What happens when hackers come for the grid?

A scale model of Manhattan used by Cui’s team in a cyberattack simulation (hacker)
A scale model of Manhattan used by Cui’s team in a cyberattack simulation (Image: Bryan Anselm/Bloomberg Businessweek)

Emergency training at a restricted facility off Long Island aims to minimise the potentially catastrophic effects of hackers attacking United States power infrastructure, according to a new Bloomberg Businessweek report.

Five times over the past three years, a scenario has played out on Plum Island—a spit of land just off the northeastern tip of New York’s Long Island. A large part of the power grid has gone down in a cyberattack, leaving the population in the dark and critical infrastructure such as hospitals growing desperate. A team of utility operators and cybersecurity experts scrambles to get the grid back up.

Related article: Russian Conti hackers claim CS Energy cyberattack

Each emergency scenario was a drill held by the Defense Advanced Research Projects Agency (Darpa), the Pentagon’s research arm. Its goal was to expose utilities accustomed to dealing with hurricanes, blizzards, and other challenges to the reality of a successful cyberattack on the U.S. electrical grid.

Concern about such an event has been mounting for years. Darpa began preparing groundwork for its drills in mid-2015, part of a five-year, $118 million project that began after congressional testimony the previous year from then-National Security Agency Director Mike Rogers.

Rogers told lawmakers that hackers had been breaking into U.S. power utilities to probe for weaknesses and that Russia had been caught planting malware in the same kind of industrial computers used by power utilities.

Darpa’s drills illustrated the chaos hackers could unleash, leaving vulnerable critical safety equipment, communications, and operational systems.

While the government periodically practices such scenarios, utility operators rarely do. Until it ended in 2020, Radics offered the 15 utilities that participated near-real-world conditions to test new technologies, some of which they’ve since implemented. It also jolted them out of any complacency they may have had, says Brian Lynn, a lead trainer for PJM Interconnection LLC, the country’s largest grid operator, who advised Darpa throughout the program.

“Anyone who was there really had their eyes opened up,” he says.

“And they were able to go back as a firsthand witness to each of their companies and say, ‘Hey, this is a real thing.’ ”

Hackers who want to bring down a grid would likely manipulate the computers that keep it in balance. Operating a modern grid requires constant realignment to make sure the amount of power sent into the system is equal to the power that households, businesses, and other customers pull from it.

Related article: Cyber regulation will exert greater power over Australia’s critical sectors

Eric Hittinger, an expert in energy policy who’s an associate professor at Rochester Institute of Technology, likens this process to a bicycle rider constantly shifting her weight to stay upright. If that balance is disrupted badly enough, he says, “everything starts to fall apart. Different parts of the system will start to turn off in unpredictable ways. You end up with cascading failures. You fall off the bike.”

Read the full article here.

Previous articleABB acquires controlling interest in U.S. EV charging company
Next articleEnergy One to acquire Adelaide’s CQ Energy