Nearly every aspect of our daily lives – from shopping for groceries through a smartphone app to keeping up with friends and family on social media, or relying on smart grid technology to power homes and businesses – is connected to the vast world of the internet. Because of this, it might seem as if there’s nothing we can do to protect ourselves from a cyberattack, but according to the U.S. Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response, “Everyone has a role in making cyberspace secure.”
That sense of shared responsibility is not only this year’s overarching theme for National Cybersecurity Awareness Month, but it has also inspired the work of many scientists, including cybersecurity expert Sean Peisert of the DOE’s Lawrence Berkeley National Laboratory (Berkeley Lab).
Peisert is one of thousands of DOE scientists who have dedicated their careers to finding the best solutions to some of our nation’s biggest problems. He is a staff scientist in Berkeley Lab’s Computational Research Division, an associate adjunct professor of computer science at UC Davis, and the chief scientist for cybersecurity for CENIC (Corporation for Education Network Initiatives in California).
In recognition of National Cybersecurity Awareness Month – an annual initiative first launched in October 2004 by the Department of Homeland Security and the National Cyber Security Alliance to raise awareness about the importance of staying safe and secure online – Peisert discusses new cybersecurity approaches that have the potential to keep our energy infrastructure safe.
Q: What can we do to protect energy infrastructure equipment connected to the internet?
A: Even though computer systems are complex, the network-connected physical components that operate the power grid – such as the transformers, tap changers, and power inverters, for example – have characteristics about their operation that may make cybersecurity more tractable.
Specifically, these physical components obey the laws of physics. Therefore, we have shown that it is possible to measure – through insights about those laws, the use of proper sensors, and statistical algorithms – whether they’re performing the way they were designed to behave before a cyberattack or a weather-related event, then watch for changes, and determine the cause.
This notion that we can determine if a system that controls power grid equipment is obeying the laws of physics is a very different approach to detecting cyberattacks against more “traditional” computing targets where there is no such set of physical laws that the systems must obey.
Q: What are the most promising new approaches for keeping our power grids and aging energy infrastructures safe?
A: I think one of the most promising approaches lies in marrying “safety engineering” principles – which are grounded in the immutable laws of physics – with computer security. For example, at Berkeley Lab, I am currently leading a project with several academic and industry partners to develop a cyberthreat detection application that would send an early warning to grid operators if equipment like a capacitor bank switch or transformer tap changer in a substation, for example, is behaving in an unexpected way due to a cyberattack, long before existing techniques would detect such behavior, and before the behavior could result in actual grid instability.
For this project, we are leveraging distribution-level phasor measurement units to detect cyber-physical attacks on the power distribution grid to capture information about the distribution grid’s physical state. We then combine this data with SCADA (supervisory control and data acquisition) information, which is commonly used in electric grid monitoring, to provide real-time feedback about system performance.
Our use of high-frequency power sensors provides a redundant set of measurements that gives us a high-fidelity way of tracking what is going on in the power distribution grid. By looking at those measurements alone, or by looking for discrepancies by comparing those measurements with what was reported by the equipment, we can have better insight into whether a hacker was trying to manipulate those components in the power distribution grid.
In a separate project, we are also applying related techniques to detecting and mitigating attacks on rooftop solar inverters to maintain grid stability in the face of such attacks.