On a cold December night in 2016, hackers struck an electricity control station in Ukraine. A fifth of the city of Kiev plunged into darkness for an hour. The hackers’ malware was able to communicate directly with grid equipment and physically sabotage it.
Neither this attack, nor a similar assault that took place exactly a year earlier, was long or extensive enough to cause serious harm or panic. Yet it serves as a wake-up call on the vulnerability of power grids in the United States and elsewhere.
“Today, our power system is not designed to withstand the kind of attack that happened in Ukraine,” says Yair Amir, professor and chair of the Department of Computer Science. “If even part of a power grid’s control system is compromised, the game is over. We need to make our grid more secure, resilient, and intrusion tolerant.”
Amir and his team of researchers hope to help in that with their new open-source control system for power grids called Spire. The intrusion-tolerant system keeps doing its job even if part of the system is compromised.
In an experiment last April, a Sandia National Laboratories hacker team was able to remotely obliterate a commercial grid control system within a couple of hours but could not penetrate the Spire system for three days. On the third day, the Sandia attack team was given remote access to part of Spire, but it still could not disrupt the system’s correct operation.
Spire got its feet wet in the real world in Hawaii early this year. The researchers deployed the Spire system with the Hawaiian Electric Company’s power grid in its Honolulu plant. The goal was to verify that Spire can function within the regular grid without degrading control system performance and without adverse effects on other power plant systems. Spire ran continuously without disruption for almost a full week, Amir says.
Making Spire open-source was a no-brainer for Amir. The U.S. power grid is a logical target for major cyberattacks that could disrupt lives and cause immense economic loss. “We decided that we will release open-source solutions that will show people how to make control systems for the power grid secure, resilient, and intrusion tolerant,” Amir says. “We want to create a community of people who are really interested in that. We need to protect our critical infrastructure.”