While emergency managers can’t control malicious actions on the grid, they can play an active role in safeguarding the system.
Sci-fi movies have warned us again and again: Sooner or later, our technology will destroy us.
The moment will come when machines become so smart, they will become a force for destruction rather than the engine of our general betterment.
Will it be the smart energy grid that pushes us over the line? There is growing concern that the automated, intelligent interplay between elements of the power grid could produce new and deeply hazardous vulnerabilities.
Consider first the upside. Smart grid technology enables two-way communication between disparate elements of the power generation, transmission and distribution chain. Constant feedback allows the system to detect and respond to local changes. As a result, lost power can be restored more quickly; systems can respond to peak demands; renewable sources can be integrated into conventional systems more easily.
“The downside is that with this higher degree of coordination comes a higher degree of vulnerability. If bad actors understand the new control paradigm, they can herd the grid to certain places, they can trick the grid operators or the automated equipment to respond in certain ways,” said Battelle Memorial Institute Research Leader Jason Black.
Within the complexity of the smart grid structure, these threats can take any number of forms.
Vulnerability begins at a mundane level, with the plain old physical attack, explosive or otherwise, targeted at the computing centers that run the smart grid. While power plants may have some level of physical security, data centers often do not have such protections. “Some of these major control centers are located in standard office buildings. They are not even located behind concrete barriers,” said Thomas Popik, chairman of the nonprofit Foundation for Resilient Societies, which conducts research into the U.S. power grid.
In addition to physical threats, more complicated attacks also are possible — attacks that seem to mirror Hollywood scenarios. Specifically, computer-based control systems also may be vulnerable to electromagnetic attack, the kind of mass shock wave that disrupts digital transmissions, as depicted in the movie Ocean’s Eleven. In that case, con artists use such a pulse to take a city’s grid offline for a few crucial moments.
“The same thing can happen to any vulnerable electronic component of the smart grid,” Popik said. Nor would the attackers be particularly noticeable. Such a disruptive device could easily fit into a standard van.
It’s a solvable problem, but the solutions have to be implemented early. One solution is a Faraday cage, an enclosure of conductive material that shields equipment from the pulse. You can cage individual pieces of equipment or enclose a whole room. Defense against electromagnetic attack also can be built into new energy facilities, adding 5 percent to the overall cost. Those who add such defenses as a retrofit typically find the costs to be about four times more.
The most widely recognized vulnerability in the smart grid lies in the software itself, the programming that directs the actions of the system. “We’ve tested around 30 different products from over 20 different vendors since April 2013 and we found 85 percent of those have low-hanging vulnerabilities,” said Adam Crain, a partner at Automatak. In examining energy industry software, Crain’s team has found a range of issues that may lead to possible exploitation.
While standards for security may be adequate, implementation is far less certain. Even with the security standards in hand, “now the coders have to take this complex standard — it’s 1,000 pages long — and translate it into software, and that is no easy task,” Crain said. While that software is then tested for functionality, it is seldom tested for security. Bad actors can slip in through security gaps and spread mass damage relatively easily.
“One of the things we found was that the master stations, the control centers, were vulnerable,” Crain said. All it takes is one unsecured power pole to get to the control center: Because everything is interconnected, even a small gap opens the door back to the master control system, giving a bad actor access to literally the entire system.
Where are the weak links? Virtually everywhere. Power poles, capacitors, voltage regulators, power quality meters, smart readers in people’s homes, electrical vehicle charging stations. Name it. Anything that isn’t locked down is a potential source for exploitation, an open window into the beating heart of the network.
All these cyberthreats are in a sense built into the very nature of the smart grid. “There is a huge culture gap, especially in the electrical power space,” Crain said. “The grid was designed for physical reliability, resistance to storms. It was not designed for resistance to cyberattacks. When you mention this issue to people in the field, the best they can say is that, ‘This is why we have redundancy.’ But redundancy doesn’t help you if that redundant asset has the same software and the same vulnerability.””
Now let’s start to think about the impact of all of this on the emergency management community. There’s the obvious threat of mass blackouts, and we’ll come to that. But consider first the “smartness” of the smart grid and all that it implies for people on the front lines of emergency response.
The smart grid depends on the intelligence of the devices to which it is connected. Diverse elements within the power chain must have some degree of awareness, as it were, if they are to communicate effectively up and down the line. This native hardware intelligence poses real risk as the power system becomes increasingly smart. The more intelligent the devices, the more widespread the risk.
