The NRC has issued a Report on vulnerability in the U.S. electric power delivery system. (A downloadable copy can be found here.) I have only skimmed the Report, but it covers vulnerabilities not only from cyber-operations, but also from physical degradation or attack, and from human error. From the press release:
The U.S. electric power delivery system is vulnerable to terrorist attacks that could cause much more damage to the system than natural disasters such as Hurricane Sandy, blacking out large regions of the country for weeks or months and costing many billions of dollars, says a newly released report by the National Research Council.
According to the report, the security of the U.S. electric power system is in urgent need of attention. The power grid is inherently vulnerable physically because it is spread across hundreds of miles, and many key facilities are unguarded. This vulnerability is exacerbated by a reorganizational shift in the mid-1990s, prompted by federal legislation to introduce competition in bulk power across the country, resulting in the transmission network being used in ways for which it was not designed. As a result, many parts of the bulk high-voltage system are heavily stressed, leaving it especially at risk to multiple failures following an attack. Important pieces of equipment are decades old and lack improved technology for sensing and control that could help limit outages and their consequences -- not only those caused by a terrorist attack but also in the event of natural disasters.
"Power system disruptions experienced to date in the United States, be they from natural disasters or malfunctions, have had immense economic impacts," said M. Granger Morgan, professor and head of the department of engineering and public policy at Carnegie Mellon University, Pittsburgh, and chair of the committee that wrote the report. "Considering that a systematically designed and executed terrorist attack could cause disruptions even more widespread and of longer duration, it is no stretch of the imagination to think that such attacks could produce damage costing hundreds of billions of dollars."
The report recommends ways to make the power delivery system less vulnerable to attacks, restore power faster after an attack or failure, and make critical social services less susceptible even if the delivery of conventional power is disrupted. The report stresses the importance of investment in power system research, and notes that the level of actual investment in this research is currently much smaller than it should be.