The power grid is vulnerable to manipulation or sabotage, according to a study revealed this week.
Attackers could manipulate power-grid data by breaking into substations and intercepting communications between substations, grid operators, and electricity suppliers. This data is used by grid operators to set prices for electricity and to balance supply and demand, the researchers say. Grid hackers could make millions of dollars at the expense of electricity consumers by influencing electricity markets. They could also make the grid unstable, causing blackouts.
As utilities move over to open communications standards, as part of the migration to the “smart grid,” it could get even easier to intercept communications or hack into systems remotely.
This data is used by grid operators to set prices for electricity and to balance supply and demand, the researchers say. Grid hackers could make millions of dollars at the expense of electricity consumers by influencing electricity markets. They could also make the grid unstable, causing blackouts.
The attacks would be difficult to trace, according to Le Xie, an assistant professor of electrical and computer engineering at Texas A&M University, speaking at theIEEE SmartGridComm2010 conference in Gaithersburg, Maryland, this week. Vulnerabilities have existed in some grid systems for decades. But the threat is becoming worse as more substations become automated, and unmanned, making it easier for an attacker to access grid data. As utilities move over to open communications standards, as part of the migration to the “smart grid,” it could get even easier to intercept communications or hack into systems remotely.
Electric-grid operators forecast supply and demand a day ahead of time, and set prices for customers in different places in accordance. This helps keep supply steady and the grid stable. Power generators then allocate their resources based on this predicted demand and pricing. After they’ve supplied the electricity, the operators settle the accounts by looking at exactly how much power was generated by whom, and how it was distributed.
Xie and colleagues say this data is vulnerable to manipulation. Attackers could tap into the communications lines between the substations and grid operators, and inject false information. If they’re careful, the new data will seem like ordinary fluctuations on the grid.
If someone wanted to cause a blackout, spurious data about how much power is flowing could be used to fool grid operators into overloading parts of the grid, tripping generators and leading to cascading failures. Again, if the attackers were careful, the erroneous data would go unnoticed. A blackout could then occur before grid operators have the chance to correct for the problem.
Fixing the vulnerability will not be easy either. It could take 20 years for utilities to replace old infrastructure with equipment with security measures, such as encryption. Requiring utilities to make the changes sooner would be expensive, says György Dán, a professor of electrical engineering at the Royal Institute of Technology in Sweden. Dán presented research separate from Xie on how such attacks could be accomplished, and what it will take to protect against them. A recent move to add more sensors to the grid, as part of a “smart grid” project that received $4.5 billion from the Recovery Act, could help. The researchers presenting at the conference showed that an attacker would have to corrupt more sensors to create a problem without getting caught.
On the other hand, adding these sensors, and the communication networks needed to access their data, could add new vulnerabilities by adding new points of entry.
Source: Technology Review