Securing the Power Grid Against Cyber Attack
Digital systems control the majority of the U.S. power grid because they’re able to bring intelligence to, and keep power flowing across, the country’s geographically dispersed, complex physical network.
But about once every four days, a cyber attack or physical attack strikes a part of that power grid, a USA Today analysis of federal energy discovered in spring 2015. Cyber attacks on the power grid include malware-spreading campaigns that can shut down systems. A successful cyber attack can dismantle the power grid for months or years and leave potentially millions of Americans in the dark, according to a National Research Council report.
Now, researchers at Georgia Tech are set to demonstrate to the U.S. Department of Defense the technique they’ve created to thwart attacks. It identifies all devices on electrical grid control networks and instantly depicts—using computer modeling techniques—how data that passes over the grid will affect it.
Utilities and energy delivery systems are unique in several ways. They provide distribution over a large geographic area and are composed of disparate components that work together as the system’s operating state evolves, says Seth Walters. He’s a Georgia Tech Research Institute Research scientist and a principal investigator on the project.
“Relevant security technologies need to work within the bandwidth limitations of these power systems in order to see broad adoption and they need to account for the varying security profiles of the components within these power systems,” Walters says.
In effect, the technique can analyze the data enclosed within packets to determine whether those packets give the grid legitimate operating instructions or contain cyber attack instructions, says Raheem Beyah, an associate professor in the school of electrical and computer engineering at Georgia Tech.
Beyah also leads the Communications AssuranceandPerformance Group, which works with researchers from other Georgia Tech labs and institutes to develop, test, and deploy the intrusion detection system for the DoD.
Digital electricity technology transmits electricity in brief, discrete packets that contain energy and data.The packet may contain commands. One packet’s contents might include a command to open a breaker, for example.
But grid attacks can be enclosed within the electronic packets, Beyah says.
It’s these commands the Georgia Tech system studies.
“Traditionally, security systems look at digital signatures or anomalies in behavior in the traffic that comes across the network,” Beyah says. “But grid attacks wouldn’t be caught by those systems. They won’t be a part of the signature database, and the behavior of the traffic can be normal.”
The Georgia Tech system inspects each packet that moves across the system and plugs its contents into a faster-than-real-time model of the grid “to see if opening the packet would destabilize the grid,” he adds.
The key here are continually updated physics-based models of the live grid that take into account the dynamics of all the devices on the grid as well as present grid traffic.
That is, the software automatically estimates how the command would affect grid operation.
“When the system receives a command, it can inject it into model to see how the grid will respond,” Beyah says.
If the packet’s contents would destabilize the grid, the system doesn’t accept that packet and it then automatically creates rules that don’t allow similar packets on the network in the future.
The Georgia Tech departments and institutes that have worked jointly to create the technology have already tested it in the lab. In fall 2016 they’ll run a field test at an operating transmission substation in Pensacola, FL. In December, the Georgia Tech researchers will run a larger test at that site before DoD sponsors, Beyah says.
The technique is one of the results of a $1.7 million DoD contract that saw researchers from Georgia Tech schools and institutes work together to develop the cyber-attack thwarting technologies. Other groups on the project include the Georgia Tech National Electric Energy Testing, Research, and Applications Center (NEETRAC), the Strategic Energy Institute (SEI) and the Cyber Technology and Information Systems Laboratory (CTISL).
Jean Thilmany is an independent writer.
Learn more about the latest energy technologies at ASME's Power and Energy.
Relevant security technologies need to work within the bandwidth limitations of these power systems and they need to account for the varying security profiles of the components within these power systems.Seth Walters, Georgia Tech Research Institute