Modernizing the aging U.S. electric grid to meet 21st century power needs means updating the vast, complex network with “smart” technology to leverage the automation, connectivity, and renewable energy resources necessary to deliver electricity more reliably and efficiently.
While a smarter and more connected electric grid can increase resiliency against threats like extreme weather events, the grid’s growing size and complexity increases vulnerability to cyberattacks. An increasingly digitized power grid can create numerous entry points for malicious actors seeking to disrupt the nation’s power supply.
Protecting the U.S. grid — a massive, interconnected, cross-country network that generates, transmits, and distributes electricity — is critical to national security.
But as the grid becomes more complex and hackers get more sophisticated, the traditional IT approach to cybersecurity is no longer sufficient, according to scientists at the U.S. Department of Energy’s (DOE) Argonne National Laboratory, who are working to make the electric power grid more resilient to cyberattacks.
“Because the traditional utility network was physically isolated from the public network, an IT approach was sufficient for most threats,” said Bo Chen, an Argonne computational engineer. “Today’s utility network creates more vulnerabilities as new technologies are integrated. Many sophisticated attacks can hide themselves so an IT approach cannot detect them.”
New safeguards are needed to keep the electric grid safe from attackers, said Chen, who worked with Argonne computational scientist Hyekyung (Clarisse) Kim to develop a physics, rule-based approach to cybersecurity, which adds a security layer against attacks that have penetrated the IT perimeter.
“Physics-based methods are attractive solutions, offering the ability to check data integrity and maintain system stability even in the presence of malicious signals and commands,” said Kim.
Chen and Kim recently helped engineers at Hitachi ABB Power Grids, a leading global technology company, to add a new security layer and decision framework to help pinpoint and halt cyber threats, to keep the grid operating even if there is an attack. Their work appeared in the journal IEEE Transactions on Power Systems.
The Argonne team’s work is part of a wider project managed by Hitachi ABB Power Grids for the DOE Office of Cybersecurity, Energy Security, and Emergency Response (CESER), to secure high-voltage direct current (HVDC) transmission lines.
Protecting HVDC systems from cyberattacks
The U.S. electric grid consists of about 700,000 circuit-miles of lines, which primarily operate with alternating current (AC) to deliver power. As the grid is modernized, however, HVDC systems have grown beyond their original purpose as a supplement to AC transmission, and are emerging as an efficient, flexible energy transmission system.
Along with the capacity to send large amounts of electricity over very long distances with low electrical loss, HVDC systems can more easily integrate renewable energy such as wind and solar power into the grid and improve network performance.
Because they have a direct impact on system stability, protecting HDVC systems from cyberattacks is critical, said Chen. For example, a cyberattack could cause a “cascading failure,” in which the failure of one or a few parts of a power system can trigger the failure of other parts, potentially causing large-scale power outages or even total blackouts.
“While the increasing number of remote and local access points to HVDC stations greatly facilitate various HVDC applications, these access points also significantly enlarge the attack surface that can be potentially leveraged by malicious attackers inside and out,” Chen said.
Many HVDC applications rely on realtime data collected through the Wide Area Monitoring, Protection, and Control (WAMPAC) platform, which is used to analyze and remotely control HVDC system power output. While beneficial, the WAMPAC platform can open the door for hackers.
“Because phasor measurement units are allocated at different locations, there is a communication framework to support data collection and remote control, thus creating vulnerabilities to cyberattacks,” said Chen.
Taking a rule-based approach to cybersecurity, Chen and Kim created an algorithm that uses physical laws to verify the data collected through WAMPAC platforms to detect false data injection attacks. In such an attack, adversaries attempt to disrupt power by injecting false data to trick or mislead the energy management system.
Grid operators maintain situational awareness through a massive network of electronic devices that collect and process real-time grid information with very high resolution, Kim said
“Our detection technology uses the laws of physics to detect false data injection attacks on these devices while meeting stringent time-performance requirements,” Kim explained. “The way it works, we generate rules based on inherent interdependencies among data received from these devices to determine if they align with expected values or may be false data samples.
“Our tool alerts the operator of an attack status, identifies the compromised device, and replaces the corrupt data with correct values so that grid operations can continue uninterrupted even while an attack is in progress,” Kim continued.
Chen said the detection algorithm is essentially a digital replica, or digital twin, of the actual system.
“We can continuously simulate the actual system and provide data representing the true status of the system,” Chen said. “We are able to identify any abnormal signals or behaviors, and also differentiate if it’s a real failure or a cyberhack.”
The algorithm features a graphical user interface to notify operators of an attack in progress, identify the compromised device and display results for further analysis.
Detection Algorithm Proves Successful
After developing a simulation model, the team used a large number of cases to test the algorithm under various operating conditions at Argonne. Results show that the algorithm always detects the first malicious attack and was nearly 100 percent accurate in differentiating compromised from uncompromised data.
The detection algorithm was then tested at the ABB U.S. Corporate Research Center in North Carolina. The Argonne technology was integrated into Hitachi ABB’s own real-time digital simulator test bed. An attack was simulated on the test bed and was successfully detected.
A final demonstration took place at the Bonneville Power Administration (BPA) in Oregon, where the detection algorithm was used at a BPA replica station. This successful demonstration showcased an array of potential protections that could be made available for HVDC systems.
“This is a general-purpose rule-based approach that can be used for other physical systems and products, so it can be integrated as a functional module or it can be developed as a separate device attached to the existing systems,” said Chen, who is continuing to study the algorithm.
The Future of the Electric Grid
As the U.S. electric grid evolves and cyberthreats grow and become more sophisticated, securing HVDC stations is critical to the reliable operation, protection, and control of bulk power systems. Looking to the future, the changing cyber landscape means IT protections are no longer enough.
“While numerous detection methods exist to monitor network traffic from an IT perspective, gaps still exist in the vulnerability of energy delivery systems,” Chen said. “For example, firmware attacks can bypass the operating system and malware detection software, even if IT departments follow the best cyber security practices. Therefore, it is essential to protect the energy delivery systems from a perspective beyond IT.”