At a recent gathering of Canada’s energy and utilities regulators, delegates voiced their greatest fear: a coordinated physical and cyber-attack on critical infrastructure.
“It’s not a question of if but when we are going to have some sort of cyberattack on the grid,” Philip Jones, former president of the national regulators’ association in the United States, told The Globe and Mail.
Worries about cyberattacks mounted yet again a week later, when a U.S. district court indicted five Chinese military officials for hacking into the computer systems of Pittsburgh-area companies such as U.S. Steel, Westinghouse Electric, Alcoa and Allegheny Technologies.
“It’s a growing concern in Canada—we’re still evolving toward a highly connected cyber-enabled system,” said Professor Deepa Kundur, an expert on smart grid cybersecurity in The Edward S. Rogers Sr. Department of Electrical & Computer Engineering (pictured right).
“As we move into the future, we will start seeing greater dependence on information systems providing greater opportunities for cyber attackers to cause disturbances.”
But why would anyone want to hack into the Canadian grid? What could they learn from doing so?
Plenty, explained Professor Kundur.
Whether they’re vandals, local criminals, or nefarious shadowy foreign agents, cyber-attackers could act on three possible motives:
“Energy theft is a strong motivation for many. Someone could hack into smart meters in their neighbourhood to potentially shift their usage onto a neighbour’s,” said Professor Kundur. Grow-ops could distribute their energy usage to neighbourhood premises to avoid drawing attention to their unusual consumption. “High energy usage is often an identifier of nefarious activity by local authorities. To hide, they will need to push their consumption onto another party.”
Obtaining real-time usage records
You can learn a lot about an individual’s daily routines and preferences by examining their energy consumption patterns. Modern meters sample data at high frequency, some as often as every 15 minutes, so any spies would clearly be able to tell when you leave the house and come home again, roughly how many people’s worth of electricity is being used, and even which appliances you own—certain types and even brands of smart refrigerators, televisions, washers and dryers give off unique energy signatures.
Learning the system topology
“It’s always interesting to know the topology of a system, because it will help identify its strengths and its weaknesses,” said Professor Kundur. Consider that a majority of the power used in the U.S. flows through a small fraction of the country’s transformers—disruption of those devices, if their location were known, would have a devastating effect on energy delivery. You may also have a business reason for wanting to know the magnitude of a country’s investment in renewable energy, or the market penetration of smart meters—maybe you own a factory in China that manufactures those meters, or solar panels. And knowledge of a nation’s nuclear activity and capabilities is of high interest.
Are we ready for these attacks, and many more we haven’t thought of yet? We’re getting there, said Professor Kundur. The ‘smarter’ we make the grid and our homes, the more opportunities we create for cracks to appear at the intersection of cyber and physical systems.
“That’s why my group’s looking at security vulnerabilities now, before it evolves—it shouldn’t be an afterthought.”