Recently, a neighbor asked one of us whether Russia, China, North Korea and Iran really are capable of hacking into the computers that control the U.S. electricity grid. The answer, based on available evidence, is “Yes.” The follow-up question was, “How expensive will it be to prevent, and who will end up paying for it?”

The answers are: Likely tens of billions of dollars, and probably us, the electricity customers. This is a major — and, in our view, vital — investment in community and national security. But as scholars of grid cybersecurity, we understand it’s not very clear what consumers will be getting for their money, nor whether utility companies themselves should bear some share of the cost.

In the U.S., the electricity grid is an ubiquitous system that’s highly reliable. Most consumers expect the lights to turn on when they flip the switch, and don’t think much more about it — except when paying the monthly bill.

Electric power companies’ high levels of performance depend on interconnected computer systems, which are vulnerable to cyberattacks. Hackers took downportions of Ukraine’s electricity grid in 2015 and 2016, cutting power to hundreds of thousands of people. U.S. officials regularly report that foreign agents are working to infiltrate critical infrastructure systems, like computers that control the power grid. An as-yet-unspecified “cyber event” affected the power grid in California and Wyoming in March 2019, according to the U.S. Department of Energy.

Read more