29 July 2018

Russians hacked into US electric utilities: 6 essential reads

D Sharon Pruitt

The U.S. Department of Homeland Security has revealed that Russian government hackers have gained deep access to hundreds of U.S. electrical utility companies, gaining far more access to the operations of many more companies than previously disclosed by federal officials. Securing the electrical grid, upon which is built almost the entirety of modern society, is a monumental challenge. Several experts have explained aspects of the task, potential solutions and the risks of failure for The Conversation:

1. What’s at stake?


The scale of disruption would depend, in part, on how much damage the attackers wanted to do. But a major cyberattack on the electricity grid could send surges through the grid, much as solar storms have done.

Those events, explains Rochester Institute of Technology space weather scholar Roger Dube, cause power surges, damaging transmission equipment. One solar storm in March 1989, he writes, left “6 million people without power for nine hours … [and] destroyed a large transformer at a New Jersey nuclear plant. Even though a spare transformer was nearby, it still took six months to remove and replace the melted unit.”

More serious attacks, like larger solar storms, could knock out manufacturing plants that build replacement electrical equipment, gas pumps to fuel trucks to deliver the material and even “the machinery that extracts oil from the ground and refines it into usable fuel. … Even systems that seem non-technological, like public water supplies, would shut down: Their pumps and purification systems need electricity.”

In the most severe cases, with fuel-starved transportation stalled and other basic infrastructure not working, “[p]eople in developed countries would find themselves with no running water, no sewage systems, no refrigerated food, and no way to get any food or other necessities transported from far away. People in places with more basic economies would also be without needed supplies from afar.”

2. It wouldn’t be the first time

Russia has penetrated other countries’ electricity grids in the past, and used its access to do real damage. In the middle of winter 2015, for instance, a Russian cyberattack shut off the power to Ukraine’s capital in the middle of winter 2015.

Power grid scholar Michael McElfresh at Santa Clara University discusses what happened to cause hundreds of thousands of Ukrainians to lose power for several hours, and notes that U.S. utilities use software similar to their Ukrainian counterparts – and therefore share the same vulnerabilities.

3. Security work is ongoing

These threats aren’t new, write grid security experts Manimaran Govindarasu from Iowa State and Adam Hahn from Washington State University. There are a lot of people planning defenses, including the U.S. government. And the “North American Electric Reliability Corporation, which oversees the grid in the U.S. and Canada, has rules … for how electric companies must protect the power grid both physically and electronically.” The group holds training exercises in which utility companies practice responding to attacks. 

4. There are more vulnerabilities now

Grid researcher McElfresh also explains that the grid is increasingly complex, with with thousands of companies responsible for different aspects of generating, transmission, and delivery to customers. In addition, new technologies have led companies to incorporate more sensors and other “smart grid” technologies. He describes how that “has created many more access points for penetrating into the grid computer systems.”

5. It’s time to ramp up efforts

The depth of access and potential control over electrical systems means there has never been a better time than right now to step up grid security, writes public-utility researcher Theodore Kury at the University of Florida. He notes that many of those efforts may also help protect the grid from storm damage and other disasters.

6. A possible solution could be smaller grids

One protective effort was identified by electrical engineer Joshua Pearce at Michigan Technological University, who has studied ways to protect electricity supplies to U.S. military bases both within the country and abroad. He found that the Pentagon has already begun testing systems that combine solar-panel arrays with large-capacity batteries. “The equipment is connected together – and to buildings it serves – in what is called a ‘microgrid,’ which is normally connected to the regular commercial power grid but can be disconnected and become self-sustaining when disaster strikes.”

He found that microgrid systems could make military bases more resilient in the face of cyberattacks, criminals or terrorists and natural disasters – and even help the military “generate all of its electricity from distributed renewable sources by 2025 … which would provide energy reliability and decrease costs, [and] largely eliminate a major group of very real threats to national security.”

Editor’s note: This story is a roundup of articles from The Conversation’s archives.

No comments: