Smart Grid or Not, We Can’t Pussy-foot Around Its Security

October 12, 2016 by Patricia Friar

The complexity of the electric power industry creates enormous opportunity for Fortune 500 companies and promising technology companies. Increased energy demands, capacity limitations, environmental constraints, varying load shapes, distributed generation and the deployment of new smart technologies all come into play. While new technologies will be developed to build a robust and resilient 21st Century grid, this new grid is still in its infancy and will take years, most likely decades, to reach that utopia of which we dream.

While we work toward our energy nirvana, naturally occurring events and man-made acts threaten to bring down our grid. Steps must be taken to develop technologies that can thwart these attempts, and these technologies must operate in real-time. If we do not do this, we risk catastrophic consequences which include horrific loss of life, widespread destruction of property, and complete societal meltdown.

An attack on the U.S. electric power grid occurs, on average, every four days. Our inability to secure the U.S. grid from cyber and physical attacks are considered to be the single largest threat. Concerns are growing over the ability of subversives to hack into U.S. power grid software. Such an attack could be one of the quickest ways to destroy the U.S. economy, and it may the most efficient, cost-effective and achievable method of attack.

Hacker

Cyber-Attacks

The Dragonfly virus has been around at least since 2011, as identified Symantec. The virus targets U.S. and European energy companies. The electric grid, power plants, wind turbines and gas pipelines are all at risk. The malware allows real-time monitoring of these energy companies and the ability to bring their operations down. According to Symantec, over an 18-month period, more than 1,000 organizations in 84 countries were the victims of Dragonfly attacks. The vast majority of the targets were in the U.S., France, Italy, Germany, Spain, Turkey and Poland – all NATO countries.

In December of 2015, hackers used a more sophisticated code and successfully triggered a massive blackout in 103 cities and towns in Ukraine affecting some 300,000 people. Though U.S. intelligence and security officials say the evidence is not conclusive, Elizabeth Sherwood-Randall, deputy Energy Secretary, has publically said that the Russians were behind the cyber-attack that downed the grid. U.S. officials say it is the first confirmed cyber-warfare attack affecting civilians.

The U.S. power grid and other major industrial facilities have many of the same vulnerabilities exploited in the Ukraine attack. The malware introduced has the capability to destroy fundamental parts of a hard drive and industrial control centers. Technologies that can thwart these attacks in real-time must be developed.

Electric station2

Physical Attacks

Real-world manmade physical events also threaten the grid. Some physical attacks can be. Physical attacks are low-tech, require fewer resources, are easier than cyber-hacks and do not necessarily need the backing of a rogue state. In 2013, Pacific Gas and Electric’s (PG&E) substation in Met. calf, CA. was attacked. Just after midnight on April 16, 2013, attackers breached PG&E's security substation in Metcalf, California. They cut fiber-optic AT&T phone lines, shutting off service to nearby neighborhoods. The perpetrators fired more than 100 rounds of .30-caliber rifle ammunition into the radiators of 17 electricity transformers. A blast from the past, .30-caliber ammunition was used in the M1 carbine from the time of the WWII up until the Korean War. Thousands of gallons of oil leaked, causing electronics to overheat and shut down. It may be an inside job of a disgruntled employee or contractor, but this crime has not been solved yet. We need to innovate technologies that can protect our grid from these too.

Nuclear Explosion

Electromagnetic Pulse

Events Electromagnetic Pulse (EMP) episodes are another type of physical attack. The EMP phenomenon can be naturally occurring or manmade. An EMP is a high-intensity burst of electromagnetic energy caused by the rapid acceleration of charged particles. When used in an attack, these particles interact and send electrical systems into chaos. The electromagnetic shock can bring down all critical infrastructures that depend on electricity and electronics within the vicinity of the EMP event.

A geo-magnetic storm from the sun can create an EMP effect. Lightning is another type of naturally occurring EMP. Manmade EMP episodes include nuclear explosions, which can affect vast areas. A nuclear weapon with a burst height of approximately 100 kilometers can expose objects located within a 560 kilometer radius to the effects of an EMP event. Equipment for localized EMP events can be purchased from a consumer electronics store. While remedies for lighting EMP are well-developed, we do not have technologies to protect us from these manmade events.

In a nuclear weapon blast destruction can spread far beyond ground zero. Electromagnetic energy on a radio frequency will travel through any conductive matter with which it comes into contact: from electrical wires to telephone wires to water mains. Were this to happen rule of law would become impossible to sustain; police departments would be overwhelmed; emergencies services would no longer exist and we would return to an agrarian society. Scientists project that 90% of our population would die due to our inability support our current population with available resources.

Real-time Technologies Are a Must

The U.S. government is very aware of the consequences that EMP, cyber, and physical attacks pose to the electric grid. There is no double the technologies are needed to counter cyber and physical attacks, and naturally occurring EMP events. They must be real-time technologies, < 50 microseconds, to have any chance of remediating attacks on our grid. So, while we plan, test our assumptions, and eventually deploy new technologies for our Smart Grid, we must move even faster to develop real-time technologies that will secure our grid today. Or, we may not see our Smart Grid future tomorrow.