Though many Americans focus their terroristic worries on physical violence, such as bombings or shootings, an attack on the nation’s electric grid could have far worse repercussions. And it seems many are either not concerned or ignorant to the threat.
Just last week, officials with the Department of Homeland Security and FBI revealed that Russian hackers have staged cyberattacks against the energy sector and other critical infrastructure since 2016. According to thehill.com, In one case, hackers remotely accessed a human-machine interface, a device used by individuals to operate large industrial control systems — meaning they could have shut off power.
In December, it was announced that malware had been deployed onto the Triconex product line, a group of safety-instrumented systems made by Schneider Electric. Though investigators later determined that the TRITON malware was crafted to affect a specific version of the targeted plant’s 10-year-old Tricon controller, which was running an older version of firmware.
The triton malware, as it was named, is designed to tamper with or even disable Schneider’s Triconex products, as well as “distributed control systems,” made by a separate company, used by human operators to monitor industrial processes. It was later announced that the malware was designed to tamper only with a specific model of a legacy Tricon controller that was operating at the site. The attack’s sophistication and the attack vector demonstrate that the incident is not unique to Triconex controllers; it could have been carried out on any industrial system.
In a “Washington Post” editorial, Robert J. Samuelson, quoting former Obama administration official Robert Knake, suggests that one possible way to counter cyberattacks against the nation’s electric grid, is to take it offline. “Instead of using the Internet to transmit data and operating instructions, communications would shift to a self-contained network,” Knake says. “Although some Internet connections might remain, it would be harder for outsiders to penetrate the system and take control of electricity flows.”
This is not the first time such a quasi-solution has been proposed. On foreignpolicy.com, Michael Assante, the head of industrial control systems at the SANS Institute, which provides cybersecurity training to security professionals, said utilities would be wise to integrate tools that aren’t connected to networks or are completely analog into a sophisticated control system.
Researchers at the engineering consulting firm Kenexis have come up with similar proposals to use mechanical technology as a cybersecurity measure. In recent years, designers of high-speed rotating systems such as centrifuges have used computers to control them from moving too fast, a shift that has left them vulnerable to hacks like the Stuxnet attack on Iran’s nuclear facilities.
“Scientific American” recently interviewed Robert M. Lee, CEO of cybersecurity firm Dragos, Inc. Lee says, “a lot of these cyberattacks deal with the computer technology and the interconnected nature of the infrastructure. And so when they target it in that way, you’re talking hours, maybe a day, at most a week of disruption. For reasonable scenarios, we’re not talking about a long time of outages, and we’re not talking about compromising safety.”
However, he warns, the nation’s adversaries are learning more about the country’s industrial systems and thinking about how to potentially destroy equipment. They’re becoming more aggressive.
The US military is turning to microgrids for security against potential cyberwarfare. Last October, Indiana National Guard’s Camp Atterbury announced a partnership with Duke Energy to install a microgrid. And earlier this year, the US Army unveiled a 10-MW solar microgrid-ready project at the Redstone Arsenal in Alabama.
A paper by Michigan Technological University engineering and energy policy experts published last spring concluded that microgrids could help the US military stay operational following an attack on the country’s electricity grid.
The 3rd Annual Environmental Leader & Energy Manager Conference takes place May 15 – 17, 2018 in Denver. Learn more here.