By Larry Clark
Simulating cybersecurity attacks to protect the smart grid
Hackers had a banner year in 2014. They stole hundreds of millions of passwords and other pieces of confidential information from banks, retailers, credit card companies, even film company Sony Pictures. A record number of computer breaches affected more than half of all American adults, costing businesses up to $500 billion, and fueling increased attention to the security of Internet interactions. But the financial consequences of those attacks pale in comparison to the possibility of intrusion and disruption of the electric power system.
From hospitals’ life support machines to nuclear reactors to home heating during bitter cold winters, keeping the power flowing can be a matter of survival. Increasingly the power grid is a smart one, an interconnected system of electric power generation, distribution, advanced home meters and appliances, and computer control centers. The system can increase efficiency, reduce outages, and possibly lower costs. But with more and faster communication across the system comes greater vulnerability.
At Washington State University, a combination of power engineers, computer scientists, and their industry partners simulate holes and weaknesses in the smart grid, then work out ways to manage the risk of hackers interrupting and subverting the electric power system. Their key to successfully securing the grid is understanding that the threats are both cyber and physical.
“What is the nightmare scenario of an attack on the power grid? If you’re an IT manager alone, you can’t imagine that,” says Chen-Ching Liu, electrical engineering professor and director of WSU’s Energy Systems Innovation Center (ESIC). “We have to bring the two sides together, much like our group of computer scientists and engineers. You have to know enough about the power grid to see what kind of cyberattack would take control and do enough damage to the grid to create that nightmare scenario.”
Liu says a successful attack could cause not just a power outage, but create a tremendous expense for utilities as they replace blown transformers worth millions of dollars each. The threat is not just theoretical; in 2007, Idaho National Laboratory ran an experiment where a cyber attack physically destroyed its Aurora Generator, causing it to explode after rapidly opening and closing circuits.
Even President Barack Obama and Congress agree that cybersecurity is a national priority. “No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families,” said Obama in his 2015 State of the Union, to rare bipartisan applause.
“If you think of the big threat, it’s not just the cyber part. The power grid is always a target, whether it’s terrorists or others,” says Anjan Bose, an electrical engineering professor and former dean of the Voiland College of Engineering and Architecture, with more than 35 years of experience in the field. “What has been added is that now you might be able to get to the power grid through the cyber systems. That is what worries people.”
DETECT AND CONTAIN
In the electric power transmission control room at WSU’s engineering building, a hacker attacks the power grid. It’s a smart grid, shown on large computer monitors as yellow squares and lines representing electric substations and generators, and at first everything is copacetic. A moving graph shows a steady flow of electricity that keep refrigerators running and iPhones charging. Then a square starts to blink red. A circuit has been forced open and a generator disrupted.
Within seconds, the red blinking spreads from one square to another, the graph line descends in jagged increments as voltage goes down, and soon the entire grid has cascaded into a complete blackout.
Fortunately the attack is a simulation, run by Liu’s graduate student as the hacker. Another graduate student operates the control system. In a second demonstration, they use an anomaly detector within the smart grid’s substations, which first identifies signals that aren’t trustworthy, then isolates them to prevent further damage. This time the attack does not bring down the power grid.
Liu explains that their software looks at computer traffic and spots oddities. “When you find unusual things, you try to figure out what to do with that. Hopefully you kick out the intruder early enough that there’s no impact on the grid,” he says.
The control simulator, called a smart city test bed, is a valuable asset and one part of the strategy to safeguard a smart grid’s integrity. “Cybersecurity is very hard to study on just paper. We know the power grid so we can simulate that, but the computer side is very complex,” says Liu. “Unless you have a realistic environment, much like industry has, it’ll be hard for you to do your research.”
Pullman, wired up as a smart city, is part of the test bed, too. Its data will be used for simulating attacks, but not in real time, says Liu with a chuckle. “We can’t play with a live system.”
