Called the “largest interconnected machine,” the U.S. electricity grid is a complex digital and physical system crucial to life and commerce in this country. Today, it is made up of more than 7,000 power plants, 55,000 substations, 160,000 miles of high-voltage transmission lines and millions of miles of low-voltage distribution lines. This web of generators, substations and power lines is organized into three major interconnections, operated by 66 balancing authorities and 3,000 different utilities. That’s a lot of power, and many possible vulnerabilities.
The grid has been vulnerable physically for decades. Today, we are just beginning to understand the seriousness of an emerging threat to the grid’s cybersecurity. As the grid has become more dependent on computers and data-sharing, it has become more responsive to changes in power demand and better at integrating new sources of energy. But its computerized control could be abused by attackers who get into the systems.
Until 2015, the threat was hypothetical. But now we know cyberattacks can penetrate electricity grid control networks, shutting down power to large numbers of people. It happened in Ukraine in 2015 and again in 2016, and it could happen here in the U.S., too.
As researchers of grid security, we know the grid has long been designed to withstand random problems, such as equipment failures and trees falling on lines, as well as naturally occurring extreme events including storms and hurricanes. But as a new document from the National Institute of Standards and Technology suggests, we are just beginning to determine how best to protect it against cyberattacks.
Understanding the Ukraine attacks
On Dec. 23, 2015, a cyberattack penetrated electricity distribution control centers in Ukraine using software vulnerabilities, stolen credentials and sophisticated malware. The attackers were able to open dozens of circuit breakers and shut off power to more than 200,000 customers for several hours.
A year later, the country’s electricity transmission facilities were attacked. That attack also cut off electricity service, though to a much smaller geographic area, and for only about an hour. In both cases, it is widely reported that hackers aligned with the Russian government were responsible.
How can we prevent this sort of attack in the U.S.?
Protecting the American electricity grid from cyberattacks is challenging not just because it is made up of so many physical and computerized elements connecting nearly every building in the country. It’s difficult because the grid has to continue to operate in real time, making adjustments to ensure the right amount of electricity gets where it needs to go at every moment.
And it’s especially hard because the electricity industry is used to a slower pace of technological advance: While computer technologies like smartphones and servers are updated every two to three years, grid infrastructure typically must operate for over a decade.
Over time, though, older traditional electricity meters have given way to digital smart meters. Similarly, power substations that are crucial for converting electricity from high-voltage transmission lines to lower voltage for household use, are increasingly controlled via internet-enabled networks and software.
Security standards can help ensure utility companies keep their protection strong. The North American Electric Reliability Corporation, which oversees the grid in the U.S. and Canada, has rules, known as Critical Infrastructure Protection (CIP) compliance, for how electric companies must protect the power grid both physically and electronically. This includes monitoring the grid for attacks, as well as requiring safeguards such as multi-factor user authentication to keep unauthorized intruders from accessing control networks.
NERC also hosts regular tabletop simulation exercises, where electricity companies can practice defending against major attacks. The U.S. National Institute of Standards and Technology has its own recommendations, though they are not mandatory for utilities. A draft version of a new set of guidelines was just released, adding both urgency and detail for utility companies.
These standards, guidelines and exercises have significantly improved the security of the larger elements of the power system, such as power plants and high-voltage transmission networks. But they have done little to protect the low-voltage distribution networks that supply power directly to our homes and workplaces. Attacks on these low-voltage parts of the overall system cover less territory than intrusions at higher levels, but they can still cause large-scale power outages, like in Ukraine in 2015.
Defending the edges of distribution system is much more complicated than protecting its center. Not only are there many more physical locations to safeguard, but there are also many more companies involved in operating them. Municipal governments and utility cooperatives, for example, are significant distributors of electricity, and yet have limited security requirements. In addition, they may not have the money or expertise to protect their systems against cyberattacks.
The grid depends on a number of key control systems and algorithms, each of which presents its own unique vulnerabilities. The growing scale of this problem requires techniques to manage and reduce the number of vulnerable points the grid has.
Research into grid security is moving away from investigating ways to better handle equipment failures and natural disasters, and toward creating a well-defended power grid for the future. One approach could be to add more redundancy – additional equipment that can fill in when an attack takes out a power plant or a transmission line. That is very expensive, though.
The other approach involves systematically analyzing the risks inherent in critical systems and methodically defending against each of them. Key elements of this approach involve developing techniques that can prevent attacks, detect and respond to them when they happen, and allow us to investigate what happened after an attack has ended. That will help us to improve protection for the future.
This approach will require the industry to ensure each new device it connects to the grid is protected, no matter how small or how big. We’ll also have to develop new systems that can detect anomalous grid communications and create more secure network architectures for critical grid control systems.
In addition, regulators will need to keep updating the rules governing the industry to raise minimum security standards over time. Schools and universities will need to teach people to be not only electricity experts but cybersecurity defenders. Our ability to flip a switch and turn on the lights depends on it.