Microgrid Cybersecurity: Protecting and Building the Grid of the Future Why We Need Microgrid Cybersecurity: The Threat is Real Superstorm Sandy launched a wave of microgrid As in all warfare, prevention is the first strategy. But advocacy by revealing how easily wind and water beyond prevention, we must prepare for the worst. could crush a major metropolitan power grid. Five This means creating systems for rapid response, years later, North America saw similar destruction shelter for affected civilians, and protection of critical with Hurricanes Harvey, Irma, and Maria. As assets should hackers disrupt our power systems at devastating as these events were, none compare to the generation, distribution, or transmission levels. the threat of a major cyber attack on the American electrical utility grid. Microgrids are increasingly part of that recovery plan because they can provide an electrified oasis during This new threat is worse because it often comes with a power outage. Microgrids can power a community’s less warning than acts of nature, offering little time to vital services – law enforcement; fire protection; prepare. It carries the potential to take down larger medical care; distribution of water, food, and fuel; and swaths of the electricity system for longer periods of communications. Some include a community center time because of the risk of cascading failures. Security within their footprint, a shelter where the vulnerable experts describe a cyber attack against the power grid can congregate to charge phones and connect with as a form of asymmetrical warfare, the equivalent of loved ones. destroying a society by cutting off delivery of food and water, healthcare, commerce, and communications. These islands of power are created by using utility- Contemporary economies run on electricity. Without disconnectable and standalone power sources, such electricity, they seize up. as backup generators, spot generation, renewables, and batteries to power out-of-service utility lines. “They can’t beat us in the air; they can’t beat us on the Microgrids take over power distribution during grid sea or ground. So they are going to go after us where outages or voltage instability, or they can be set up as we are vulnerable, and that is in protection of our temporary or mobile power distribution in emergency infrastructure,” William Anderson, a former Air Force scenarios. assistant secretary and now a defense consultant who specializes in energy, told Microgrid Knowledge. Microgrid cybersecurity coming, but But cybersecurity solutions aren’t always as simple as installing software updates. Utility operators and quickly enough? security experts worry about the possibility of hidden Communities, hospitals, utilities, the military, and malicious code in the control systems managing the others have started building microgrids, but not fast North American power grid. This complex electric enough. If a massive cyber attack knocked out a large network includes equipment from many parts of the section of the grid today, restoration likely would take world; the fear is that some of these components months or years. Navigant Research has identified could contain ticking time bombs in the form of preset 1,842 microgrid projects worldwide, many of which viruses or malware from hostile nations that are set to would protect critical services during grid outages, disrupt the grid at a later date. representing nearly 20 gigawatts (GW) of power production. To put that in perspective, the U.S. power Given the urgency of the situation, Microgrid grid generates 1,000 GW to serve our needs; New York Knowledge, in partnership with S&C Electric City, alone consumes 10 GW. We clearly must pursue Company, has prepared this guide, “Microgrid cybersecure microgrids more quickly. Cybersecurity: Protecting and Building the Grid of the Future.” We offer this guide for download, free of Meanwhile, one incident after another underscores charge, and encourage readers to circulate the report the urgency of the cybersecurity risk. In December link widely. In this guide, we explain how microgrids 2015, an attack in the Ukraine left 225,000 people in general, and cybersecure microgrids in particular, without power for several hours and highlighted the offer protection during a cyber attack on our electric vulnerability of power grids, not just in that country infrastructure. but across the developed world. Three utilities were hacked, possibly by a hostile state or pro-government Three examples of microgrid cybersecurity hacker agencies, such as “Sandworm” or “Electrum.” Distributed architecture provides the core of microgrid The outages were caused by coordinated, remote cybersecurity, offering three forms of protection. cyber intrusions, “probably following extensive reconnaissance of the victim networks,” as reported First, distributed assets are more difficult for cyber- by the U.S. Department of Homeland Security. The terrorists to attack en masse than are centralized Ukrainian grid was again attacked in December 2016. systems with a single point of failure -- a characteristic