Smart meters, which send usage information to the Avista utility to increase efficiency, are part of the project in Pullman. On the consumer side, Liu recognizes the need for diligence on privacy issues for the devices, since around 60 million smart meters are expected to be deployed around the United States by 2019. There’s a strong interest in securing smart meters because unauthorized access could not only lead to infiltration of the power grid, but a criminal might see that no one is home if there’s less electricity use, says Liu.
Because of privacy and other societal and policy implications of the smart grid and cybersecurity, Liu brought WSU psychologists, sociologists, economists, and political scientists into the ESIC group. They work in concert with the engineers to address privacy and other human factors connected to electric power systems. Liu also headed up smart grid implementation for the European Union before coming to WSU, which shared many of the same concerns.
Up a couple of floors from the smart city control test bed, electrical engineer Anurag Srivastava leads the team in another smart grid demonstration and research lab, where stacks of electric relays, sensors, and controllers connect to real-time simulators. This is the physical side of the system, connected to its own smart grid simulation and acting as a complement to the smart city test bed.
The sensor helps in monitoring the simulated power grid using the same hardware as a substation, says assistant professor Srivastava. He explains that this WSU test bed emulates the way data flow from real equipment to control centers, and how different actions such as cyber attacks may impact the physical system. It also helps in analyzing advanced communication technologies in a smart grid.
“In the past, you used to get snapshots of the grid, like a picture which would come every four seconds. Now you’re looking at more like a video of the grid with fast sensors,” he says. That immediacy means more control ability to isolate problems and maneuverability to bring back the power system in case of trouble.
Srivastava says the test bed can help analyze responses to both hackers and damage from storms, accidents, or direct physical attacks by humans.
“A big concern is how to survive big storms like Hurricane Sandy. Turns out some of the techniques you need to survive cyber attacks are the same kinds of technology and processes,” says Bose.
BAKE IN THE SECURITY
On the other side of Pullman, Dave Whitehead ’89, vice president of research for the electric power equipment manufacturer Schweitzer Engineering Laboratories, or SEL, takes an engineer’s perspective on cybersecurity.
“We build systems to take into account temperature and other environmental factors. Cybersecurity is just another thing we need to do so we can make sure the system is robust and reliable,” he says.
Not that the sky is falling. It’s really preventive medicine. “Is Pullman a dangerous place? No, but I’m still locking the door on my house. It’s just prudent behavior.”
After he graduated from WSU, Whitehead worked on submarines in Connecticut, and then returned to Pullman and the expanding company in 1994.
Whitehead says security has always been built right into the company’s electric relays and other equipment. Edmund O. Schweitzer III ’77 PhD started the company in his basement in 1982, with an industry-changing digital protective relay—a device that monitors power lines and systems for problems. Since Schweitzer, also a former WSU faculty member, had introduced the world’s first microprocessor-based relay, he recognized the potential for misuse through the increase in electronic communications. The relay was now passing more information than ever to an electric utility’s control centers through dialup modems. Even in the early 1980s, Schweitzer required two passwords to use the relays, one for technicians to evaluate problems and another for engineers to actually change settings.
It’s essentially the same as the two-part access at SEL’s offices, where a person might need both an electronic badge and a password. “We take data security we have in our headquarters and apply it to substations out in the middle of nowhere,” says Whitehead. “It’s a layered approach.”
He says there are advantages to securing the grid, as opposed to guarding strictly online transactions. When it comes to cybersecurity, the challenge for Target or banks is abstract; it is money, but it’s a handful of bytes in a computer, says Whitehead. “When you take the money from my account or give me a whole bunch, there’s no connection to the physical universe. I don’t all of a sudden have a million dollars sitting in my wallet.” For the electric power system, the cyber part really does connect back to some physical thing, whether it’s electrical current or an open circuit breaker.
Another advantage is that power systems are overmeasured, “so if somebody were able to spoof one location, we have another location that essentially measures the same thing,” he says. If something is wrong or values don’t match, the attack can be identified and isolated.
