Graeber is a senior journalist at the energy news site Oilprice.com.