Protecting the power grid from cyber attacks

September 25, 2018 by Paula Owen, Worcester Polytechnic Institute
Credit: CC0 Public Domain

As the national power grid becomes increasingly dependent on computers and data sharing—providing significant benefits for utilities, customers, and communities—it has also become more vulnerable to both physical and cyber threats.

While evolving standards with strict enforcement help reduce risks, efforts focused on response and recovery capabilities are just as critical––as is research aimed at creating a well-defended next generation smart grid. The Daily Herd recently sat down with Michael Ahern to discuss the many challenges involved in securing the against physical and cyber ––both now and in the future.

In addition to his role as director in WPI's Corporate and Professional Education and instructor for the Foisie Business School, Ahern also leads a WPI research team supporting BAE Systems as part of the Defense Advanced Research Project Agency's Rapid Attack Detection, Isolation, and Characterization Systems (DARPA RADICS) intitative.

What is being done in the U.S. to protect the power grid from cyberattacks?

Here in the U.S., a lot is being done to protect the power grid from cyberattacks. The power grid, or electric transmission system, is required to meet the North American Electric Reliability Corporation's Critical Infrastructure Protection (NERC CIP) Standards. These standards include mandatory requirements for specific actions to protect the power grid from both physical and cyberattacks. CIP Standards are updated regularly to address emerging threats and are vigorously enforced by independent auditors backed by Federal Energy Regulatory Commission [FERC] fines for noncompliance.

The result of these regulations and their enforcement is reduced risk of attacks that create widespread power outages.

Even with these evolving standards, cybersecurity is like a race that never ends. Attackers are learning and building their capabilities, too. Many nation states and rogue organizations are developing their capabilities. We've seen attacks against power grid control systems create widespread outages twice in Ukraine. Recently, the U.S. Department of Homeland Security reported attempts to insert malware in our electric power control systems.

The U.S. recognizes the risk that other nations may develop cyberattacks the industry is unable to stop. One initiative DARPA launched several years ago is called Rapid Attack Detection, Isolation, and Characterization Systems [RADICS], research to develop technology that cybersecurity personnel, engineers, and first responders can utilize to accelerate restoration of cyber-impacted electrical systems.

Overall, the U.S. industry is improving defenses and the U.S. government is conducting research to add new restoration capabilities.

What are the risks if attempts to disrupt the power grid are successful?

Clearly, outages are disruptive. Not only do we lose the lights, after a few days, we may lose water treatment capabilities and also find it difficult to find an open gas station to refuel our cars and trucks. If a nation can do this, it can make coercive threats against other nations without actually going to war.

How can the U.S. better protect against such attacks?

With attackers learning and developing, defenses for all types of critical infrastructure control systems—including water, gas, and transportation—must improve just to keep pace.

On a personal level, we would all do well to learn to protect ourselves from cybertheft with malware like ransomware. Most of these attacks start with phishing to get us to install their malware and then exploiting an existing software vulnerability. The top few things we should all do to better protect ourselves include hovering over links and checking to see where these links are sending our internet browser before we click; having a questioning attitude about any and all information requests (never give away your ID and password); and quickly installing software patches and updates to apps to eliminate known vulnerabilities.

Explore further: Protecting the power grid with circuit simulation methods

Related Stories

Protecting the power grid with circuit simulation methods

September 13, 2017

In December 2015, Russian hackers allegedly pummeled Ukraine's power grid, disrupting the flow of electricity for nearly a quarter-million Ukrainians. Then, in December 2016, roughly a year after the first attack, the hackers ...

Protecting bulk power systems from hackers

February 10, 2017

Reliability measures of electrical grid has risen to a new norm as it involves physical security and cybersecurity. Threats to either can trigger instability, leading to blackouts and economic losses.

Recommended for you

Tiny 'water bears' can teach us about survival

March 20, 2019

Earth's ultimate survivors can weather extreme heat, cold, radiation and even the vacuum of space. Now the U.S. military hopes these tiny critters called tardigrades can teach us about true toughness.

A decade on, smartphone-like software finally heads to space

March 20, 2019

Once a traditional satellite is launched into space, its physical hardware and computer software stay mostly immutable for the rest of its existence as it orbits the Earth, even as the technology it serves on the ground continues ...

Researchers find hidden proteins in bacteria

March 20, 2019

Scientists at the University of Illinois at Chicago have developed a way to identify the beginning of every gene—known as a translation start site or a start codon—in bacterial cell DNA with a single experiment and, through ...

Turn off a light, save a life, says new study

March 20, 2019

We all know that turning off lights and buying energy-efficient appliances affects our financial bottom line. Now, according to a new study by University of Wisconsin-Madison researchers, we know that saving energy also saves ...


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.