Detecting Cybersecurity Threats by Taking the Grid's Pulse

Power sensors for distribution networks have inspired a $77-million DARPA program to build a suite of automated cyberdefenses for power grids

4 min read

A box on a utility pole is a micro phasor measurement unit (microPMU), which could be a useful too in grid cybersecurity
DARPA teams are building grid defenses using phasor measurement units that combine GPS and power sensors
Power Standards Lab

Power quality expert Alex McEachern set out to build an advanced power sensor for utility distribution grids, and accidentally produced a promising tool to protect power grids from cyber attack. The equipment–developed by McEachern and collaborators at the University of California Berkeley and Lawrence Berkeley National Laboratory—is part of the starter pack for military installations competing in a $77 million power grid cyber security R&D contest that DARPA is kicking off next month. 

“What we’re trying to do is to take the most sensitive instruments that have ever been made for looking at the grid, and looking at what they might be able to see from inside military bases,” says McEachern, who is president of Alameda, Calif.-based power quality firm Power Standards Lab.

Defending against cyber attacks is a mission with new urgency following the Internet-based disruption of Ukraine’s power grid in December 2015—a sophisticated hack planned and executed over more than six months by what is widely thought to be a well-financed team within Russia. Cybersecurity experts called that attack a wake-up call for North American utilities, which are just beginning to invest in network monitoring and other active defenses for their industrial control systems. 

DARPA says it may take “many years” for U.S. utilities to mount effective defenses against what could be devastating attacks. "Beyond the severe domestic impacts, including economic and human costs, prolonged disruption of the grid would hamper military mobilization and logistics, impairing the government’s ability to project force or pursue solutions to international crises,” wrote the agency in a December 2015 release announcing its Rapid Attack Detection, Isolation, and Characterization Systems (RADICS) program.

RADICS' goal is to develop automated power grid defense systems that are independent of utilities. It envisions systems that can detect grid cyberattacks, isolate key utility equipment, and accelerate the reboot of power systems post-attack. McEachern’s sensors are fundamental to the four-year effort’s initial phase (codenamed Steel Thread), whose first task is developing situational awareness on the grid. 

RADICS teams must fuse multiple data streams in real time to provide early warning of a cyber attack. Today's best intrusion detection schemes watch for errant commands on industrial control systems. McEachern’s equipment offers a non-traditional approach: watching for irregularities in the physical behavior of the grid itself. 

His equipment is a version of the phasor measurement units (PMUs) that utilities are increasingly installing to track far-flung transmission grids. PMUs employ GPS to timestamp readings of voltage, current, and their phase angles (i.e. the position of the voltage and current waves in their 60-hertz cycle). Thanks to the timestamps, readings from across grids spanning millions of square kilometers can be synchronized. The big picture PMUs paint can reveal otherwise unseen strain and potentially avert region-wide blackouts.

In 2013 McEachern and his UC Berkeley collaborator, electrical engineering professor Alexandra von Meier, decided to build a “micro-PMU” that could take snapshots of distribution grids, whose power flows have become increasingly complex with the spread of rooftop solar systems, energy storage, and other distributed devices. The U.S. Department of Energy’s ARPA-e program (modeled on DARPA) bought in, providing $4 million in funding for McEachern and von Meier’s efforts in hopes that improving intelligence on system stability would facilitate continued growth of distributed generation.

The micro-PMU had to be affordable, fast, and also exquisitely precise to parse the tiny shifts in AC phase angles that must be measured to analyze distribution grid stability. The resulting device, manufactured by Power Standards Lab subsidiary Power Sensors Ltd., costs about $5,500, samples 4 million times per second, and measures phase angles with 2-millidegree precision.

“We’re watching the volts and the amps and we’re not even inside the substation. We’re five miles away”

That precision is several hundred times better than PMUs for transmission grids. It took some doing, says McEachern. Even the delays caused by feeding GPS data from external receivers had to be accounted for. “The difference between a couple of meters and 50 meters at half the speed of light — which is more or less the speed in the cable — eats up a significant part of your error budget. So we have to do timing measurements on the cable,” says McEachern.

He and von Meier imagined cyberdefense applications after installing nearly 100 micro-PMUs at half-a-dozen U.S. utilities under the ARPA-E program and at their own sites. Von Meier, for example, observed that a short-circuit at Lawrence Berkeley lab one day was observed by a micro-PMU in Los Angeles, 550 kilometers away, as a 0.002 percent dip in voltage. 

McEachern says he realized last July that micro-PMUs could detect changes in impedance (ie the electrical resistance of the AC lines) caused by switching in upstream substations—even electrical bus reconfigurations that have no noticeable impact on power supplies to customers. 

As McEachern puts it: “We’re watching the volts and the amps and we’re not even inside the substation. We’re five miles away. We came up with this idea: What if we were to tell the substation operator that this substation switch is opening and closing? If they were the ones opening and closing it, that’s great. But if not, that’s a pretty good sign that there’s a cyber attack at least being experimented with.” 

McEachern says they immediately filed a provisional patent on the idea, and shared it with the U.S. Department of Energy. The latter kicked off a research effort, led by LBNL cybersecurity expert Sean Peisert, to optimize the integration of micro-PMUs within distribution cybersecurity systems. At least two utilities—the municipal utility serving Riverside, California and Atlanta-based Southern Company—are collaborating.

And, by December, DARPA had served notice of its RADICS program. “I’m allowed to say that the DARPA project exists and that it’s an outgrowth of the ARPA-E project,” says McEachern. He adds that, while Power Sensors Ltd is supplying micro-PMUs, RADICS teams are developing their own software to crunch the data. 

How the PMUs could contribute can be discerned from DARPA's solicitation documents. For example, they indicate that RADICS teams must detect “spoofing” of power grid telemetry, whereby adversaries hide changes to the system's configuration by sending canned “pre-attack” signals back to controllers. Micro-PMUs could provide a physical reality check against such spoofing. 

Detecting attacks will be tough, according to DARPA, but success could be invaluable. As DARPA’s document puts it: “Equipment failures, accidents, improper configurations and unpredictable damage are the norm for power grid operation. This background may mask the initial stages of a large-scale cyber-attack. However, early warning of only a few minutes may be sufficient for grid operators to take actions that would protect vulnerable equipment.”

The Conversation (0)