Military Is Ramping Up Preparation For Major U.S. Power Grid Hack
By 2020, the Pentagon hopes to be able to repair our power grid within a week of a massive attack
The U.S. Department of Defense is growing increasingly concerned about hackers taking down our power grid and crippling the nation, which is why the Pentagon has created a $77-million security plan that it hopes will be up and running by 2020.
The U.S. power grid is threatened every few days. While these physical and cyber attacks have never led to wide-scale outages, attacks are getting more sophisticated. According to a 494-page report released by the Department of Energy in January, the nation’s grid “faces imminent danger from cyber attacks.” Such a major, sweeping attack could threaten “U.S. lifeline networks, critical defense infrastructure, and much of the economy; it could also endanger the health and safety of millions of citizens.” If it were to happen today, America could be powered-down and vulnerable for weeks.
The DoD is working on an automated system to speed up recovery time to a week or less — what it calls the Rapid Attack Detection, Isolation, and Characterization (RADICS) program. DARPA, the Pentagon’s research arm, originally solicited proposals in late 2015, asking for technology that did three things. Primarily, it had to detect early warning signs and distinguish between attacks and normal outages, but it also had to pinpoint the access point of the attack and determine what malicious software was used. Finally, it must include an emergency system that can rapidly connect various power-supply centers, without any human coordination. This would allow emergency and military responders to have an ad hoc communication system in place moments after an attack.
“If a well-coordinated cyberattack on the nation’s power grid were to occur today, the time it would take to restore power would pose daunting national security challenges,” said DARPA program manager John Everett, in a statement, at the time. “Beyond the severe domestic impacts, including economic and human costs, prolonged disruption of the grid would hamper military mobilization and logistics, impairing the government’s ability to project force or pursue solutions to international crises.”
DARPA plans to spend $77 million on RADICS. Last November, SRI International announced it had received $7.3 million from the program. In December, Raython was granted $9 million. The latest addition is BAE Systems, which received $8.6 million last month to develop technology that detects and contains power-grid threats, and creates a secure emergency provisional system that restores some power and communication in the wake of an attack — what is being called a secure emergency network.
According to the military news site Defense Systems, BAE’s SEN would rely on radio, satellite, or wireless internet — whatever is available that allows the grid to continue working. The SEN would serve as a wireless connection between separate power grid stations.
While the ultimate goal of the RADICS program will be the restoration of civilian power and communications, the SEN will prioritize communication networks that would be used for defense or combat, so the U.S. government can still wage war while the rest of us are in the dark.
Called the “largest interconnected machine,” the U.S. electricity grid is a complex digital and physical system crucial to life and commerce in this country. Today, it is made up of more than 7,000 power plants, 55,000 substations, 160,000 miles of high-voltage transmission lines and millions of miles of low-voltage distribution lines. This web of generators, substations and power lines is organized into three major interconnections, operated by 66 balancing authorities and 3,000 different utilities. That’s a lot of power, and many possible vulnerabilities. More here from USNews.
*** Last year from the Department of Energy:
Today’s electric grid increasingly uses “smart” devices that can be controlled remotely — letting operators manage the grid better and more efficiently. But as the electric grid becomes smarter, it also becomes more vulnerable to hackers. That’s why a new initiative underway at the National Renewable Energy Laboratory (NREL) aims to prevent hackers from gaining control of parts of the nation’s power grid, which could damage electrical equipment and cause localized power outages.
Tackling the challenge is Erfan Ibrahim and his team at NREL’s Cyber Physical Systems Security and Resilience Center. Ibrahim’s team launched an effort to build the Test Bed for Secure Distributed Grid Management. It’s a hardware system that mimics the communications, power systems, and cybersecurity layers for a utility’s power distribution system, the part of the power grid that carries power from substations to homes and businesses.
The test bed incorporates a lot of brand-new cybersecurity technologies that need to be tested in order to make the system as secure as possible. So, naturally, they tried to break it. Specifically, they tried to hack the system.
Approaching the system from three different angles, they found a single vulnerability, which was due to a misconfigured cybersecurity device. Through that one cyber vulnerability, a designated white hat hacker was able to get into the system, gain administrator rights, and launch a denial of service attack that disabled the entire testbed. That’s the type of insight the test bed is designed to provide. One of the cybersecurity firms actually refined its product after seeing how it performed on the test bed.