Sniffing Out Grid Attacks

A $77 million DARPA program is building automated cyberdefenses for power grids

4 min read

Sniffing Out Grid Attacks
The Grid’s Pulse: A new system sees small grid events as minute changes in phase angle.
Photo: Peter Fairley

Power quality expert Alex McEachern­ set out to build an advanced power sensor for utility distribution grids, and he accidentally ended up producing a promising tool to protect power grids from cyberattack. Data from the equipment—developed by McEachern and collaborators at the University of California, Berkeley, and Lawrence Berkeley National Laboratory (LBNL)—will be part of the starter pack for R&D contractors participating in a US $77 million power grid cybersecurity program that the Defense Advanced Research Projects Agency (DARPA) kicked off in August.

Defending against cyberattacks is a mission with new urgency following the Internet-based disruption of Ukraine’s power grid in December 2015—a sophisticated hack planned and executed over more than six months by what is widely thought to be a well-financed team within Russia. Cyber­security experts called that attack a wake-up call for North American utilities, which are just beginning to invest in network monitoring and other active defenses for their industrial control systems.

It may take “many years” for U.S. utilities to mount effective defenses against what could be devastating attacks, DARPA stated in a December 2015 press release announcing its Rapid Attack Detection, Isolation, and Characterization Systems (RADICS) program.

The goal of RADICS is to develop automated power grid defense systems that are independent of utilities. The program envisions systems that can detect grid cyberattacks, isolate key utility equipment, and accelerate the reboot of power systems postattack. McEachern’s sensors are fundamental to the four-year effort’s initial phase (dubbed Steel Thread), whose first task is developing situational awareness on the grid.

The seven RADICS teams must fuse multiple data streams in real time to provide early warning of a cyberattack, and their software must keep performing through the power and communications maelstrom unleashed during a major assault. “The intention is to encourage robust software engineering from the outset,” says John Everett, RADICS program manager.

Today’s best intrusion detection schemes watch for errant commands on industrial control systems. McEachern’s equipment offers a different approach: watching for irregularities in the physical behavior of the grid itself.

His equipment is a version of the phasor measurement units (PMUs) that utilities are increasingly installing to track far-flung transmission grids. PMUs employ GPS to time-stamp readings of voltage, current, and their phase angles—the position of the voltage and current waves in their 60-hertz cycle. Thanks to the time stamps, readings from across grids spanning millions of square kilometers can be synchronized. The big picture that PMUs paint can reveal otherwise unseen strains on the grid and potentially avert regionwide blackouts.

In 2013, McEachern, president of the power quality firm Power Standards Lab, based in Alameda, Calif., and his UC Berkeley collaborator, electrical engineering professor Alexandra­ von Meier, decided to build a “micro-PMU” that could take snapshots of distribution grids. The power flows on distribution grids have become increasingly complex with the spread of rooftop solar systems, energy storage, and other distributed devices.

The micro-PMU had to be affordable, fast, and also exquisitely precise to parse the tiny shifts in AC phase angles that must be measured. The resulting device, manufactured by Power Standards Lab subsidiary Power Sensors, costs about $5,500, samples 4 million times per second, and measures phase angles with 2-millidegree precision.

That precision is hundreds of times better than what PMUs achieve for transmission grids. It took some doing, says McEachern. Even the delays caused by feeding GPS data from external receivers had to be accounted for. “The difference between a couple of meters and 50 meters at half the speed of light—which is more or less the speed in the cable—eats up a significant part of your error budget,” he says.

He and von Meier imagined cyber­defense applications after installing nearly 100 micro-PMUs at their own sites and at half a dozen U.S. utilities under a $4 million funding program from the U.S. Department of Energy. Von Meier, for example, observed that a short circuit at the Lawrence Berkeley lab one day was observed by a micro-PMU in Los Angeles, 550 kilometers away, as a 0.002 percent dip in voltage. Such sensitivity might mean that an operator could remotely tell if a substation switch was opening or closing. If the substation operators “were the ones opening and closing it, that’s great. But if not, that’s a pretty good sign that there’s a cyberattack at least being experimented with,” says McEachern.

McEachern says they immediately filed a provisional patent for the idea and shared it with the U.S. Department of Energy. The latter began a research effort, led by LBNL cybersecurity expert Sean Peisert, to optimize the integration of micro-PMUs within cybersecurity systems for distribution grids. At least two utilities are collaborating.

RADICS teams must develop their own software to use the micro-PMU data. Some of that data will come from micro-PMUs that DARPA is installing this month at several undisclosed locations. One application is detecting spoofing of power grid telemetry, whereby adversaries hide changes to the system’s configuration by sending canned “preattack” signals back to controllers. The micro-PMUs could provide a physical reality check against such spoofing. As one DARPA document put it: “Early warning of only a few minutes may be sufficient for grid operators to take actions that would protect vulnerable equipment.”

As for the micro-PMU’s original inspiration—improving power distribution grids—that remains a work in progress. A recent review by experts at U.S. national laboratories concluded that PMUs offer “important and irreplaceable advantages” over today’s tools. Given the complexity of the grid signals, however, its authors said that more research, including demonstration projects, was needed to capture those benefits.

This article is for IEEE members only. Join IEEE to access our full archive.

Join the world’s largest professional organization devoted to engineering and applied sciences and get access to all of Spectrum’s articles, podcasts, and special reports. Learn more →

If you're already an IEEE member, please sign in to continue reading.

Membership includes:

  • Get unlimited access to IEEE Spectrum content
  • Follow your favorite topics to create a personalized feed of IEEE Spectrum content
  • Save Spectrum articles to read later
  • Network with other technology professionals
  • Establish a professional profile
  • Create a group to share and collaborate on projects
  • Discover IEEE events and activities
  • Join and participate in discussions