Grid securitySignals from distant space could help secure electric substations

Published 7 May 2019

Side channel signals and bolts of lightning from distant storms could one day help prevent hackers from sabotaging electric power substations and other critical infrastructure.

Side channel signals and bolts of lightning from distant storms could one day help prevent hackers from sabotaging electric power substations and other critical infrastructure, a new study suggests.

By analyzing electromagnetic signals emitted by substation components using an independent monitoring system, security personnel could tell if switches and transformers were being tampered with in remote equipment. Background lightning signals from thousands of miles away would authenticate those signals, preventing malicious actors from injecting fake monitoring information into the system.

Georgia Tech notes that the research, done by engineers at the Georgia Institute of Technology, has been tested at substations with two different electric utilities, and by extensive modeling and simulation. Known as radio frequency-based distributed intrusion detection system (RFDIDS), the technique will be described February 26 at the 2019 Network and Distributed System Security Symposium (NDSS) in San Diego.

“We should be able to remotely detect any attack that is modifying the magnetic field around substation components,” said Raheem Beyah, Motorola Foundation Professor in Georgia Tech’s School of Electrical and Computer Engineering. “We are using a physical phenomenon to determine whether a certain action at a substation has occurred or not.”

Opening substation breakers to cause a blackout is one potential power grid attack, and in December 2015, that technique was used to shut off power to 230,000 persons in the Ukraine. Attackers opened breakers in thirty substations and hacked into monitoring systems to convince power grid operators that the grid was operating normally. Topping that off, they also attacked call centers to prevent customers from telling operators what was happening.

“The electric power grid is difficult to secure because it is so massive,” Beyah said. “It provides an electrical connection from a generating station to the appliances in your home. Because of this electrical connection, there are many places where a hacker could potentially insert an attack. That’s why we need an independent way to know what’s happening on grid systems.”