Abstract
There is confidence that the globalised, networked systems we have built are resilient enough to overcome significant disruptions. What if this confidence is misplaced? This article seeks to answer this question in relation to what is likely the most important of humankind’s networks: the electrical grid. Two methods for conducting a cyber attack against the electrical grid will be considered; the first for disrupting the grid, and the second for destroying core elements. A warning will be offered to the West not to rely on technological supremacy in cyberspace as a deterrent to cyber attacks.
By Joseph Dillon
Introduction
We live in a connected world. Recent disruptions to these connections have forced us to consider the fragility of the networks we rely on. A large vessel blocking a shipping lane[1], an oil pipeline shut down[2] - problems that, once resolved, quickly begin to fade from memory. Our systems and networks are impressive but sometimes more fragile and tenuous than we care to consider. There are few systems more relied upon, and more worthy of our attention, than the electrical grid. The global electrical generation and transmission system is itself expected to be worth over 4.5 trillion USD by 2025[3], most economic activity relies upon it, and the role of electrification is considered ‘the key to tackling climate change’[4]. It is therefore prudent to consider how such a vital system could be threatened. Nature and determined individuals often pose local problems to electrical grid systems but there is only one tool that could be considered an existential threat: computer code. This article will take just two straightforward scenarios to signal a warning about the security of our electrical grid.
Disruption
In December 2015 technicians at the Prykarpattyaoblenergo electrical control centre in Western Ukraine were stunned as they watched what seemed to be a ghost retrieving files on their computer screens, selecting substations, and opening circuit breakers[5]. The ‘ghost’ had manually cut the power to over 230’000 residents. The next year it returned but had automated its methods; the so-called ‘CrashOverride’ malware speedily opened Ukrenergo’s circuit breakers, this time cutting off electricity to 100’000 people[6]. In both instances, a relatively simple exploit of the Industrial Control Systems (ICS) that governed the behaviour of the grid was employed. Although the malware in the 2016 attack also employed a number of nefarious tricks to inhibit a speedy recovery, both attacks relied on finding a switch and turning it off via a computer command.
That both attacks were resolved in a matter of hours is testament not so much to the speed and ingenuity of Ukrainian grid operators (although there was certainly a good measure of both), but to the fact that it was possible to undo the malicious cyber activity by sending out work crews to physically close circuit breakers[7]. This workaround becomes decreasingly viable the greater the level of digital control there is throughout an electrical grid. Energy and electrical companies have traditionally been pioneers in the digitalisation of their networks with a special emphasis on digital sensors to generate accurate data about their systems[8]. But with the Internet of Things (IoT) age upon us, digital sensors will increasingly be paired with digital controls. The world’s first entirely digital circuit breaker was, for example, recently approved for use in the United States[9].
While all of these innovations represent significant improvements in safety and efficiency, they also undoubtedly come with a significant risk of cyber sabotage. Here is the first scenario: a piece of malicious code finds its way to a digital component. It either opens a switch, causing blackouts or closes a switch, overloading and potentially damaging a local portion of the network. Neither action is the most damaging though. After fiddling with the component, the malware then erases its motherboard, rendering it inoperable. A closed switch remains closed - an electricity blackout persists. The only way to fix this situation would be to send out technicians to each afflicted device to either repair or entirely replace them. The danger of this scenario becomes apparent when one considers the twin trends of increasing digitisation and decreasing human labour force in this industry. What will happen if tens of thousands of digital components are tampered with in this way and there is only a tiny workforce of technicians available? We will not be counting the length of the blackouts in hours but in weeks.
Destruction
The power to interfere with the transmission and distribution of electricity is concerning enough on its own but there are greater threats. It is also possible to destroy the heart of our grids - generators - with just a few lines of code. In 2007, researchers from the Idaho National Laboratory (INL) conducted the ‘Aurora’ test; our second scenario. The live demonstration involved a 27-ton diesel-electric generator shredding itself to pieces within seconds. The machine’s computer brain had been infected with malware that caused its circuits to close without the generator first synchronising with the wider grid frequency. The resulting torque force as the spinning dynamo (the component that generates electricity) instantly decelerated was more than enough to cause catastrophic damage. The malware, smaller than the average gif, simply changed a ‘1’ to a ‘0’ at an inopportune moment[10]. This type of attack has been carried out, not on electrical grids but on Iran’s nuclear materials production facilities. The ‘Stuxnet’ malware caused Iranian centrifuges to spin out of control and destroy themselves and is thought to be the ‘first instance of a computer network attack known to cause physical damage across international boundaries’[11]. Both the Aurora test and Stuxnet prove that malware can be used not just to disrupt computer systems but to destroy the machines they interact with. The dynamos of nuclear, hydroelectric, coal and gas plants and even wind turbines are susceptible to being destroyed in this way.
Governments and private corporations, to soothe concern about such threats, often point to countermeasures and security practices that are in place. Two common claims are about the fundamentally different nature of Supervisory Control and Data Acquisition (SCADA) systems and about ‘air-gapping’ critical infrastructure. The first claim centres on the fact most critical infrastructure do not rely on off-the-shelf software, rather integrating ‘bespoke operating systems’[12]. It is true that the average malware that preys on popular operating systems would have no direct effect on ICS/SCADA systems. But this is more an inconvenience than an obstacle to hackers. Siemens, for example, uses its Structured Control Language (SCL) for most of its SCADA products and it makes detailed manuals publicly available[13]. It’s a chore to learn this language but a determined or talented (or experienced) hacker will not find the task too taxing. The claim that systems are air-gapped - that a critical system is not connected to the internet and therefore cannot be infiltrated - was never a security guarantee and is becoming ever more dubious. The air-gapping of Iranian centrifuge facilities was strictly policed but it was overcome by the Stuxnet malware[14]. In any case, it’s becoming unnecessary to find ways to overcome air-gapping as, with increasing digitisation and interconnectivity, the practice has effectively disappeared[15]. Companies maintain extensive networks with thousands of machines and millions of devices via the internet because it’s cheaper to remotely and immediately update firmware rather than sending a technician out to physically replace or update a component, to give just one reason. We know that if a device has an internet connection it can potentially be hacked.
