- In just the past eight months,

federal authorities haveissued several public warnings

about foreign hackers penetrating

the United States power grid

and other critical infrastructure.

Cyber security experts say the intent

is to plant digitalgrenades in these systems

until they decide to pull the pin.

- Right now, we're trackingaround eight different teams

that specifically targetindustrial networks.

- [Erik] Robert Leespent five years working

at the National Security Agency

and Pentagon Cyber Command

before forming his owncompany, called Dragos.

Lee and his crew protectindustrial control systems

by acting like detectivesinvestigating a crime scene.

- They're leaving breadcrumbs the entire way through,

so they're giving us piecesto go and find those behaviors

until they get to that impact.

- [Erik] Working from awarehouse in Hanover, Maryland,

Dragos track foreignhacking groups in real time,

then hunt them down to prevent damage

to facilities that produceoil, gas, and other energy.

We've seen that these arenot theoretical attacks,

and my team was actually involved in

the two different Ukraineattacks that happened,

so the Ukraine 2015 and the Ukraine 2016.

A national-level adversarycompromised portions

of their power grids and did exactly that,

were able to turn off thelights in those regions.

- [Erik] Now, Lee says the cyber enemies

are going way beyondcontrolling just light switches.

- But now, we're starting tosee really aggressive behavior

on, well, I'm going to designa capability to kill people,

outside of conflict, outside of war,

to target civilian life.

- [Erik] And an attackon the United States

would create casualtieson a massive scale.

Research shows a cyberattack on the power grid

killing electricitywould potentially leave

millions of Americanswithout food, clean water,

access to money, healthcare, and more.

- Frankly, the UnitedStates is under attack,

under attack by entities thatare using cyber to penetrate

virtually every major action

that takes place in the United States.

- [Erik] The Directorof National Intelligence

recently told Congressthat cyber weapons exist

in the hands of not only countries,

but also terrorists and other activists.

- While Russia, China,Iran, and North Korea

pose the greatest cyber threats,

other nation states,terrorist organizations,

transnational criminal organizations,

and ever more technicallycapable groups and individuals

use cyber operations to achieve strategic

and maligned objectives.

- This isn't a sideshow.

You know, this is theway, the primary way,

our enemies would comeafter us in a future war,

cyber, physical sabotage,

and nuclear EMP attacking.

- [Erik] Doctor Peter Pry worked on

the U.S. Commission assessing the threat

of an electromagnetic EMP attack,

which would wipe out electrical systems.

As an example, he says acountry like North Korea

could target the UnitedStates by transporting

a nuclear weapon overthe south polar region,

then detonating it tocreate a high altitude EMP.

A congressional reportshows such an attack

could wipe out thepower grid indefinitely.

That could lead to the deaths

of up to 90% of allAmericans within a year,

so how much would it costto secure our power grid?

In 2008, an EMP commissionestimated it would cost

around two billion dollars,

but former CIA director James Woolsey says

today's amount to strengthen the grid

would likely be in the tens of billions.

But Doctor Pry says the D.C. bureaucracy

and political influenceprevent that from happening.

- The electric powerindustry doesn't wanna do it.

They have vast lobbyingresources on K street.

They own, basically,the U.S. Federal Energy

Regulatory Commission, you know,

which recently defiedSecretary of Energy Perry

in his effort to come upwith a more secure grid.

They actually defiedthe Secretary of Energy.

- [Erik] Another major issue:

while larger utilities havebeefed up cyber defense,

smaller regional companies often overlook

the need for such security.

- Anywhere between 80 and 90 percent

of the criticalinfrastructure in this country

is held in private hands,

and so, other than the regulators,

there's no real control over

doing the things that you need to do,

the basic blocking and tackling

of cyber hygiene and so forth.

- [Erik] Since ourcritical infrastructures

depend on each other, HomelandSecurity holds exercises,

like Cyber Storm Six.

It simulates various cyberattacks simultaneously

on a variety of facilities,

forcing federal, state, and local agencies

to work with private companiesto quickly find solutions.

- The ability to exercisehow we coordinate,

how we collaborate, howwe share information,

because that is just asimportant as we've seen

in every real life incidentas the actual technical means

of identifying who's doing it

and getting them off the computers.

- Bottom line, enemies big and small

wanna plant cyber sleeper weaponswithin our infrastructure,

so they can eventually use them

to destroy our way of life.

The challenge will beensuring a full team effort

between both the U.S. government

and private enterpriseto fully protect us.

Erik Rosales, CBN News, Washington.