It’s easy to spin nightmare scenarios leading to the collapse of the electric grid. North Korea detonates a nuclear weapon a mile overhead, sending out a super-charged electro-magnetic pulse that melts down transmission lines and blows out substations. The electricity overload races ahead of anyone’s ability to control it in a cascading effect that knocks out power for vast swaths of the country. Because key components of the grid take more than a year to manufacture and deliver, electric power takes interminably long to restore. The economy collapses. Millions die.
If you find that threat implausible, how about this one? A massive discharge of radiation from the sun overwhelms the earth’s magnetic field, melts down transmission lines, blows out sub-stations, and…. you know the rest. Or, this: In coordinated strikes, terrorists knock out vulnerable sub-stations, triggering the meltdown of electric lines…. Or cyber-terrorists infiltrate a utility network, overriding the power company’s controls, creating overloads and triggering a meltdown…
Such story-lines sound over-wrought, the stuff of grade B movies or pulp novels. They could never happen in real life, you say. Yet there have been enough deliberate physical and cyber attacks on a small scale, as if someone is probing the system, that many experts deem the threat to be very real. And most of us can still remember the great Northeast Blackout of 2003, caused by sagging electric lines coming into contact with overgrown trees, which demonstrated how a failure in one location can ripple across an entire grid. Fifty-five million people in the U.S. and Canada were effected.
The United States and the Commonwealth of Virginia have been moving in their slow, ponderous way to protect against those threats, and Garry Kranz has written an excellent article in Virginia Business magazine describing what Dominion Virginia Power and others are doing to safeguard against the disaster scenarios.
Dominion plans to spend up to $500 million over the next five to seven years on a variety of security initiatives. The strategy is to harden its transmission substations and other critical infrastructure, add more mobile transmission equipment and boost stockpiles of backup gear. It plans to bolster perimeter security with ultramodern construction and use sophisticated technologies to pre-empt intruders. …
Dominion also is investing in increased grid reliability through the construction of a new systems operations center in Henrico County. Costing an estimated $100 million, the center will be able to perform real-time monitoring of the transmission grid to maintain electric reliability. Projected to open in 2017, the facility will replace Dominion’s current operations center at the Innsbrook Corporate Center in Henrico, which has been around since 1992.
Another tool in the security toolbox is penetration testing. A standard security technique for utilities and related industries, it allows companies through what is known as a “pen test” to systematically try to defeat internal security controls and procedures to pinpoint any weaknesses.
“We give penetration testers an advantage by moving them inside our network to see how far they get. Sometimes we tell our people the tests will take place, but often we don’t tell them. We want to see if our processes help them detect abnormal activity and report it,” says Engels, who does not share any improvements Dominion has made as a result.
Micro-grid technology also promises enhanced grid reliability, according to Jason Nichols, director of Scitor Corp.’s iSpace lab. Scitor is part of McLean-based defense contractor SAIC. Some military bases in Virginia already deploy micro-grids. Dominion also is funding micro-grid demonstration projects using renewable fuels at several state universities.
“If a portion of Virginia’s public grid goes down, a micro-grid gives the military base the potential to provide local generation to keep hospitals and other critical services running in some sort of degraded state,” Nichols says.
As it happens, while attending freshman orientation earlier this week at a certain unnamed university my son will be attending this year, I encountered a cyber-security professor who had just arrived for his first day on the job. He and I struck up a conversation about this very topic: cyber-security on the grid. What he told me was alarming. Speaking from his personal experience consulting with a major electric utility in the Southeast U.S. (not in Virginia), he found that the control systems cobbled different generations of technology as far back as the 1950s. Vulnerabilities were rampant. I was left with the impression that the only thing preventing infiltration by cyber-enemies was the overwhelming complexity of the chewing-gum-and-bailing-wire system that only a handful of long-time company employees even understood. Whether senior management comprehends the magnitude of these vulnerabilities is an interesting question. Continue reading