1. Home

Hacking the grid may not be as difficult as the October 13, 2017 Wired article suggests

Oct. 18, 2017

Aurora, forced oscillations, and other types of incidents that can manipulate physics may not be a difficult to cause as previously believed and may not be detectable from network anomaly detection.

 

October 13, 2017, Andy Greenberg from Wired Magazine wrote an article: “Hacking a Power Grid in Three (Not So Easy Steps)”.  The gist of the article was that it would take a significant amount of work and even then it would be difficult to “turn off the power”. However, I don’t believe it would be as difficult as the Wired article suggests.

NERC issued the draft guideline “Forced Oscillation Monitoring and Mitigation”, dated June 2017. The report states that simulation studies show that if a forced oscillation interacts with a system mode that has weak damping, it can lead to wide-area resonant oscillations of large amplitude that can lead to potential blackouts such as the August 10, 1996 blackout in the Western Interconnection. The sustained presence of significant forced oscillations on the Bulk Power System could lead to long-term effects such as equipment fatigue and potential damage to rotor shafts exposed to such sustained, high magnitude oscillations. Power quality may also be a concern depending on the amplitude and frequency of the forced oscillations. The gist of the NERC report states:

- Forced oscillations can be either unintentional or malicious (Aurora can be viewed as a form of forced oscillations)

- The oscillations can be caused by systems outside NERC CIP scope and spread across large sections of the grid

- The oscillations can be caused by plants or substations outside NERC CIP scope (small or distribution) and spread across large sections of the grid

- There is no security in Level 0,1 devices which can be used to cause the forced oscillations or prevent early detection of the oscillations

- There have been numerous articles in IEEE and other periodicals on system disturbances (this is not an arcane subject to electrical engineers)

Recall that DHS declassified the INL Aurora report several years that identified details about the Aurora vulnerability, yet Aurora hardware mitigation, in general, is lacking. Additionally, Aurora, forced oscillations, and other types of incidents that can manipulate physics may not be detectable from network anomaly detection.

We were already scheduled to have a panel session on October 25th at the ICS Cyber Security Conference with Neil Holloran from Navy Mission Assurance Division and Ken Loparo from Case Western University on using cyber to manipulate physics to cause kinetic damage. The recent release of the NERC report makes the session even more important.

Joe Weiss

Continue Reading

Sponsored Recommendations

2024 Industry Trends | Oil & Gas

We sit down with our Industry Marketing Manager, Mark Thomas to find out what is trending in Oil & Gas in 2024. Not only that, but we discuss how Endress+Hau...

Level Measurement in Water and Waste Water Lift Stations

Condensation, build up, obstructions and silt can cause difficulties in making reliable level measurements in lift station wet wells. New trends in low cost radar units solve ...

Temperature Transmitters | The Perfect Fit for Your Measuring Point

Our video introduces you to the three most important selection criteria to help you choose the right temperature transmitter for your application. We also ta...

2024 Industry Trends | Gas & LNG

We sit down with our Industry Marketing Manager, Cesar Martinez, to find out what is trending in Gas & LNG in 2024. Not only that, but we discuss how Endress...

Latest from Home

Most Read

Sponsored