Cybersecurity goes undercover to protect electric grid data

Newswise — Inspired by one of the mysteries of human perception, an ORNL researcher invented a new way to hide sensitive electric grid information from cyberattack: Within a constantly-changing color palette.

Peter Fuhr, who heads the Grid Communications and Security group at ORNL, was intrigued by synesthesia. This lifelong condition causes some people to experience one sense through another, such as perceiving sounds as colors. Fuhr applied this concept to encrypting the “language” of grid management software into colors.

Utilities use a computerized system for gathering and analyzing real-time data to monitor and control equipment. That system communicates with hardware using strings of letters. The letters can be translated into color combinations displayed as bars, wheels or swirls. The color patterns in turn are faded beneath another image, such as a colorful pointillist painting, or hidden between the frames of a video feed. The decoding key rotates with each sensor reading. It changes based on the Fibonacci Sequence, in which each subsequent number is derived by adding the two previous numbers.

This innovative approach has already drawn attention from private companies interested in licensing, Fuhr said. The concept was tested in the field for six months using a secure link between ORNL and the public utility EPB of Chattanooga. The encoded colors are transferred using communication links among video cameras at EPB’s electrical substations.

“It’s not traveling the IT or operating network, which makes it even harder for bad actors to find,” Fuhr said. “And it’s on the video so briefly, it’s just subliminal.” The conscious mind doesn’t register the image.

A central machine receives this sensor data about temperature, pressure, voltage, current and electromagnetic fields, then decodes it automatically. Anything suspicious will immediately alert the utility’s central equipment control system.

To crack the color code, Fuhr said, an attacker would have to locate the color bar, know the equipment’s protocol language and the sensor’s IP address, and rapidly guess the right color – or letter – combination at the correct point in the Fibonacci sequence.

These layered defenses are important for utilities because remote tampering with substation equipment can quickly destabilize the power supply. For example, spoofing a thermal sensor to report a very low temperature might cause fans to shut off. That could cause overheated equipment to fail, triggering a blackout.

More than 100 attacks or incidents of suspicious activity were reported in 2022 at substations across the country. Although many were physical attacks on equipment, the 70 percent increase in their frequency has raised public concern and led utilities and elected officials to focus on the threat.

Jim Glass, senior manager for smart grid development at EPB, said it’s vital for utilities to have a toolbox of cybersecurity approaches. “What makes cybersecurity so much more critical is that if somebody can get access to the secure network that operates utility equipment, it would be as if they’d broken into all the substations at once,” he said. That’s compounded by multiplying points of access to the system: sensors and digital equipment on power poles, smart meters, even smart home technology that utilities may be able to directly control.

Glass said Fuhr’s invention is helpful because it could be combined with a variety of other types of security coding. “And it doesn’t matter what the communication method is. You could secure or hide the data this way to make it very difficult for someone to intercept,” Glass said.

UT-Battelle manages ORNL for DOE’s Office of Science, the single largest supporter of basic research in the physical sciences in the United States. DOE’s Office of Science is working to address some of the most pressing challenges of our time. For more information, visit https://energy.gov/science.