Adam Crain assumed that tapping into the computer networks used by power companies to keep electricity zipping through transmission lines would be nearly impossible in these days of heightened vigilance over cybersecurity. When he discovered how wrong he was, his work sent Homeland Security Department officials into a scramble. Crain, the owner of a small tech firm in Raleigh, N.C., along with a research partner, found penetrating transmission systems used by dozens of utilities to be startlingly easy. After they shared their discovery with beleaguered utility security officials, the Homeland Security Department began sending alerts to power grid operators, advising them to upgrade their software. The alerts haven’t stopped because Crain keeps finding new security holes he can exploit. “There are a lot of people going through various stages of denial” about how easily terrorists could disrupt the power grid, he said. “If I could write a tool that does this, you can be sure a nation state or someone with more resources could.”

Those sorts of warnings, along with vivid demonstrations of the grid’s vulnerability, such as an incident a year ago in which unknown assailants fired on a power station near San Jose, nearly knocking out electricity to Silicon Valley, have grabbed official attention. In Congress, the vulnerability of the power grid has emerged as among the most pressing domestic security concerns. It is also among the most vexing.Lawmakers have expended considerable energy on the issue, to limited effect. At times, they appear to be working at cross purposes. Some members of Congress want to empower regulators to force specific security upgrades at utilities. Others are attacking whistle-blowers and the media, demanding an investigation into disclosures of how easily the country’s power grid could be shut down. More