Are we seeing the beginning of an awareness of physics issues in power grid security and reliability

June 15, 2020
Given Stuxnet, Triton, Aurora, and the issues that precipitated Presidential Executive Order 13920, the domain experts need to be involved in developing cybersecurity scenarios and possible mitigation strategies as many of these scenarios are not addressed by the NERC CIPs.

A university researcher in power electronics with a joint appointment at one of the DOE national laboratories spoke at a meeting recorded in the local paper (https://www.governing.com/now/Researcher-Reassures-US-Power-Grid-Is-Stable-and-Robust.html). According to the researcher, "a large countrywide blackout is very unlikely". In answers to questions, the researcher indicated that operation of the U.S. electric grid is not seriously threatened by the coronavirus pandemic, lightning or cyberattacks, but acknowledged that  the grid might be vulnerable to a large-scale blackout (such as the Quebec blackout of 1989) as a result of electromagnetic pulses from a rare solar storm that could destroy electronic controls and transformers. This is a very senior researcher who has worked on DOE and EPRI research projects on grid reliability. 

On June 8, 2020, I had a chance to discuss the article with the researcher about the statement the electric grid is not seriously threatened by cyberattacks. The researcher’s rationale was that cyberattacks cannot cause physical damage. Consequently, the researcher did not consider cyber threats to be a significant concern. However, the researcher was not aware of the details of the Aurora vulnerability or other physics-based cyberattacks that can, and have, caused physical damage. 

The Aurora vulnerability is publicly known, as the Department of Homeland Security (DHS) declassified most of the experiment’s records in 2015. Aurora involves physics issues which are very insidious. Aurora is not malware, but it could be induced by a cyberattack. Rather, Aurora is a gap in electric grid protection that occurs before the relay protection can actuate. Aurora uses the protective relays as the attack mechanism and the electric grid as the vehicle for damaging any Alternating Current (AC) rotating equipment and transformers connected to the affected substation (see previous blogs and the 2013 Power magazine article on Aurora).

This is not the first time I have had conversations with university researchers studying the grid who were unaware of Aurora and other physics issues.  In each case, when Aurora was explained, the researchers immediately understood the mechanism and at least some of the potential impacts. One of the researchers was Ken Loparo from Case Western Reserve University. Ken, Neil Holloran from DOD, and myself participated in a panel at the 2017 ICS Cyber Security Conference discussing physics issues that could be initiated or exacerbated by cyber. The scenarios generated significant discussion with the cyber security researchers in the audience.

The researcher was also unaware of the implications of the recent Western Area Power Administration (WAPA) transformer compromise that resulted in Presidential Executive Order 13920. Apparently, it was an eye-opening conversation, as the researcher is now interested in potential joint papers on cyber issues that can cause physical damage that affects the reliability of the electric grid.

Given Stuxnet, Triton, Aurora, and the issues that precipitated Presidential Executive Order 13920, the domain experts need to be involved in developing cybersecurity scenarios and possible mitigation strategies as many of these scenarios are not addressed by the NERC CIPs.

Joe Weiss