Hacking the grid may not be as difficult as the October 13, 2017 Wired article suggests

Oct. 18, 2017

Aurora, forced oscillations, and other types of incidents that can manipulate physics may not be a difficult to cause as previously believed and may not be detectable from network anomaly detection.

 

October 13, 2017, Andy Greenberg from Wired Magazine wrote an article: “Hacking a Power Grid in Three (Not So Easy Steps)”.  The gist of the article was that it would take a significant amount of work and even then it would be difficult to “turn off the power”. However, I don’t believe it would be as difficult as the Wired article suggests.

NERC issued the draft guideline “Forced Oscillation Monitoring and Mitigation”, dated June 2017. The report states that simulation studies show that if a forced oscillation interacts with a system mode that has weak damping, it can lead to wide-area resonant oscillations of large amplitude that can lead to potential blackouts such as the August 10, 1996 blackout in the Western Interconnection. The sustained presence of significant forced oscillations on the Bulk Power System could lead to long-term effects such as equipment fatigue and potential damage to rotor shafts exposed to such sustained, high magnitude oscillations. Power quality may also be a concern depending on the amplitude and frequency of the forced oscillations. The gist of the NERC report states:

- Forced oscillations can be either unintentional or malicious (Aurora can be viewed as a form of forced oscillations)

- The oscillations can be caused by systems outside NERC CIP scope and spread across large sections of the grid

- The oscillations can be caused by plants or substations outside NERC CIP scope (small or distribution) and spread across large sections of the grid

- There is no security in Level 0,1 devices which can be used to cause the forced oscillations or prevent early detection of the oscillations

- There have been numerous articles in IEEE and other periodicals on system disturbances (this is not an arcane subject to electrical engineers)

Recall that DHS declassified the INL Aurora report several years that identified details about the Aurora vulnerability, yet Aurora hardware mitigation, in general, is lacking. Additionally, Aurora, forced oscillations, and other types of incidents that can manipulate physics may not be detectable from network anomaly detection.

We were already scheduled to have a panel session on October 25th at the ICS Cyber Security Conference with Neil Holloran from Navy Mission Assurance Division and Ken Loparo from Case Western University on using cyber to manipulate physics to cause kinetic damage. The recent release of the NERC report makes the session even more important.

Joe Weiss