Cyber Gridlock

What are the chances of a cyberattack shutting down one of the three North American electrical power grids? Or even part of one?

There are those who think it about as likely as was deemed the unthinkable attack on Pearl Harbor, while others strongly believe it is not a matter of if, but rather when.

And what would be the consequences? In our large cities and even their suburbs, initial discomfort could quickly grow to a general panic as supplies of food, water, medicine, and gasoline are exhausted. Because of the interconnectedness of local power companies in each of the national grids, the notion of an entire grid being affected is not beyond consideration.

All electrical necessities and conveniences fail. Soon all batteries are powerless and cannot be recharged. Communication is difficult or impossible. Air traffic-control systems are inoperable (consider the “minor” disruption of Delta’s ATC system that affected thousands of travelers worldwide for a mere few days).

Power Grids

The days of the independent all-in-one local power company that generated and distributed electric power to customers in a limited geographic area are long gone. Its demise arose in part due to its total dependence on the reliability and capacity of its own generating facilities, and, ultimately, on the expectation of very reliable and less expensive power through its becoming a partner in a very large grid. In the United States there are three power grids, each of which is dependent on the Internet to connect its individual elements (numbering in the thousands and including generating sources, transmission lines, and local power distribution companies).

Strictly speaking, the grid is defined as the network that enables connection of the elements of an electric utility system as required to meet customer needs. Of the thousands of electric utilities in the United States, only a small fraction, and virtually none of the publicly owned utilities, now do their own generation and transmission.

As power needed by one utility is purchased from elsewhere in the grid, the transfer of power is called wheeling, and the process coordinated by adjacent control centers. There are 140 control centers to service 3000-plus U.S. utilities.

Grid Vulnerabilities

Following the 2003 blackout that began in Ohio with a high-voltage power line failure and ultimately spread to eight states and parts of Canada, a task force of governmental energy experts found that in a number of cases, industry standards had not been adhered to. It turned out that the standards were then entirely voluntary, and there were no penalties for ignoring them.

The 2003 blackout resulted in a review of the industry regulatory system and the establishment of the Federal Energy Regulatory Commission (FERC). There are now mandatory regulations. They may be proposed by FERC, but then can be modified by the industry’s North American Electric Reliability Corporation (NERC) before they are accepted as mandatory.

U.S. federal regulations apply only at the level “above” the local utilities, involving, for example, state-to-state transmission of power. Thus no uniform standards apply to how electric utilities service local customers. The complexity of the legal and financial relationships among the many utilities within a state, plus the need to control rates charged to end users, demands the attention of individual state regulators. As a result, critics note, little time may be available to devote to safety issues at the state levels.

On the other hand, NERC’s jurisdiction covers the portion of the grid termed the bulk power system. And its geographical area includes the continental United States, Canada, and a portion of Baha California, Mexico. It is thus subject to oversight not only by FERC, but by government authorities in Canada. The bottom line, the critics assert, is that uniform, enforceable standards to cover the communication networks that interconnect all the elements of a power grid are limited.

A successful cyberattack is often thought possible because all operations use the same supervisory control and data acquisition system (SCADA) within a particular grid.

An article in the June 2016 Computer (“How to Survive a Cyber Pearl Harbor”) defines shared configuration as a single platform, the same OS, one middleware approach, one computer or database vendor, and one administrator password or a root account to open them all. The authors note that “In cyberspace, two computers could be miles away, but if they are connected, and use the same Oracle release, they can be attacked simultaneously. The replication and duplication that makes it possible to manage a fleet of machines is the same [as that which] makes them go down in one event.”

Priorities Vary

Because physical attacks on portions of the grid occur regularly, many industry leaders are more disposed to concern themselves with physical as opposed to cyber security. (The U.S. Department of Energy received 14 reports from electric utilities of cyberattacks between 2011 and 2014, compared to 348 reports of physical attacks during the same period, while the Department of Homeland Security reported 151 cyber incidents related to the energy industry in 2013.)

In 2015, USA Today published the findings of a survey of more than 50 electric utilities, noting that “more often than once a week, the physical and computerized security mechanisms intended to [avoid] widespread power outages are affected by attacks, with less severe cyberattacks happening even more often.”

