A threat recognized by utility executives at the highest level, cyberattacks are a new form of terrorism and asymmetrical warfare, as explained in this fifth article from a Microgrid Knowledge series on microgrid cybersecurity.
It’s common to find seeds of advanced technology within work by the military. Microgrid cybersecurity is no exception, as we see in this interview with Darrell Massie, who holds a doctorate in civil engineering and is the founder and chief technology officer of Intelligent Power & Energy Research Corporation (IPERC), an S&C Electric subsidiary.
The threat of cyberattacks targeting the U.S. electric grid is rising, and hackers have become increasingly sophisticated. Historically, hackers broke into systems as a sport to show off and test their skills. But over the years they increasingly capture personal and financial information for monetary gain. More recently, foreign governments have been responsible for a growing number of cyberattacks. The Wall Street Journal recently reported that the malicious software that shut down power in parts of Ukraine’s capital last year could be repurposed to target the U.S. grid.
“In the hands of our enemies, cyberattacks can be a crippling weapon against the United States. Cyberattacks are currently being utilized as a new form of terrorism and asymmetrical warfare,” said Massie. “The Ukraine cyberattack was a spectacular display of the damage cyber attackers are able to achieve today. That attack not only focused the public’s attention on how vulnerable an electric grid can be, but it also verified the grid’s high value as a target.”
The industry also is realizing the massive disruption and financial repercussions that could result from a Ukrainian-style cyberattack on the U.S. grid.
This threat is recognized by utility executives at the highest level, but many have been understandably reluctant to air their concerns publicly. This attitude is changing as utility regulators and even the utilities themselves begin to mandate higher levels of cybersecurity. The industry also is realizing the massive disruption and financial repercussions that could result from a Ukrainian-style cyberattack on the U.S. grid. A 2015 report by insurance company Lloyd’s of London estimated that if a cyberattack were to plunge the Eastern Seaboard of the U.S. into darkness, the economic impact could be as high as $1 trillion.
The Ukraine attack led to valuable lessons, according to Massie. The hacked utility publicly listed its equipment vendors, which allowed hackers to determine key specifications of its installed grid components. The hackers then hijacked common Microsoft files to gain control of the utility’s industrial control systems. Once inside, they used publicly available vendor information to rewrite control software to change device settings while indicating normal status on the user interface screens utility operators were watching.
The security of distributed architecture
The Ukraine attack underscores a basic concept in cybersecurity. “An attacker goes for the easiest target. A centrally designed system can be easily overrun in an event storm,” said Massie.
One of the solutions is moving to a more distributed architecture. But many existing microgrids have not done this, so they are not necessarily cybersecure, according to Massie.
“Most control systems in use today were designed long before cybersecurity was a concern and, therefore, contain no security features. The common tactic used in an attempt to secure existing control systems is to simply deploy firewalls at the system perimeter. This is the electronic equivalent to a Band-Aid,” said Massie. “Every firewall can be breached. Therefore, control systems need to continue operating even with the attacker inside. We test and operate our control systems under this premise.”
A cybersecure microgrid is governed not by a single central master controller, but rather by many interconnected controllers. Should one controller become compromised for any reason, it can be sequestered and another will take over its duties. There are backups to the backup. By contrast, if a microgrid relies on a single central controller, should that one fail, the entire system is disabled.
“Almost every competing control system has a central control point. Our GridMaster controller is different in that it is distributed. If hackers knock out one controller, another takes over,” Massie said.
The distributed control approach to microgrid cybersecurity goes back to IPERC’s roots. Massie served in the U.S. Army for 27 years, and one of the challenges he faced was getting power into the field in places such as Bosnia, Iran, and Iraq. Those deployed power systems faced an additional challenge in that they would be moved suddenly and even split into different locations.
That started Massie down a path to figure out how those systems could be “dynamically reconfigured” so service could be restored with plug-and-play simplicity. After years of working on the technology issues, Massie realized the answer required a fundamental rethinking of microgrid software architecture. A single central controller wouldn’t work but a distributed control strategy, a kind of strength in numbers, would. Furthermore, the inherent resiliency and cybersecurity features of a distributed control system were just as attractive for permanent microgrids at installations as they were for mobile field units.
Massie took that concept and made it the basis of IPERC. In 2007, recognizing the growing threat of cyberattacks, IPERC began designing and testing distributed control systems with embedded cybersecurity. IPERC was, therefore, ready when the Department of Defense solicited bids for its three-phase microgrid cybersecurity program through its SPIDERS program. IPERC’s control system was selected for all three phases of that project and the company led the design of controls, communications, and cybersecurity for the capstone phase.
“We have passed every security test the DoD has thrown at our control system because we embed our cybersecure architecture from the start.” — Darrell Massie, IPERC founder and chief technology officer
Over the next five or six years of the program, IPERC further refined its cybersecure microgrid controller with the dedicated funding from the Department of Defense, Department of Energy, and Department of Homeland Security.
“We have passed every security test the DoD has thrown at our control system because we embed our cybersecure architecture from the start,” Massie said.
GridMaster controller’s unique military designation
IPERC’s GridMaster microgrid controller is the only one on the market that has received, now twice, the military’s respected “Authorization to Operate,” or “ATO,” which validates the security posture of the system and authorizes general ongoing use at a military facility. The ATOs were awarded after demonstration of security implementation using the DoD Risk Management Framework (RMF) and rigorous testing by several DoD cybersecurity teams.
What lies ahead? Massie foresees future microgrid controls autonomously repairing themselves and adapting to unexpected communication or configuration changes. Only a system comprised of distributed controllers will have the capability to achieve this kind of microgrid self-healing.
As the threats to the grid heighten, cybersecure microgrids present a method to assure that electricity will continue to flow, starting with critical infrastructure such as emergency first responders, hospitals, food and water supply, and communications. It’s a long road to deploy enough microgrids to provide this assurance across the country. It’s time to pick up the pace.
The Microgrid Knowledge Special Report series on microgrid cybersecurity will also cover the following topics:
- The Cybersecurity Value of Microgrid Islanding
-
How to Create a Cybersecure Microgrid and Protect the Macrogrid, Too
-
First Cybersecure Microgrid Controller Installed by Midwestern Utility
The full report, “Microgrid Cybersecurity: Protecting and Building the Grid of the Future,” is downloadable free of charge, courtesy of S&C Electric.