Xie gave an example of how attackers could manipulate grid data to make money. By manipulating this data, an attacker could make it seem like a transmission line between two cities was simply congested. This would force grid operators to take power from more expensive generators, increasing prices at that node in the grid. Armed with this information, the attacker could place bets via an online power market to make a profit. “The virtual trader basically gambles against the price difference between the day-ahead market and the real-time market,” Xie says.
If someone wanted to cause a blackout, spurious data about how much power is flowing could be used to fool grid operators into overloading parts of the grid, tripping generators and leading to cascading failures. Again, if the attackers were careful, the erroneous data would go unnoticed. A blackout could then occur before grid operators have the chance to correct for the problem.
Fixing the vulnerability will not be easy either. It could take 20 years for utilities to replace old infrastructure with equipment with security measures, such as encryption. Requiring utilities to make the changes sooner would be expensive, says György Dán, a professor of electrical engineering at the Royal Institute of Technology in Sweden. Dán presented research separate from Xie on how such attacks could be accomplished, and what it will take to protect against them. A recent move to add more sensors to the grid, as part of a “smart grid” project that received $4.5 billion from the Recovery Act, could help. The researchers presenting at the conference showed that an attacker would have to corrupt more sensors to create a problem without getting caught.
On the other hand, adding these sensors, and the communication networks needed to access their data, could add new vulnerabilities by adding new points of entry. Deepa Kundur, a professor of electrical and computer engineering at Texas A&M, is developing simulations to help determine the risks involved. “It’s not yet clear whether the smart grid will be worth the risks,” she says.
Gain the insight you need on security at EmTech Digital.