“Being unconquerable lies with yourself; being conquerable lies with your enemy.” (Sun Tzu in his timeless classic “The Art of War”) The power grid in Pakistan, like everywhere else in the world, is becoming increasingly vulnerable tocyber threats. Such threats will only grow in the future, both in frequency and intensity, as information and communications technologies (ICTs) are deployed at increasing rates in every part of the power grid. These threats demand a serious and urgent attention from our government, regulatory authorities, and power sector managers because the security and resiliency of thepower grid against malicious cyber attacks is ingrained in its basic designand cannot be overlaid on it after construction. A secure power grid is critical to modern society since electricity is a preferred energy carrier for its cleanness, ease of control, and ability to serve diverse human needs. It’s also inextricably linked with the other critical infrastructures of any country, notably transport, communications, water, healthcare, finance, and defense, and is essential to ensure their smooth and trouble-free functioning. For over a century, power grids have functioned quite effectively and with minimal trouble. Their occasional malfunctionshave largely been attributable to acts of nature or, like all engineering systems, due to technical faultswhich can only be termed few and far between. Power grids around the world are, however, undergoing a fundamental transformation lately. Availability of inexpensive and powerful sensors and control devices, mostly ICT-based, are weaving a host of actors and functions together into a complex web of central power stations, transmission and distribution (T&D) systems, distributed and renewable power generators, industrial control systems, electric vehicles, storage batteries, and smart homes which are interlinked electrically on one hand and via internet on the other. The glue that holds all these diverse interests and functions together and permits their gainful interaction is the intelligent and smart power grid. With the pervasive penetration of ICTs in virtually every part of the power grid, from primary fuel supply systemsto ultimate power delivery to end-users, an altogethernewset of threats has emerged—the risks of unauthorized access to these systems and potential abuse. Cyber threats render the power grid vulnerable to deliberate sabotage from various adversaries for a multitude of criminal and hostile objectives which can include hacking for ransom (what K-Electric faced a few months back), disruption and physical damage from terrorist outfits or restive political groups, or as a planned strategy by an enemy state to paralyze or disrupt social life, economy, and defense system of our country. Cyber threats to the power grid are not a mere apprehension; these are very real and imminent The ramifications of cyberthreats are numerous as well asserious, because all sectors of the economy rely on electricity. Exploiting weaknesses in any part has the potential to trigger a ‘cascading effect’ in the power grid that can seriously disrupt the functioning of the other sectors, quickly leading to a crisis of serious proportions. Cybersecurity of the power grid is, therefore, of the utmost importance. Cyber threats to the power grid are not a mere apprehension; these are very real and imminent. Just to cite three examples, a computer virus was launched into the IT networks of Saudi Aramco in 2012. Though it couldn’t stop oil production, it still managed to damage 30 to 35 thousandcomputers. In 2015, hackers managed to penetrate the computer system of a Ukrainian power utilityand cut off power to thousands of consumers. They attackedthis system again in 2016 and succeeded in disabling a substation and left customers in parts of Kiev without power for about an hour. In 2017, a Saudi petrochemical plant once againcame under cyber-attack in an attempt to manipulate an emergency shutdown system. The attack resulted in the plant’s shutdown only, but experts felt that it was potentto cause a serious damage. Power grid’s vulnerability to cyber-attacks exposesnot just this sector to risk, but jeopardizes the security of the whole country as well. It must be taken seriously by our leaders, regulatory authorities, security agencies, and power sector managers on top priority since it will require a highly-coordinated and responsive national cyber security framework, sophisticated toolkits, and a skillful and agile workforce to remain vigilant to detect cyber threats whenever and wherever these are identified, isolate them as quickly as possible, and neutralize or mitigate them. We willneed alegal and institutional framework to protect ourpower grid and associated facilities against the continuously evolving cyber security threats. As it would be impossible and,in fact,futile to plug all the holes and cover all the exposed surfaces which the cyber criminals can exploit to access these systems and facilities, the best we can do is to minimize such surfaces and entry pointsin the first place through a careful design of the power grid with cyber threats in mind and standardizing the information and operational technologies and algorithms that are used for communication and interaction among them. We will also need an effective cyber security setup at the national level that can keep a close and continuous vigil on the wide array of cyber threats to which our power grid and other critical infrastructures facilities may already be exposed to and will definitely face in the future. Many of the standards, operating procedures, and counter measuresto identify cyber threats and their effective management will be common among different infrastructures and not unique to the power grid. A centralized national cyber security assurance setup will be more effective, nimble, and efficient in dealing with such issues than developing and maintaining such schemes in silos or compartments. Cyber security of the power grid is sort of a “public good” whose cost may be borne by one entity but its benefits will not be restricted to that particular entity but will flow out to the whole system and the country. The already cash-starved power sector entities under perennial pressure to cut costs may not have the financial muscle or motivation to add any new costs into their budgets. The responsibility for securing the power grid against cyber threats, therefore, should not be left to power sector entities alone, but should be assumed by the government itself at the highest level. There is currently a serious dearth of data and knowledge bases, educational and training facilities, toolkits, and trained workforce in the countrythat are essential to effectively deal with a critical and evolving issue of cyber security assessment and management for critical infrastructures like the power grid. Institutional capacity building, development of the requisite skills and competences, and professional development opportunities for young engineering graduates, therefore,cannot be overemphasized. Our government will do a great strategic service to the country if it can help develop a national cyber security legal and regulatory framework and establish a focal institute with some seed funding to give it a kick-start. This institute should be entrusted with the responsibility of assessing the cyber security risks that our critical infrastructures, in particular the power grid, are currently exposed to and will face in the future and devise an effective strategy to ensure that these critical systems and facilities are made robust, secure, and resilient against all credible cyber security threats unleashed on them. The writer is a freelance consultant, specializing in sustainable energy and power system planning and development.