GridHacker-resistant power plant software in a successful Hawaii tryout

Published 27 February 2018

Johns Hopkins computer security experts recently traveled to Hawaii to see how well their hacker-resistant software would operate within a working but currently offline Honolulu power plant. The successful resilience testing, funded by the U.S. Department of Defense, was triggered in part by growing concerns about the vulnerability of electric power grids after two high-profile cyber-attacks by Russian government hackers turned out the lights in parts of Ukraine during the past two years. Neither outage in Kiev was long or extensive enough to cause serious harm or panic. Yet the attacks served as a wake-up call, putting a spotlight on power grid security in the United States and elsewhere.

Johns Hopkins computer security experts recently traveled to Hawaii to see how well their hacker-resistant software would operate within a working but currently offline Honolulu power plant. The successful resilience testing, funded by the U.S. Department of Defense, was triggered in part by growing concerns about the vulnerability of electric power grids after two high-profile cyber-attacks by Russian government hackers turned out the lights in parts of Ukraine during the past two years.

Neither outage in Kiev was long or extensive enough to cause serious harm or panic. Yet the attacks served as a wake-up call, putting a spotlight on power grid security in the United States and elsewhere.

“Today, our power system is not designed to withstand the kind of attacks that happened in Ukraine,” said Yair Amir, professor and chair of the Department of Computer Science in the university’s Whiting School of Engineering. “If even part of a power grid’s control system is compromised, the game is over. We need to make our grid more secure, resilient and intrusion-tolerant.”

Amir and his team of researchers hope to help boost resilience with their new open-source control system for power grids called Spire. The intrusion-tolerant system is designed to keep power flowing even if part of the system is compromised.

JHU says that in an experiment last April, a Sandia National Laboratories hacker team was able to remotely obliterate a commercial grid control system within a couple of hours, but the team could not penetrate the Spire system for three days. On the third day, the Sandia attack team was given remote access to part of Spire, but its test hackers still could not disrupt the system’s correct operation.

More recently, the Spire developers from Johns Hopkins were invited to get their feet wet in Hawaii. At the end of January, Amir and his team went to an offline Hawaiian Electric Company plant in Honolulu and spent two weeks testing the Spire system on the power plant’s equipment with the help of HECO engineers Keith Webster and John Tica. After a few days of setup and integration, Spire ran continuously without interruption for almost a full week.

The goal of the Hawaii deployment was to verify that Spire can operate without degrading the control system’s performance and without adverse effects on other power plant systems.