DAVID GREENE, HOST:
And 10 years ago this week, the lights went out across much of the Northeastern United States and also parts of Canada. It was the biggest blackout in American history, all triggered by a sagging power line in Ohio. We've been looking back at that outage and exploring whether it could happen again. Experts say the electric grid is more reliable now, but also more vulnerable. Falling trees is just one problem. Now engineers worry that a cyber-attack could bring an even bigger blackout, one that's harder to prepare for, as NPR's Tom Gjelten explains.
TOM GJELTEN, BYLINE: The last thing that took down a big part of the power grid was Superstorm Sandy. Power companies brace for challenges like that. They put crews on standby and line up outside companies to come in and help. But when power executives gathered in Washington last week to discuss the reliability of the electric grid, something else dominated the discussion: the danger of a big computer attack. Chris Peters is a vice president at Entergy.
CHRIS PETERS: We have to treat the cyber threat with the same respect that we give to forces of nature - hurricanes, floods, ice, storms.
GJELTEN: The cyber threat. This is a new concern in the power industry, this idea that the electric grid could be shut down by hackers. Here's what's changed, two things. First, more of the equipment that makes up the electric grid - from the generators to the transformers - is now operated by computers. Mess with the computer, and you can turn the lights off.
Of course a hacker would still need to get access to that computer. But there's the other change: many of the computers running those power operations are connected to the Internet.
MARK WEATHERFORD: Now we can remotely manage devices via the Internet. So instead of putting somebody in a truck and having them drive a hundred miles to a substation in the middle of the mountains somewhere, you remotely manage that.
GJELTEN: Mark Weatherford was, until recently, the cyber expert at the Department of Homeland Security. Now he's consulting at the Chertoff Group. He says power companies saw that connecting their operations to the Internet brought efficiencies, so they jumped at the chance.
WEATHERFORD: And then, really to no one's fault at the time - we didn't realize it - but didn't think a lot about the security and the insecurity of doing that.
GJELTEN: When a computer is connected to the Internet, a good hacker can generally a find a way in. This is the new disaster scenario for power companies. Michael Assante, one of the country's top experts on the cyber threat to the grid, says companies are trying to keep up, but the threat to their computer networks may be evolving too fast for them to deal with it.
MICHAEL ASSANTE: Computers are tricky because they just continue to become more complex, and their importance to how we operate the system continue to increase.
GJELTEN: The two thousand three blackout was not caused by a cyber attack but computers were already part of the system back then. And Assante says one reason the blackout spread was that many operators didn't understand their own computer connections.
ASSANTE: How do we teach power engineers and operators what they need to know about cyber and, in particular, about cyber security? And these are tough questions. If you go to engineering school, you're not taught about cyber security as part of becoming a power engineer.
GJELTEN: The concern now is that a really sophisticated cyber attack could cause a blackout bigger than anything we've ever seen. The U.S. Congress has considered various bills that would require power companies to beef up their protection against cyber attacks. So far, they've all been rejected, in part because the power industry opposed them.
Jim Fama is vice president for Energy Delivery at the Edison Electric Institute, which represents power companies.
JIM FAMA: Our companies are in the business of selling electricity. They are fully motivated to do what they need to do to protect their systems against cyber attack and other problems, et cetera. So we don't need to be penalized in order to be motivated to provide continuity of service. That's the business we're in.
GJELTEN: But computer hackers are becoming more sophisticated, and they see the power grid as a target. Redesigning the grid to make it less vulnerable to cyber attacks will be expensive. Some companies might be tempted to take the risk of an attack, figuring that it's still an unlikely event. That point came up at last week's conference on the electric grid, sponsored by the Bipartisan Policy Center.
Curt Hebert, the former chairman of the Federal Energy Regulatory Commission, raised this question: Will power companies on their own make the big investments to secure their systems against a big cyber attack?
CURT HEBERT: When it comes to cost cutting, this may be some of the areas, quite frankly, that get the knife.
GJELTEN: Consumers, after all, would eventually be stuck with the bill paying, through higher rates, to secure the power grid against a threat that we haven't actually experienced yet.
Tom Gjelten, NPR News, Washington.