U.S. Power Grid: Ripe for Cyber-Attacks -- The Disruptors

NEW YORK (TheStreet) -- Power cut to businesses and hospitals. The inability to heat homes in winter or cool them in summer. Debilitating blackouts. Signs of Armageddon? Maybe. But they're also the potential results of a incapacitating cyber-attack on the nation's power grids, an act that experts say could happen at any time.

"The U.S. government and the American people should be more concerned about this," Rep. Jim Langevin (D., R.I), co-chair of the congressional cyber-security caucus, told TheStreet. "I don't feel that the electric grid is nearly as secure as it needs to be."

Despite new attempts to deliver cyber-security standards for power plants, legislators and security experts are warning of gaping holes that exist for hackers to exploit, further fueling concerns that critical U.S. infrastructures are at risk.

Langevin explained that a successful assault on the electric grid would dwarf recent attacks on corporations like Sony(SNE), Lockheed Martin(LM) and Sega, which resulted in compromised customer data, among other things.

Langevin says the the nightmare scenario resulting from parts of the grid knocked out could be devastating and wide-reaching. "It would affect the economy, and potentially, even cause loss of life," he said. "Imagine, god forbid, that part of the country was without power in the middle of winter."

"There's absolutely nothing theoretical about the power grid being vulnerable," added Joe Weiss, managing director of consultancy Applied Control Solutions. "This is not hypothetical -- it's very real."

Rather than one single power system, a spiderweb of multiple networks comprises the U.S. electrical grid, which encompasses somewhere around 500 different companies. That's about 5,700 power plants generating at least 1 megawatt, according to the U.S. Energy Information Administration, with some plants using more than one generator.

Experts are concerned that the computer systems used to control plants across this sprawling network are prime targets for a sophisticated cyber-attack. A few years ago, the Department of Homeland Security replicated this type of attack, remotely accessing and destroying a generator. Specific details of the so-called Aurora test are hard to come by, but it allegedly involved a substation computer system, which was used to repeatedly connect and disconnect a generator to the grid. The test eventually wrecked the generator.

Another infecting type of attack to worry about is a worm, or self-replicating malware. Weiss points to Stuxnet, a Microsoft(MSFT) Windows worm that last year targeted industrial software and equipment, most notably within Iran's nuclear program.

"Stuxnet was a very sophisticated, targeted attack," said Weiss, adding that his concern is now for what he calls the "son of Stuxnet." A massively complex set of code, Stuxnet has been touted as the first malware to attack industrial hardware, exploiting vulnerabilities in Windows. According to security specialist Symantec(SYMC), the attack then modified code on control system technology from Siemens, leading to the destruction of centrifuges -- equipment that spins objects around a fixed axis -- used in Iran's nuclear program.