Conclusion
The benefits of further incorporating digitalisation and IoT technology within the electrical grid certainly outweigh the costs. But we cannot accept vague or generic security assurances when the stakes are so high. We know that Russia has already infiltrated critical infrastructure of the United States electrical grid[16], Iran has caused blackouts in Turkey[17], the European Network of Transmission System Operators for Electricity (ENTSO-E) suffered a successful network intrusion[18], China has demonstrated its ability to disrupt the grid in India[19]. This list will continue to grow.
The West (especially the United States) remains the most capable in terms of aggressive cyber capabilities, but this is not the deterrent we might think it to be. Western societies are far more digitised, interconnected and therefore susceptible to the kinds of attacks outlined above. We can certainly disrupt Russia’s electrical grid for example but, like in Ukraine, they can largely manually resolve the situation. The more control we hand over to digital systems the less this manual fix is available to us. It is precisely our lead in advanced digital technology that makes us so vulnerable.
Sources
[1] Harper, J. (2021) ‘Suez blockage is holding up $9.6bn of goods a day’ BBC Business, MArch 26th. Available at: https://www.bbc.com/news/business-56533250.
[2] Hay Newman, L. (2021) ‘DarkSide Ransomware Hit Colonial Pipeline—and Created an Unholy Mess’ Wired, May 10th. Available at: https://www.wired.com/story/darkside-ransomware-colonial-pipeline-response/.
[3] PR Newswire (2021) ‘Global Electric Power Generation, Transmission, and Distribution Market Report (2021 to 2030) - COVID-19 Impact and Recovery’ Research and Markets. March 16th. Available at:
[4] Roberts, D. (2017) ‘The key to tackling climate change: electrify everything’ Vox, October 27th. Available at: https://www.vox.com/2016/9/19/12938086/electrify-everything.
[5] Zetter, K. (2016) ‘Inside the Cunning, Unprecedented Hack of Ukraine's Power Grid’ Wired, March 3rd. Available at: https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/.
[6] Slowick, J. (2019) ‘CRASHOVERRIDE: Reassessing the 2016 Ukraine Electric Power Event as a Protection-Focused Attack’ Dragos, August 15th. Available at: https://www.dragos.com/wp-content/uploads/CRASHOVERRIDE.pdf.
[7] Greenberg, A. (2019) Sandworm: A New Era of Cyber War and the Hunt for the Kremlin’s Most Dangerous Hackers. Doubleday: New York. (p.142)
[8] Turk, D. (2017) ‘Digitalisation and Energy’ International Energy Agency. Available at: https://iea.blob.core.windows.net/assets/b1e6600c-4e40-4d9c-809d-1d1724c763d5/DigitalizationandEnergy3.pdf.
[9] Kiedaisch, J. (2019) ‘How the World's First Digital Circuit Breaker Could Completely Change Our Powered World’ Popular Mechanics, May 22nd. Available at: https://www.popularmechanics.com/technology/infrastructure/a27557804/digital-circuit-breaker/.
[10] Greenberg, A. (2020) ‘How 30 Lines of Code Blew Up a 27-Ton Generator’ Wired, October 23rd. Available at: https://www.wired.com/story/how-30-lines-of-code-blew-up-27-ton-generator/.
[11] Lindsay, J.R. (2013) ‘Stuxnet and the Limits of Cyber Warfare’ Security Studies, 22(3), p. 365-404.
[12] Palmer, D. (2019) ‘Half of industrial control system networks have faced cyberattacks, say security researchers’ ZDNet, March 27th. Available at: https://www.zdnet.com/article/half-of-industrial-control-system-networks-have-faced-cyber-attacks-say-security-researchers/.
[13] Siemens (2021) ‘SIMATIC ET 200SP Manual Collection’ Product Support, March 30th. Available at: https://support.industry.siemens.com/cs/document/84133942/simatic-et-200sp-manual-collection?dti=0&lc=en-US.
[14] Collins, S. and McCombie, S. (2012) ‘Stuxnet: the emergence of a new cyber weapon and its implications’ Journal of Policing, Intelligence & Counter Terrorism, 7(1), p. 80-91.
[15] Cohen-Sason, D. (2016) ‘End the air gapping myth in critical infrastructure security’ Cyberbit, December 15th. Available at: https://www.cyberbit.com/blog/ot-security/air-gapping-myth-critical-infrastructure/.
[16] Kury, T.J. (2018) ‘Russians hacked into America’s electric grid. Here’s why securing it is hard’ The Conversation, April 11th. Available at: https://theconversation.com/russians-hacked-into-americas-electric-grid-heres-why-securing-it-is-hard-94279.
[17] Halpern, M. (2015) ‘Iran Flexes Its Power by Transporting Turkey to the Stone Age’ Observer, April 22nd. Available at: https://observer.com/2015/04/iran-flexes-its-power-by-transporting-turkey-to-the-stone-ages/.
[18] Ranger, S. (2020) ‘European electricity association warns of office network breach’ ZDNet, March 11th. Available at: https://www.zdnet.com/article/european-electricity-association-warns-of-office-network-breach/.
[19] Sanger, D.E. and Schmall, E. (2021) ‘China Appears to Warn India: Push Too Hard and the Lights Could Go Out’ The New York Times, February 28th. Available at: China Appears to Warn India: Push Too Hard and the Lights Could Go Out - The New York Times (nytimes.com).