In 2015, the U.S. Energy Information Administration (EIA) concluded a report on challenges to the electric power grid with the following list:

• Siting new transmission lines (getting approval of new routes and obtaining rights to the necessary land)
• Determining an equitable approach for recovering the construction costs of a transmission line being built in one state when the new line provides benefits to out-of-state customers
• Ensuring that the network of long-distance transmission lines reaches renewable energy generation sites where high-quality wind and solar resources are located, which are often far from areas where electricity demand is concentrated
• Addressing the uncertainty in federal regulations regarding who is responsible for paying for new transmission lines; this uncertainty affects the private sector’s ability to raise money to build transmission lines
• Protecting the grid from physical and cybersecurity attacks

Interestingly, protection from attack was last in this list.

Suggestive of a more urgent priority, George Cutler, former chief scientist of the National Security Agency, in 2015 stated “With adversaries’ malware in the National Grid, the nation has little or no chance of withstanding a major cyberattack on the North American grid system. Incredibly weak cybersecurity standards with a wide-open communications and network fabric virtually guarantees success to major nation-states and competent hacktivists. This industry is simply unrealistic in believing in the resiliency of the Grid subject to a sophisticated attack . . . make no mistake, there will be major loss of life and serious crippling of National Security capabilities.”

Studies Undertaken

Since its inception, NERC has conducted three grid security exercises, the first (GridEx I) in 2011. Its most recent (GridEx III) in November 2015 was a two-day event involving 166 utilities and 174 government and other stakeholder organizations. NERC designed simulated cyber and physical attacks to which the participating utilities responded. An executive review by industry executives and senior government officials followed.

Among the findings:

• Widespread and prolonged power outages will disrupt the ability of traditional media (radio, TV, print) to function. So utilities and government at all levels will need to find ways to inform the public about the situation and what is being done about it.
• Industry’s capability to analyze malware is limited and would require expertise likely available from software suppliers, control system vendors, or government resources. System recovery and restoration would be delayed or may not begin until the nature of the cyber risks are understood and mitigation strategies are available.

The sophisticated communication system required to operate the grid is itself dependent on electric power. This self-dependence is perhaps the fundamental hurdle to quick recovery from a physical or cyber attack. The industry is hoping to explore ways to simplify the system operation to supply basic service but at reduced levels of reliability and less economically when the normal grid operational processes are disrupted.

In December 2015 the Defense Advanced Research Projects Agency (DARPA) announced a program to develop automated systems that would help cyber and utility engineers restore power within seven days of an attack that overwhelms the recovery capabilities of power utilities. Named Rapid Attack Detection, Isolation and Characterization Systems (RADICS), the $77 million program got underway in August 2016 with the participation of seven R&D teams. John Everett, its program manager, noted that “prolonged disruption of the grid would hamper military mobilization and logistics, impairing the government’s ability to project force or pursue solutions to international crises.”

Your comments are welcome.

Resources

• Koppel, T., Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath, Crown Publishers, 2015.
• Loui, R.P., and Loui, T.D., “How to Survive a Cyber Pearl Harbor,” Computer, June 2016.
• U.S. Energy Information Administration, “What is the electric power grid and what are some of the challenges it faces,” Dec. 22, 2015 https://www.eia.gov/energy_in_brief/article/power_grid.cfm
• Reilly, S., “Bracing for a big power grid attack: “One is too many,” usatoday.com, Mar. 24, 2015.
• NERC GridEx III Report, March 2016.
• Fairly, P., “Sniffing Out Grid Attacks” IEEE Spectrum, Sept. 2016
• Everett, J., “Rapid Attack Detection, Isolation and Characterization Systems (RADICS)” (retrieved Aug. 26, 2016)
• DARPA Exploring Ways to Protect Nation’s Electrical Grid from Cyber Attack, outreach@darpa.mil (retrieved Aug. 26, 2016)
• Bakke, G., The Grid: The Fraying Wires Between Americans and Our Future, Bloomsbury, 2016.

Donald Christiansen is the former editor and publisher of IEEE Spectrum and an independent publishing consultant. He is a Fellow of the IEEE. He can be reached at donchristiansen@ieee.org.