An attack on that grid would involve getting out and cutting lines or dropping towers.
But there’s another, less visible piece to the grid – all the computers and communication networks that make it work. Attackers can go after the cyber grid, too. They can do it from a desktop. At no real cost. Potentially from anywhere in the world. With few if any clues left behind.
“From an attack standpoint, that’s the cheapest form of attack with the lowest chance of being caught,” said Doug Jacobson, a University Professor of Electrical and Computer Engineering at Iowa State University. “It’s asymmetrical warfare at its best. A single individual can cause enormous damage.
“It’s not fair.”
And it’s real. Just last month, hackers knocked out dozens of Ukraine’s power substations, blacking out more than a hundred cities and partially blacking out nearly 200 more.
To minimize the threat of that kind of attack, Jacobson and Manimaran Govindarasu, Iowa State’s Ross Martin Mehl and Marylyne Munas Mehl Computer Engineering Professor, are leading studies of grid cyber security while also training industry professionals and educating students to protect the nation’s critical infrastructure.
A major part of their project is developing a high-fidelity, open-access testbed to help secure the power grid. They call it “PowerCyber” and it’s designed to do vulnerability analysis, risk assessment, attack-defense evaluations and other tests.
The power grid is a complex cyber-physical system, Govindarasu said. There are the communication networks with Internet connections, algorithms and software. Then there are the power lines, towers, sensors, relays, actuators and other hardware.
PowerCyber integrates all of those elements – including actual relay equipment and other hardware – then adds sophisticated models of the grid system and virtual Internet technology. That Internet technology is based on ISEAGE (pronounced “ice age,” the Internet-Scale Event and Attack Generation Environment), a controlled, simulated Internet for cyber security studies. Jacobson developed the technology at Iowa State with support from the U.S. Department of Justice.
“We can use this testbed to run attacks and see the consequences on the power system,” Govindarasu said. “If it’s a blackout, how do we mitigate that? We can also prepare for these attacks and for our defenses.”
Industry, for example, could develop and test strategies for beating back repeated attacks.
“The biggest problem with malicious actors is their ability to keep hitting you,” Jacobson said. “Without preparing for that, you have a hard time getting back online.”
The PowerCyber testbed is being developed with support from the National Science Foundation and the U.S. Department of Homeland Security. The U.S. Department of Energy is also supporting other Iowa State projects related to the cyber defense of the country’s power grid infrastructure.
So far, the testbed has been used in industry training and graduate courses. It has also been used as a resource for researchers in industry, at other universities and at national laboratories.
“This is one testbed that we can customize for specific needs,” Jacobson said. “It operates on a wide continuum. It’s not seven testbeds for seven needs.”
One unique need for the testbed is the country’s first Cyber-Physical System Cyber Defense Competition next month at Iowa State. Using Iowa State’s virtual Internet technologies, teams of students and professionals will work to protect power and water systems from simulated cyber attacks during an eight-hour competition.
The end goal of all that researching, developing, training and educating?
“A future electric power grid that is secure and resilient,” the Iowa State engineers wrote in a project summary. After all, “Cybersecurity and resiliency of the power grid is of paramount importance to national security and economic well-being.”
– 30 –