Defending Grid From ‘Nightmare’ Attacks

Tuesday, February 14, 2017 @ 06:02 PM gHale


Hackers target specific parts of the control network of power infrastructure and they focus on the mechanisms that control it to cause power outages and blackouts. Graphic by Sarah Bird, Michigan Tech

Hackers target specific parts of the control network of power infrastructure and they focus on the mechanisms that control it to cause power outages and blackouts.
Graphic by Sarah Bird, Michigan Tech

Physical security and cybersecurity threats to the electric grid can trigger instability, leading to blackouts and economic losses.

“Nightmare” scenarios where hackers exploit security weaknesses and execute a disruptive plan of cyberattacks led to new research by scientists from Michigan Technological University.

RELATED STORIES
Simulated Attack Shows ICS Weakness
Working To Fight Advanced DDoS Attacks
Stronger, Secure Wireless for Safer Driving
Working to Hack Proof RFID Equipment

The fundamental problem is a gap between physical equipment and intangible software, said Chee-Wooi Ten, an associate professor of electrical and computer engineering at Michigan Tech and lead author of a paper on the subject.

Advances in smart grid technology — such as smart meters in homes, management systems for distributed energy resources like wind and solar production along with instrumentation systems in power plants, substations or control centers — create improvements in monitoring and entry points for hackers.

“Ten years ago, cybersecurity simply didn’t exist — it wasn’t talked about and it wasn’t a problem,” Ten said, joking people thought he was crazy for suggesting power grid hacking was possible. “Now with events like in Ukraine last year and malware like Stuxnet, where hackers can plan for a cyberattack that can cause larger power outages, people are starting to grasp the severity of the problem.”

Ten said hackers can target specific parts of the control network of the power infrastructure and they focus on the mechanisms that control it. Automated systems control much of the grid from generation to transmission to use. As Ten said, the convenience and cost reduction of automation streamlines the process, but without solid security measures, it also makes the systems vulnerable. The interconnectedness of the grid can also cause cascading impacts leading to blackouts, equipment failure and islanding where regions become cut off and isolated from the main power grid.

Ten and his team draw connections and assess weaknesses using a framework that would constantly assess the bottleneck of a power grid and its interconnection with their neighboring grids. Using quantitative methods to prioritize cybersecurity protection will ensure power grids operate in a more secure and safer manner.

Ten said it’s like measuring blood pressure. “You know your health is at risk because we monitor systolic and diastolic numbers, so perhaps you work out more or eat healthier,” Ten said. “The grid needs established metrics for health too, a number to gauge if we are ready for this security challenge.”

With a better understanding of the system’s weaknesses, it’s easier to be strategic and shore up security risks. In the long run, Ten said improving regulations with specifics to match actual infrastructure needs and providing cybersecurity insurance will help.

“Simply because the remote substation networks are constantly commissioned with full compliance doesn’t mean they are secure,” Ten said. “There is going to be a tremendous impact if we’re negligent and fail to keep up with changes in communication infrastructure and emerging security threats.”



Leave a Reply

You must be logged in to post a comment.