Endnotes 141 This example had many clauses to it, such as an employee visiting a malicious Web site and proper network segmentation not existing, but this is exactly how an attack or penetration test may turn out. The attacker/tester finds a vulnerability and exploits it to escalate his or her access, which leads to finding another vulnerabil- ity to further increase his or her unauthorized access. This continues until the attacker has met or exceeded his or her goal. SUMMARY Utility companies cannot rely on the obscurity of smart grid technologies to pro- tect themselves from smart grid attacks. Although some technology components will be new, smart grids will utilize technology that has existed for decades and have well-known and well-documented vulnerabilities. With the more connected nature of smart grids, attackers and security testers will more easily be able to identify and exploit vulnerabilities in electric grids. Attacks can be initiated from many different locations, thus utility companies should perform comprehensive security assessments of their implementation to determine if they are protected from the many different attack vectors.