A terrorist attack on the U.S. power grid could result in the deaths of thousands of people, as well as incurring costs of hundreds of billions of dollars, according to the National Academy of Sciences.

While such an attack would not immediately kill people, an article from Businessweek reports, the widespread blackouts afterward could last for weeks or months. If the event occurred during extreme weather, heat or exposure to cold could lead to “hundreds or even thousands of deaths,” the authors of a recently declassified Academy report wrote.

The study paints a stark picture of what could happen if hackers, extremist groups, disgruntled employees or even energy companies sabotage the nation’s power network, the article says. The study also calls for the government to create a national inventory of portable generator equipment to be used during such an event.

The U.S. electricity network consists of a web of generators, high-voltage power lines, lower voltage lines running to homes and businesses, substations and other gear. Since 2007, the increase of computerized “smart meters” highlights the need for vigilance against cyber attacks, the article notes.

Terrorists can also disable transformers, which may take years to replace. Transformers are often custom-build, difficult to transport and made outside the U.S. A well-planned attack could take out multiple substations, the article says. The Edison Electric Institute is leading a pilot program to install spare transformers at sites where they can be transported for use during an emergency.

The report also raised concerns about how a blackout would affect services such as medical care, the water supply and the pumping of natural gas, which uses compressors raised by electricity, Businessweek reports.

A 2011 report from the Electric Power Research Institute says that about $3.7 billion in investment is needed to protect the grid from cyber attacks.

Energy companies, including utilities, would have to increase their investment in computer security more than seven-fold to reach an ideal level of protection, according to a Ponemon Institute survey done for Bloomberg Government in January. The survey of network managers at 21 energy companies including 14 utilities found the companies would need an average annual budget of $322.6 million to stop 95 percent of cyber threats, the article notes.

The report was finished in 2007 and declassified in August, 2012.