Across the United States, 3200 separate organizations own and operate electrical infrastructure. The widely dispersed nature of the nation’s electrical grid and associated control systems has a number of advantages, including a reduced risk that any single accident or attack could create a widespread failure from which it might take weeks to recover.
Since the late 1990’s, however, cost pressures have driven the integration of conventional information technologies into these independent industrial control systems, resulting in a grid that is increasingly vulnerable to cyber-attack, either through direct connection to the Internet or via direct interfaces to utility IT systems.
Although utilities are increasingly focused on their cyber-defense needs, the process of identifying, purchasing and installing commercial host-defensive technologies across the industry may take many years.
In an effort to address the cyber threat to the country’s electrical grid within a shorter time frame, DARPA has released a Broad Agency Announcement (BAA) detailing research aims for the early detection of cyber-attacks to power-grid infrastructure and seeking ways to reduce the time required to restore power.
The ultimate goal of the program, known as Rapid Attack Detection, Isolation and Characterization Systems (RADICS), is to develop automated systems that would help cyber and utilities engineers restore power within seven days of an attack that overwhelms the recovery capabilities of power providers.
“If a well-coordinated cyberattack on the nation’s power grid were to occur today, the time it would take to restore power would pose daunting national security challenges,” said John Everett, DARPA program manager.
“Beyond the severe domestic impacts, including economic and human costs, prolonged disruption of the grid would hamper military mobilization and logistics, impairing the government’s ability to project force or pursue solutions to international crises.”
An early warning capability for power suppliers could prevent an attack entirely or blunt its effects, such as damage to equipment. But the vast scale of the nation’s electrical infrastructure means that some number of systems are likely to be in an abnormal state at any given time, and it can be difficult to distinguish between routine outages and actual attacks.
RADICS looks to develop advanced anomaly-detection systems with high sensitivity and low false positive rates, based on analyses of the power grid’s dynamics.
Recognizing that in some locations Internet infrastructure may not be operational after an attack, or that hackers may have embedded malicious code in utilities’ IT systems during an attack, RADICS also calls for the design of a secure emergency network that could connect power suppliers in the critical period after an attack.
The creation of such a network will require new research into advanced security measures, as well as innovative technologies to facilitate the rapid connection of key organizations, without relying on advance coordination among them.
“Isolating affected utilities from the Internet would enable recovery efforts to proceed without adversary surveillance and interference,” Everett said, “and providing an alternative means for online coordination would enable a more orderly restoration of power among affected organizations.”
Finally, the RADICS BAA calls for the research and development of systems that can localize and characterize malicious software that has gained access to critical utility systems. These systems will augment the abilities of skilled cyber first responders to triage impacted systems and assist utility engineers with the rapid and safe recovery of power.