• Attacks upon the power system. In this case, the electricity infrastructure itself is the primary target—with outages rippling into the customer base. The point of attack could be a single component—a critical substation or a transmission tower. Or there could be a simultaneous, multipronged attack intended to bring down an entire regional grid. Similarly, the attack could target electricity markets, highly vulnerable because of their transitional status.
• Attacks by the power system. Here, the ultimate target is the population, using parts of the electricity infrastructure as a weapon. Terrorists could use power plant cooling towers, for example, to disperse chemical or biological agents.
• Attacks through the power system. The target is the civil infrastructure in this case. Utility networks include multiple conduits for attack, including lines, pipes, underground cables, tunnels, and sewers. For example, terrorists could couple an electromagnetic pulse through the grid to damage computer or telecommunications infrastructure.
• Centralization and decentralization of control. For several years, there has been a trend toward centralizing control of electric power systems. The emergence of regional transmission organizations, for example, promises greatly increased efficiency and improved customer service. But if terrorists can exploit the weaknesses of centralized control, security would seem to demand that smaller, local systems become the system configuration of choice. In fact, strength and resilience in the face of attack will increasingly rely upon the ability to bridge simultaneous top-down and bottom-up decision-making in real time.
• Increasing complexity. The North American electric power system might be the most complex machine ever built. System integration helps move power more efficiently over long distances and provides redundancy to ensure reliable service, but it also makes the system more complex and harder to operate. In response, we need new mathematical approaches to simplify the operation of complex power systems and make them more robust in the face of natural or manmade interruptions.
• Dependence on Internet communications. Today's power systems could not operate without tightly knit communications capability—ranging from high-speed data transfer among control centers to interpretation of intermittent signals from remote sensors. Because of the vulnerability of Internet communications, however, protecting the electricity supply system will require new technology to enhance the security of power system command, control, and communications, including both hardware and software.
• Assessing the most effective security investments. . Although hardening of some key components, such as power plants and critical substations, is certainly desirable, providing comprehensive physical protection to all components is simply not feasible or economic. Probabilistic assessments can offer strategic guidance on where and how to deploy security resources to greatest advantage.