When they complete new products, Whitehead’s research team at SEL works in a similar way to the WSU scientists, and sometimes with them. “Our cybersecurity team has a test bed where they put in equipment, and then start poking holes in it or attacking it.”
PUT ON THE HACKER HAT
Adam Hahn, a computer scientist at WSU, says researchers must consider the worst ways to break the power system if they want to mitigate against attacks.
“How can you defend against something you don’t know? You have to know what an attack is going to do before you can defend against it,” says Hahn. “In other engineering fields you try to design a system that meets some functional requirements. Here we try to figure out how we can violate whatever assumptions they made.
“Instead of making a system work, we’re trying to make a system fail.”
Hahn came to WSU in 2014 after working in the private sector on cybersecurity, primarily for the federal government. He says cybersecurity really came to the forefront after the 2010 revelation of Stuxnet, the powerful computer “worm” that could propagate and infect computers to control machinery and industrial processes.
Stuxnet was a magnitude of order worse than anyone imagined, says Hahn. It pushed into high gear the research into cybersecurity of physical systems like the power grid.
Hahn and WSU computer scientist Carl Hauser work with students to infuse the security mindset—in effect, to think like a hacker. Hauser says students will often come up with good security ideas, but don’t necessarily think about how their ideas might be circumvented.
“Having built this thing, it’s hard for some people to ask, ‘Where are the holes?’ You don’t want to admit there are holes,” says Hauser.
They teach the students partly through attack and defense games on the operational systems, called red team-blue team competitions. Hahn isn’t worried that they’re teaching students to be hackers. “You pretend you’re an adversary and attack the system. As a security person that’s what you really need to focus on,” says Hahn.
To Hauser, invasion is inevitable. Experience shows us that computer security will be breached, just not very often, he says. When there’s only one line of defense, it reduces planning for the attack that makes it through.
“That’s not helpful. It doesn’t lead you to doing the things you should be doing to make the system resilient,” says Hauser. Instead he recommends that people look at computer security as risk management. That makes it easier to talk about how to contain damage in the rare instances when attacks succeed.
Hauser has worked with power engineering faculty for over 10 years on how to secure the communications that take place in the power grid and understanding the risks associated with different types of cybersecurity failures.
In turn he and the other computer experts learn from engineers about how to build control systems that fail gracefully and rebound after problems, just like the power grid itself. Their collaboration doesn’t end with research. WSU’s graduate students take courses team-taught by the two disciplines, a unique combination that benefits both fields.
“This is a very rare group in terms of our combination of power engineers and computer scientists,” says Bose. “There are other parts of the country where power engineers work with computer scientists but I think this is the only place where we have three computer scientists focusing 100 percent of their research on the power grid.”
In many ways, the struggle between good guys and bad never ends. It becomes an arms race over the security of computer systems, and new challenges continue to push engineers. One of the challenges is the growing amount of data and computer traffic. The smart grid, with its numerous advanced meters on homes and businesses and complex control systems, will create a flood of new information.
It has become a scale problem, says Whitehead. “How do we secure all that data, as the data rates get faster and faster and the volumes get larger and larger?”
Hahn also points out that, unlike smartphones, home computers, and other short-lived products, power equipment lasts up to 30 years. That makes it tough to build computer security systems that can block out hackers of the future, perhaps even armed with the capabilities of ultrafast quantum computers.
Moreover, he says, the “Internet of Things,” with its interconnected devices from refrigerators to light bulbs to smart meters, can exacerbate security concerns when they get picked up quickly by consumers. “We don’t think about the risk before we do the adoption. From a security perspective, we’re always chasing the problem,” says Hahn.
Despite these challenges, the WSU engineers and industry researchers realize most people just want the electricity to work.
“My expectation when I go home is that I hit that light switch and the lights come on. I think it’s the same for all consumers,” says Whitehead.
Protecting power transmission and distribution from hackers or storms keeps the TV on and businesses running. This is something the smart grid can do well, as long as it’s secure.