Grid securityCybersecurity of the power grid: A growing challenge

By Manimaran Govindarasu and Adam Hahn

Published 24 February 2017

Called the “largest interconnected machine,” the U.S. electricity grid is a complex digital and physical system crucial to life and commerce in this country. Today, it is made up of more than 7,000 power plants, 55,000 substations, 160,000 miles of high-voltage transmission lines, and millions of miles of low-voltage distribution lines. This web of generators, substations, and power lines is organized into three major interconnections, operated by 66 balancing authorities and 3,000 different utilities. That’s a lot of power, and many possible vulnerabilities. The grid has been vulnerable physically for decades. Today, we are just beginning to understand the seriousness of an emerging threat to the grid’s cybersecurity.

Called the “largest interconnected machine,” the U.S. electricity grid is a complex digital and physical system crucial to life and commerce in this country. Today, it is made up of more than 7,000 power plants, 55,000 substations, 160,000 miles of high-voltage transmission lines, and millions of miles of low-voltage distribution lines. This web of generators, substations, and power lines is organized into three major interconnections, operated by 66 balancing authorities and 3,000 different utilities. That’s a lot of power, and many possible vulnerabilities.

The grid has been vulnerable physically for decades. Today, we are just beginning to understand the seriousness of an emerging threat to the grid’s cybersecurity. As the grid has become more dependent on computers and data-sharing, it has become more responsive to changes in power demand and better at integrating new sources of energy. But its computerized control could be abused by attackers who get into the systems.

Until 2015, the threat was hypothetical. But now we know cyberattacks can penetrate electricity grid control networks, shutting down power to large numbers of people. It happened in Ukraine in 2015 and again in 2016, and it could happen here in the United States, too.

As researchers of grid security, we know the grid has long been designed to withstand random problems, such as equipment failures and trees falling on lines, as well as naturally occurring extreme events including storms and hurricanes. But as a new document from the National Institute of Standards and Technology suggests, we are just beginning to determine how best to protect it against cyberattacks.

Understanding the Ukraine attacks
On 23 December 2015, a cyberattack penetrated electricity distribution control centers in Ukraine using software vulnerabilities, stolen credentials and sophisticated malware. The attackers were able to open dozens of circuit breakers and shut off power to more than 200,000 customers for several hours.

A year later, the country’s electricity transmission facilities were attacked. That attack also cut off electricity service, though to a much smaller geographic area, and for only about an hour. In both cases, it is widely reported that hackers aligned with the Russian government were responsible.

How can we prevent this sort of attack in the United States?