The world’s power grids are considered by some to be one of, if not the, largest contiguous man-made systems on the planet. Similar in immensity to the global telecommunications infrastructure, the worldwide power grid is a complex, interconnected, intercontinental physical system that is vital for the vast majority of human activities including human survival.
The system continues to grow as every year, millions of miles of high voltage cables are laid down to extend the backbone of existing power grids. Even more miles of medium voltage cables are installed to interconnect substations in order to distribute electricity to homes and businesses. However, this increase in size and complexity demands an increase in management intelligence. This is why increasingly smart technology is employed to more effectively manage this ever-changing machine.
The importance of the power grid has always made it a target physically, either in war or for terrorist attacks. Today, a new vulnerability is quickly being revealed. As the power grid becomes more and more dependent on computers, sensors, data sharing and remote control, it has become more susceptible to abuse by attackers who are able to hack into its systems. Until recently, this threat was theoretical. However, in 2015 and again in 2016, Ukraine’s power grid fell victim to just such an attack. These attacks can potentially be more catastrophic than any physical attack. If attackers gain access to the power grid control center, they are able to manipulate the power grid itself. They can shut down the power to specific areas or divert it wherever they want. It is possible to do even more damage by actually destroying hardware and software and keeping the grid offline for long periods of time.
Protecting the electricity grid from cyber attack is challenging because it is made up of so many physical and computerized parts interconnecting almost every building in a city or a country. It is also made difficult as this industry is accustomed to a slower pace of technological advance – computer and smartphone technologies are updated or replaced every couple of years whereas power grid infrastructure typically must function for over ten years.
Over time, however, the same reliable technology used to secure our activities online is being adopted by the power industry. The North American Electric Reliability Corporation, for example, which oversees the grid in the U.S. and Canada, has rules, known as Critical Infrastructure Protection (CIP) compliance, for how power companies must protect the power grid both electronically and physically. These rules encompass monitoring, safeguards, authentication and other forms of protection to keep intruders from accessing control networks.
Just like it happens for online security, these security measures must continually be updated to keep one (or more!) steps ahead of the attackers. Our ability to turn on the light at night depends on it.