Experts in computers have long aired their concerns about the vulnerability of key infrastructure and utilities to cyber attacks. In dramatic fashion, researchers demonstrated just how accurate these warnings are.

They set up an experimental cyber attack on a Department of Energy facility in Idaho, and successfully caused a generator in the DOE plant to self-destruct.

A similar attack strategy could be utilized against the giant generators used to produce electric power in the U.S.

The experiment vividly showed what could happen if similar attacks were launched on a wider scale. Federal government officials and executives in the electrical industry feared that coordinated attacks on a large scale could result in extensive damage to electrical facilities that could take several months to restore.

The Department of Homeland Security acknowledged that the hacking experiment involved getting into the control system of a power plant. Since the experiment (it was done in March, but details surfaced only recently), the DHS officials have cooperated with electric industry people to devise procedures to thwart any similar attacks.

The officials said they have made software and hardware alterations to strengthen the safeguards around generating equipment. Nuclear power plants have also been directed to make the changes, under the supervision of the Nuclear Regulatory Commission.

The control systems are also vulnerable from another angle. A large number of these systems are produced overseas, and some are being operated there. The schematics of these control systems are therefore known to persons in the manufacturing plants abroad, including the basic passwords for the software programs.

The nonprofit group Professionals for Cyber Defense said that a determined organization (whether a terrorist group with transnational connections or adversarial nation states) could stage a strategic cyber attack on U.S. facilities for a small budget of $5 million and at most a 5-year period for preparation.

The government and electric industry official estimated that simultaneous cyber-attacks carried out on key power generating facilities could extinguish power over huge geographic areas for many months. The economic cost would be tremendous. An economist projected that if one-third of the U.S. had no power for three months, the national economy would suffer by at least $700 billion.

In 2002, a former CIA Director and other computer experts sent a letter to President Bush. In it they urged the president to undertake a massive program to put up cyber-defenses on key strategic infrastructure. The letter urged fast and resolute action.

Five years have passed but no such program exists. In the coming fiscal year, the DHS budget provides only $12 million for securing power plant control systems.

The DHS insists it is not that easy to stage cyber-attacks on power plants. Hopefully, they are right.