New Cops On The Utility Beat

This sounds like a scary Hollywood movie:

A clever enemy plans to tap commands into a computer or cell phone and ppfftt—the power goes off to a whole city, maybe the whole country. The fiendish troublemaker, hidden hundreds of miles away, schemes to shut down electric service and foul up every part of daily life for millions of Americans. Can he or she be stopped in time?

Right now, that plotline is just imaginary.

Here’s what’s true:

Every day, utilities fight off annoying electronic threats. Real-life good guys—engineers and security experts—are on the job, racing to stay ahead of villains who might try something horribly destructive.

Computers everywhere
Safety and security issues have been a concern ever since the first poles and power lines went up more than a century ago. Utility companies routinely work to protect the physical system from threats such as squirrels, lightning, ice, and wind. Stronger poles, thicker wires, and other improvements are constantly added. Since 1958, the North American Electric Reliability Corporation (NERC) has set standards for the power grid throughout the United States and Canada. Traditionally, NERC’s duties have involved three main areas:

• physical construction standards

• forecasts about supply and demand

• effective and ethical operating guidelines

Today, the power grid infrastructure includes much more than poles and wires. Computers are everywhere, in generating plants, at local utility company offices, even in linemen’s bucket trucks. Electric meters have computer components, too. NERC guidelines and standards help utilities manage all these new pieces of the power grid.

Within electric utilities, security experts use “firewall” systems to build electronic fences to keep long-distance bad guys from infecting utility computers with cyber viruses and worms. Individual electric companies also follow procedures to save and store information in separate safe spots. It’s all part of a growing specialty called “cyber security.”

Last spring, Homeland Security Secretary Janet Napolitano said, “The vulnerability (of the power grid) is something that the Department of Homeland Security and the energy sector have known about for years.”

But something is different today. In the rapidly developing “smart” grid, the power system is no longer just a physical system of sturdy poles and wires. It is also a vast, interconnected communications network of computers, digital data, and electronic devices.

Information used to go in only one direction for a few miles or within two or three counties. Now it can flow quickly back and forth along much longer interwoven paths. Millions of bits of data from appliances and electric meters will interact with other data at substations, utility company offices, and power plants.

In this new smarter grid, thousands of big and small decisions every minute will be based on the accuracy and timeliness of that information.

But what if the electronic signals turn into nonsense, or stop altogether?

Last year, NERC President and CEO Rick Sergel said, “Cyber security and critical infrastructure protection continue to be a top priority for our organization as we work to ensure the reliability of the bulk power system in North America.”

To help guard against disruptions caused by outsider attacks against computer networks, NERC recently began a series of studies and seminars to help utility industry pros think of practical solutions. NERC is working to develop new standards in a dozen different areas. They’re giving special attention to helping utilities identify risk areas, manage their individual security systems better, and train personnel to more quickly recognize and respond to threats.

Utility’s neighborhood watch
Malicious attacks against computers are growing worldwide.

The U.S. Department of Energy’s Argonne National Laboratory recently developed a new program, the Federated Model for Cyber Security, to help security system managers in many different places talk to each other. Similar to a neighborhood block watch program, the new system allows people in many different industries to alert each other as soon as they discover attempts to sabotage vital computer networks, and discuss how they responded to stop any damage.

That advance warning system is only one step toward protecting the grid from increasing threats.

The National Rural Electric Cooperative Association (NRECA) is actively involved in discussions with its members, NERC, and other federal officials about dealing with other emerging security issues.

Barry R. Lawson, manager of NRECA’s Power Delivery section, says, “NRECA and other electric utility trade associations are working to ensure to the extent possible that vendors and manufacturers of smart grid equipment and systems are including cyber security protections in their equipment during the development and manufacturing stage. It is much more efficient and effective for such protections to be in place at the front end rather than being retrofitted after installation and implementation.”

The goal of all this behind-the-scenes work is for the power to stay on, so electricity consumers won’t notice anything at all.

CYBER SECURITY SECRETS

Utility cyber security experts don’t offer many details about how they protect the nation’s electricity grid from electronic attacks. But here are a few details they’re willing to reveal:

• Electric utility anti-virus and firewall systems are much more sophisticated than what you can buy off the shelf for your home computer.

• Information sent between computers is encrypted into secret codes.

• Communication lines are designed to be redundant, meaning if one path is blocked, another can be used.

• National government and utility groups are constantly sharing information and working together to stay ahead of computer hackers and others who might try to damage the electricity network.