This time only a single substation was compromised. of the U.S. grid. Microgrids use distributed energy But the event was worrisome because attackers used resources -- many different points of power a sophisticated cyber weapon nicknamed “Crash generation – and are inherently segmented from the Override” that can easily be modified to attack a wide bulk grid. They can be further segmented into sub- range of industrial facilities worldwide. grids that can operate autonomously or in concert and be isolated from each other and the bulk grid in case More recently, we’ve seen that it’s not just computer of cyber attack. To bring down a microgrid, attackers code that makes infrastructure vulnerable. It turns must discover and compromise multiple unconnected out that hackers may have a much wider playing field. points. There is no single vulnerable bull’s eye. For example, in Dallas, Texas, the city’s 156 outdoor tornado sirens simultaneously and unexpectedly went Second, microgrids offer inherent redundancies. off in April when hackers manipulated tonal codes, Should one source of generation fail, another can take not computer code, in a 10-year-old radio system. its place. For example, if solar panel management For 90 minutes – until operators manually switched software is attacked, the microgrid could still generate them all off – the sirens blared an unmistakable electricity from its other sources, such as energy alarm illuminating the exposed state of our critical storage or combined heat and power. infrastructure. Third – and central to this report – a new, advanced It also has become clear that cyberterrorists can rely breed of microgrid, the cybersecure microgrid, on human behavior to inadvertently aid and abet their elevates cyber protection and energy resiliency to a destructive intentions. The “WannaCry” ransomware new level. It does so by incorporating the distributed attack, which affected 200,000 systems in 150 nations asset concept into the software intelligence that on May 12, 2017, occurred largely because computer manages the microgrid. Rather than having a single users failed to follow proper computer hygiene master control system, or “brain,” the cybersecure practices, say security experts. By neglecting to update microgrid has several. If bad actors penetrate the common Microsoft software with regularly offered microgrid and disable a controller, another controller security patches, they left the door open to malware. can automatically step in to manage the system. This 2 affords operators of cybersecure microgrids time In December 2016, The Wall Street Journal reported to isolate the breach without disrupting the flow of that American officials believe a 2014 cyber attack power to the critical buildings and equipment the against the U.S. energy industry resulted in at least 17 microgrid serves. companies being penetrated, including four electric utilities. A study by Cisco found that 70 percent of To fully appreciate the value of microgrid utility security professionals reported they have cybersecurity, it’s necessary to first understand the experienced at least one security breach. centralized architecture upon which the larger grid has been built for a century. This makes clear why fear Grid cyberattacks no longer theoretical concern exists that a strategic cyber attack could topple the In an April 2017 article, the Council on Foreign grid, especially as we enter the age of the “Internet of Relations said that grid cyber attacks are no things,” explained in the next chapter. longer just a theoretical concern, and that rapid digitalization, low investment in cybersecurity, and a Chapter 2: Grid Cyber Attacks: How is weak regulatory regime make the country even more Our Electric System Vulnerable? vulnerable. The North American electric power grid has been As vulnerable as the grid is in its current state, it is described as a single enormous machine, one of becoming more susceptible to attack as we expand the largest in the world, with about 1,000 GW of our energy-related network with smarter homes and generation and 200,000 miles of transmission lines. cities that incorporate distributed energy, electric vehicles, and Internet-of-Things (IoT) appliances that It is a single machine in the sense that all the parts include everything from laptops and cameras to cell have to work together. If there is a fault within any phones, street lights, and thumb drives. A world of of those semi-autonomous grids, failures can ripple interconnected devices makes life more convenient, through the rest of the system. The system is built to but these devices all rely on a rapidly growing number be resilient and ride through faults – up to a point. of interconnected digital interfaces. Those interfaces The grid’s vulnerability was demonstrated on a large offer potential entry points for cyber attacks of all scale in 2003 when an overloaded transmission line kinds. sagged and touched a tree south of Cleveland, Ohio. This growing threat has captured the attention of the Within minutes, a mix of equipment failure and human utility industry.