SCADA cyber attack
Some believe Stuxnet worm marks new age of super-cyber weapons
Published In: Intelligent Utility Magazine January/February 2011
ATTACK OF THE SCADA KILLER IS NOT A NOT NEW HORROR film, but a real scenario that sends chills down the spines of electric utility operators. It could be directed by a mischievous hacker, a terrorist group, state-sponsored espionage, or by a disgruntled employee, or a former one. And let's not dismiss those miscreants with proficiency, a computer and dreams of destruction that see the disruption of the grid as a purely technical challenge, a demonstration of hacking star power.
"SCADA [supervisory control and data acquisition] has the control to open and close switches on the transmission grid. That's why the concern exists. When one thing happens in a power system, it can result in other things happening automatically from a protection point of view," said Mark McGranaghan, director of distribution, power quality, and smart grid for the Electric Power Research Institute (EPRI). "It's unlikely that doing something at one switch, or even a number of switches, would be likely to result in a cascading outage. We have had a number of those over the years and every time we learn . and put in additional protection to prevent the problem."
Stuxnet worm a new cyber beast
Nevertheless, in late September 2010, the Stuxnet worm invaded Iran's nuclear program and other computer systems around the world. Some believe this invasion marks the beginning of the age of super-cyber weapons. Unlike a virus, this malware not only spread to affect Microsoft Window networks, but also burrowed into related industrial control systems, causing even wider alarm. Security experts speculate that a government or a high-capability organization created it with extensive programming capability.
Here is how Symantec, one of the leading software protection companies, described it: "Stuxnet targets industrial control systems in order to take control of industrial facilities, such as power plants. It was the first piece of malware to exploit the Microsoft Windows Shortcut `LNK/PIF' Files Automatic File Execution Vulnerability (BID 41732) in order to spread. The worm drops a copy of itself as well as a link to that copy on a removable drive. When a removable drive is attached to a system and browsed with an application that can display icons, such as Windows Explorer, the link file runs the copy of the worm."
It is safe to say that no computer system is immune from cyber attacks. Hackers have breeched even ultra-high security U.S. government systems, including those at the Department of Defense. These are a few of the reasons why the utility industry has been and continues to hold cyber security at the top of the reliability priority list as the most important issue of all.
"I don't know if the grid is vulnerable anywhere, but the further up in the chain you go, the more things that are affected by any potential problem that gets created. At the distribution level, you are affecting a much smaller number of customers than you are if something has been compromised at the SCADA transmission or generation level," EPRI's McGranaghan said.
Collaborating on cyber protection
In late September of last year, EPRI was named by the U.S. Department of Energy to lead one of the largest energy industry collaborative projects to date aimed at protecting the power system from cyber attacks. This was among 10 cyber security initiatives representing an investment of more than $30 million announced that same month by U.S. Energy Secretary Steven Chu.
The EPRI-led collaborative comprises national and commercial research laboratories, universities and experts in key areas of cyber security. The mission is to create a National Electric Sector Cyber Organization (NESCO), a federal government-electric sector partnership that will analyze the cyber security status of the nation's transmission and distribution systems. Over the next three years, up to $10 million may be spent to establish NESCO, set up administrative-operational functions and fund research and development.
Among the collaborative tasks are: assessing requirements and results developed by the National Institute of Standards and Technology, North American Electric Reliability Corporation and other organizations; reviewing power system and cyber security standards in meeting power system security requirements; and testing grid security technologies protocols using laboratories and pilot projects.
"NESCO will create a cyber-security organization that will track any vulnerabilities, identify issues, make all utilities aware, provide solutions and have a process of getting vulnerabilities fixed as quickly as possible," said McGranaghan.
One major NESCO collaborative participant, The Idaho National Laboratory (INL), brings six years of cyber security experience and knowledge to the table. According to Rita Wells, energy sector leader of the critical infrastructure protection and defense systems at INL, "Emerging smart grid technologies are challenging traditional security and functional boundaries, and this is requiring us to pursue new approaches to cyber security."
McGranaghan added: "Utilities have security right at the top of the list. I can tell you from talking to executives that they are making sure they are addressing security concerns in every way possible. Some of it is a problem from an R&D point of view, really being able to understand and characterize all of the potential vulnerabilities and threats."
Utilities playing it close to the vest
We asked a few major utilities to talk about what specific measures they are using to prevent cyber attacks. Not surprisingly, they were close-mouthed on the subject. Everyone is playing it close to the vest, unwilling to reveal strategies being used.
The Atlanta-based Southern Company, which generates over 42,000 megawatts to serve more than 4.4 million customers in the southeast, responded to our inquiry. Tom Wilson, Southern Company's director of IT security, told us: "Southern Company and its industry-leading cyber security partner have found no evidence of this threat (Stuxnet worm) in or emanating from Southern Company's network.
"The company's exposure to this specific threat is limited based on the systems targeted. We are monitoring this situation closely, working with control system vendors beyond the targeted systems to ensure that our systems are protected against associated threats. Additionally, the industry is in contact with federal agencies regarding this threat."
The level of cyber defense, of course, improves in proportion to the resources invested to fight off attacks. In other words, it appears we are entering an expensive, escalating cyber weapons race, a race that may increase operating costs and ultimately result in higher energy costs. Reduced to the simplest terms, it is a battle between good and evil-those who wish to bring light and power into the world versus the malevolent forces of darkness. Fortunately, a united utility industry has the smarts and the resources to win.