Rapidly Restoring the Electrical Grid after Cyberattack

security gaps.

Girding for More Grid Protection
“While we’ve made significant progress against RADICS’ mission of rapid grid restoration, there remains an opportunity to further explore technologies capable of thwarting attacks, such as enhanced forensic analysis on grid devices to better understand the threats,” noted Weiss.

Today, first responders lack ways of interfacing with infected devices, understanding what these devices are doing under malicious influence, and ultimately applying a fix. Forensics – in this case the practice of deliberately extracting and preserving data about an intrusion – is not yet a supported feature of grid devices. This is further complicated due to the difficulty of removing a device from the grid to understand what happened to it after an attack. To address this challenge, a team led by SRI International is developing a forensics port that provides a physical opening in these devices for local access to a variety of diagnostic information. With the port, authorized users can perform a variety of incident response actions, such as memory validation and forensic imaging without compromising vendor IP or a utility’s proprietary information. SRI is sharing the design for this port with DOE, vendors, and other community leaders to jumpstart a discussion on what additional tools are needed to properly equip grid response teams.

Also still to address is the current need for utilities and grid operators to fall back to manual procedures to restore the grid during blackouts if SCADA or EMS functionality is lost. Today, this involves spending weeks manually creating reliability and resiliency models for tens of thousands of grid nodes. The process typically requires multiple servers and engineers that must rely on incomplete data for grid restoration. To help accelerate this process, researchers from Carnegie Mellon University (CMU) developed a foundational technology for modeling, simulating, and optimizing power flow of the grid. The prototype software tool, called Simulation with Unified Grid Analyses and Renewables (SUGAR) provides unprecedented speed and robustness for developing real-time grid models – reducing the process to seconds or minutes from several days – and can be done on a standard laptop.

“The continued research happening at SRI and CMU stands to greatly benefit electrical grid restoration efforts,” said Weiss.

The question of how to prevent an attack from happening in the first place, however still remains. There is additional research happening at DARPA that could help address this challenge by rethinking computer security from the ground up. The Guaranteed Architectures for Physical Security (GAPS) program is looking at more intelligent ways of connecting in-network computers so that these critical assets are not put on computer networks that are directly connected to the Internet. “With GAPS, we are looking at how to filter what is allowed so that a device on the power grid, for example, could still upload everything it needs to, but if someone came in remotely they wouldn’t be able to compromise its activities or disrupt the flow of critical data,” noted Weiss who is also leading this program.

The second program is SSITH, which stands for System Security Integration Through Hardware and Firmware. SSITH is focused on developing secure processors capable of thwarting common hardware attacks that derive from software vulnerabilities. The secure hardware architectures and associated design tools in development on the program could ultimately be used across a wide array of systems, including those found within the electrical grid.