Dive Brief:
- Work being done at the National Renewable Energy Laboratory aims to help protect the electric grid from hackers and cyber threats, with researchers developing and then hacking grid control systems in an effort to make them more resilient.
- NREL's Cyber Physical Systems Security and Resilience Center developed a "Test Bed" to examine system threats, which resulted in the discovery this year of a vulnerability and the eventual development of stronger systems.
- Grid cybersecurity is a growing area of concern, with the impacts of a wide-scale U.S. blackout potentially reaching $1 trillion. A simulated attack on the North American electric grid last year showed the industry's progress, but also uncovered areas where improvement is needed.
Dive Insight:
As smart technology proliferates on the U.S. grid, more government officials such resources would make the grid more vulnerable.
Erfan Ibrahim heads up a team at the NREL's Cyber Physical Systems Security and Resilience Center, developing control systems and then searching for ways to break in. Ibrahim's team is backing an effort to build the "Test Bed for Secure Distributed Grid Management," which mimics the communications and control functions of a utility power system and allows friendly hackers to search for and correct vulnerabilities.
The group so far has located a single vulnerability in the Test Bed, which was traced to a misconfigured cybersecurity device. But that one vulnerability was sufficient for a hacker to gain admin rights and then launch a denial of service attack that disabled the Test Bed.
"In three and a half months, we were able to pull a real-scale test bed together, attack it, and figure out what works and what doesn't work from a protection perspective," Ibrahim said in a DOE article on the project. "Now we're sharing our findings with the industry to accelerate the adoption of empirically proven cybersecurity controls to systemically protect critical infrastructure."
One cybersecurity firm made improvements to its own product after running tests on the test bed, DOE reported.
"Before you go deploying something out in the field, don't just take a point test in the lab and extrapolate to production; you need something in between," Ibrahim said. "And that's the test bed. We can scale up and run full-scale experiments—some real, some simulated—before a company goes into production with a new product."
As the electric system becomes increasingly interconnected and hackers more sophisticated, U.S. officials in government and in power companies are increasingly worried that a sophisticated attacker could disable parts of the grid. Last year, Lloyd's of London issued a report finding the total economic loss associated with a large-scale blackout could range from $243 billion up to $1 trillion in the most damaging scenarios.
And following GridEx III, a simulated attack on the grid run last year, the North American Electric Reliability Corp. issued a report calling for improvements in communications, including upgrading the Electricity Information Sharing and Analysis Center (E-ISAC) portal and enhancing coordination with law enforcement.
Some lawmakers, however, are calling for a less sophisticated approach by installing analog technology to thwart modern hackers. Led by Sen. Angus King (I-ME), the bipartisan group of four lawmakers proposed establishing a two-year pilot program within the National Laboratories to study new devices, like analog solutions, which could help isolate critical systems from cyber-attacks.