At the Northern California Regional Intelligence Center, Cyber Intelligence Analyst Donovan Miguel McKendrick points to the innocuous-seeming Philips Hue light bulb. The bulb’s color can be adjusted to meet a range of settings, a nice feature for changing the mood in your living room. As the manufacturer describes it, users can “[e]xperiment with shades of white, from invigorating blue to soothing yellow. Or play with all the colors in the hue spectrum. … Relive your favorite memories. Even improve your mood.”
Hue is controlled by a smartphone app. Plug it into the smart grid, however, and it becomes theoretically possible to control the light from outside the app via software hack. Then the system’s own intelligence becomes a point of entry for destructive players. “Now suppose that light bulb is installed in an emergency room and someone shuts it off during a procedure,” McKendrick said. “That’s a worst-case scenario.”
Knowing that such things could happen, one moves quickly to considering the possibility that they will.
“The main concern is that somebody is going to get into the system with the motivation and the skill set to do serious damage and to cause loss of life,” McKendrick said. He points to the example of DarkSeoul, a hacking organization credited with successful cyberattacks on South Korea’s banks, television broadcasters, financial companies and government websites.
“That is exactly the concern,” McKendrick said. “That somebody could use a piece of malware like that and target critical infrastructure in America. With the smart grid, it would not be very difficult.”
The same techniques could of course be used to turn off all the lights. As emergency managers begin to contemplate these unpleasant scenarios, it seems reasonable to ask just how big a threat we’re talking about. While the smart grid is by no means ubiquitous, it is rapidly gaining a place among the most prominent energy management models.
More than 26 percent of public utilities and 28 percent of investor-owned utilities (IOUs) are in the early planning stages of developing a smart grid, according to the latest Strategic Directions in the U.S. Electric Industry report from engineering and consulting firm Black & Veatch.
More than 36 percent of public utilities and 23 percent of IOUs are actively deploying physical infrastructure updates, while about 13 percent of public and 17 percent of IOUs are deploying IT infrastructure. Clearly there’s momentum here.
Let’s back up and consider the big picture. The problems are apparent: buggy software, physical vulnerability, the inherent interconnectedness of intelligent devices. Yet the technology exists to remediate the worst of these. So what’s the problem?
As is so often the case, one of the main problems is the human element.
While the expertise exists to address the technological challenges of the smart grid, it does not always exist in the right places, said Adam Cahn, CEO of Clear Creek Networks, a company that builds computer networks for utilities.
“The problem is that the power engineers who are responsible for the management of the physical electric grid are not experts in the data networks that support the grid. They lack the skills to properly configure network devices,” he said. Data network professionals on the other hand may have a solid grasp on the technology, but may not understand the subtleties of power generation.
For emergency management, there are other aspects of the human element that may be more directly controlled.
When it comes to the prevention of crises, emergency managers often assume the role of educator, whether it comes in the form of a smoke alarm campaign or hurricane response instructions. In the case of the smart grid, that same up-front effort could help prevent disaster or at least speed remediation.
“The holes are generally in the human component. Humans are the weakest link every time,” McKendrick said. “So a large part of the job is not just responding to the cyberthreat but also educating the humans.”
Emergency managers likely will face significant hurdles in trying to get their voices heard. “There’s no awareness about how serious it is,” McKendrick said. “People hear about Anonymous, they hear about these malicious threats. But every time it comes out in the media, they say it is the end of the world. Then when the world doesn’t end, people just tend to write it off. Then you have the majority of the populace that just ignores it altogether. ‘My job isn’t in IT, so what do I care?’”
To help raise awareness, emergency managers should build alliances well in advance of a crisis, Black said. It’s important to forge ties with local utilities, to understand the vulnerabilities, to share response plans. If first responders know in advance that a certain school is going to become an ad hoc shelter, it makes sense to tell the utilities that, so that the school can become a priority for the return of power.
While emergency managers might not be able to control malicious actions on the grid, they can play an active role in shaping the policies that are meant to safeguard the system, Popik said. In particular, he recommends leaders join the North American Electric Reliability Corp., which sets policy for the energy industry.
“They need to become involved in the political process and demand the regulation, security and reliability of the electric grid,” he said.