Washington: Smart grid technology—such as management systems in power plants—may be prone to hacking, say scientists who delved into “nightmare” scenarios where hackers exploit security weaknesses and execute a disruptive plan of cyberattacks.
Reliability measures of electrical grid has risen to a new norm as it involves physical security and cybersecurity. Threats to either can trigger instability, leading to blackouts and economic losses.
“Most of us take turning the lights on for granted. In reality, the energy we draw from the electrical grid to brighten homes, freeze food and watch TV is part of a complicated and widespread system,” researchers said.
“Understanding that system’s vulnerabilities and reliability is a crucial step towards improving its security,” they said. The fundamental problem is a gap between physical equipment and intangible software, said Chee-Wooi Ten, from Michigan Technological University in the US.
Advances in smart grid technology—such as smart meters in homes, management systems for distributed energy resources like wind and solar production along with instrumentation systems in power plants, substations or control centres—create improvements in entry points for hackers.
“Ten years ago, cybersecurity simply didn’t exist—it wasn’t talked about and it wasn’t a problem,” Ten said. “Now with events like in Ukraine last year and malware like Stuxnet, where hackers can plan for a cyberattack that can cause larger power outages, people are starting to grasp the severity of the problem,” he said. Ten points out that hackers target specific parts of the control network of power infrastructure and they focus on the mechanisms that control it.
Automated systems control much of the grid from generation to transmission to use. The convenience and cost reduction of automation streamlines the process, but without solid security measures, it also makes the systems vulnerable.
The interconnectedness of the grid can also cause cascading impacts leading to blackouts, equipment failure and islanding where regions become cut off and isolated from the main power grid. Researchers drew connections and assessed weaknesses using a framework that would assess the bottleneck of a power grid and its interconnection with their neighbouring grids.
With a better understanding of the system’s weaknesses, it is easier to be strategic and shore up security risks. In the long run, improving regulations with specifics to match actual infrastructure needs and providing cybersecurity insurance will help, researchers said.
“Simply because the remote substation networks are constantly commissioned with full compliance doesn’t mean they are secure,” Ten said. “There is going to be a tremendous impact if we’re negligent and fail to keep up with changes in communication infrastructure and emerging security threats,” he said.