Safety first

In the last decade or so, the North American power grid has been going through a process of modernization and deregulation, the result of which is a fairly extensive information technology infrastructure being deployed and connected across the power grid.

This network crosses all sorts of boundaries and domains; it is not a fully trusted network. Consequently, the power grid faces risks from cyber attacks. The Trustworthy Cyber Infrastructure for the Power Grid – TCIP – Center is a federally funded project that conducts research on low-level devices and communication control protocols, and looks at scalability to ensure trustworthy operation of the entire power grid during normal operations, under a cyber attack or perhaps under an emergency.

The Center is led by the University of Illinois at Urbana-Champaign, partnering with Cornell University, Dartmouth College, and Washington State University. This partnership method has worked out really well. We have close collaboration and extensive interaction. There are weekly phone calls, and we also have guest lecturers and visitors, as well as frequent webcasts and conference calls.

Attractive target

The need for modernization across the North American power grid system, for deregulation and for a power grid that works at higher capacity is driving a lot of change, which includes setting up the advanced technology infrastructure for communications and control. This infrastructure is being deployed using the tools that are available. For example, we’re using traditional operating systems like Windows, Linux and UNIX, and we’re also using internet-based technologies.

The technology that goes into traditional IT networks in offices is also being used to provide networking capabilities in the power grid communication infrastructure. Therefore, along with this modernization come some of the same vulnerabilities that are present in these kinds of technologies. We’re all familiar with viruses and worms, and management of security updates we get for our computer operating systems to protect against such attacks – these same vulnerabilities can be translated to the power communication infrastructure, and new solutions are needed to mitigate the problems.

The power grid is a very, very attractive target. Bringing down a part of the US power grid is something that can be valuable to a range of adversaries, from teenage hackers to nations that want to launch attacks against our critical infrastructures. One of the national labs already conducted a demonstration project called Aurora that demonstrated what an adversary could do using a cyber attack. It’s a combination of the systems having vulnerabilities, adversaries having capabilities and the infrastructure being an attractive target – the consequences can be serious.

In TCIP we are focusing on securing the power grid in multiple layers and then as a whole. We look at low-level devices, such as the relays that control power flow as well as all the computers, laptops and workstations that sit in a substation and Balancing Authority control center networks to ensure the reliability of the power flow. In this area, we’re exploring ways to combine hardware, firmware and software techniques that can provide robust protection against an accidental or malicious fault and enhance the trustworthiness of the devices that are sitting at the lowest level of the power grid.

Making it secure

We’re looking at ways to ensure that the protocols and the communications systems that carry the protocols are secure and trustworthy. This includes ensuring authenticity and integrity when needed, and providing access control and confidentiality. It’s extremely important that these protocols retain their real-time nature. These physical networks rely on timely responses that can go down to the millisecond level. While you’re making the data protocols secure, you also have to make sure that they retain their real-time nature, which is an interesting challenge.

Clearly the power grid is a complex system of systems. It includes physical power networks, it includes cyber infrastructure, and it includes the power markets where power is bought and sold and traded. Understanding this whole complex system is crucial to supporting all the research activities we have. We’re exploring the means to model, simulate and emulate an experiment with various subsystems in order to do adequate quantitative and qualitative evaluation of our research. To that end, we set up laboratory with support from our industry partners and we use it to do experimental research.

The last focus area of TCIP is education. In addition to training undergraduate and graduate students, we also have a summer school program, with which we’re reaching out to a wide audience to try to educate everyone about the important research and technology topics in this area. We also reach out to middle school and high school students. We have a series of web-based applets that we have developed and with the help of the Mathematics, Science and Technology Education program on campus here at Illinois, we’re reaching out to middle school teachers across the area to encourage students to look at these topics early on.

New functionality

While the modern power grid is beginning to share similarities with traditional computer networks, it has many unique properties. In IT systems, it’s fairly normal for people to change their computers and desktops and laptops every couple of years. Power grid devices, on the other hand, last for decades. There is technology out there that was built in the 1960s and 1970s, and it’s very hard to know how to enhance it, and how to provide security capabilities.

One part of our research is looking at something called ‘bump-in-the-wire’ technology. You imagine that there are two unsecured devices. To each end you connect a bump-in-the-wire device. You add on a new computer that protects the intact connection between the two secure devices, and then you enhance the protocols and provide some cryptographic support in those devices.

We’re also looking at next generation hardware. We have an extensive industry board with whom we interact on a regular basis, so we have some idea of future generational devices that are going to be developed in the research labs of those industry partners. We’re investigating how to provide security and trustworthiness inside the devices. This could include things like trusted platform modules and secure communication capabilities.

At the protocol level, we’re adopting an approach centering on the development of a middleware layer. This involves the devices that sit in substations and in control areas ­– these are the big computer systems that manage the SCADA networks – as well as the networks that connect them. Into these we would install and manage middleware, which is a set of networking and software technologies that provide security and timeliness for the real-time control systems.

We’re providing techniques that give quality of service for both wired and wireless networks. We also have key management techniques and cryptographic protocols that provide integrity, authentication and encryption capabilities. We integrate all of these capabilities into a single middleware layer that can be platform-independent and installed across multiple systems.

In the evaluation area we have integrated real power devices with a simulated power grid and simulated communication networks in our laboratory. This integrated evaluation system allows us to study a range of issues; for example, how vulnerabilities in individual components can lead to large scale failures, how power networks and communication networks interact with other each at different levels, and how we can quantify the security of solutions developed in TCIP.

Quick reaction

One interesting problem is the new tug of war between security and safety. In a power grid, when an emergency happens, safety is paramount and security becomes less important. At the same time, you can’t leave a system insecure. You need to design techniques that can provide security but very quickly allow access to multiple entities when an emergency happens. To help solve this problem, we’re adopting an approach that falls in the area of context-based access policies. The idea is that there are strong access policies in place that require appropriate authentication authorization from users for systems under normal operation.

If there’s an emergency, then you establish a context; for example, that there is significant overloading. Whenever that context occurs, the access policies automatically transform and become weaker, and more people can get access. But even then, our focus is to allow access, but to impose strong auditing requirements. We can record and log all the accesses that happen during an emergency. If part of the system is compromised during the emergency, you can go back and take a look later on.

We’re about three years into a five-year long effort. We’ve had the opportunity to study the system and to research on the relevant topics. I would categorize the impact in three ways. One is the fact that we’re developing new theories and software and hardware tools, which are being disseminated both from the website and through our publications, which are traditional means of information dissemination in academia.

The second impact is our industry interaction; we have an industry advisory board comprising 35 companies, whose representatives we meet with on a regular basis. That exchange is helping to provide impact, and we hope that we’re influencing future tools and ideas coming out of the industry.

The third area is something we have just started. Our hope is to influence policy and try to bring about an increased focus on the importance of security issues within the power grid. This includes working to increasing awareness of the fact that, due to the looming retirement of many people in the baby boom generation, there may soon be a lack of people with the skill sets to understand information technology, security and the power grid. Our aim is to raise awareness about this and also to encourage students to go into this area.

Raising awareness

We’re also interested in raising awareness of the relevant research and education needs in Washington. With support from our sponsoring agencies and industry advisory board, we organized an event last summer at which we presented an overview of TCIP to high-level government folks in Washington DC. Attendees included representatives from many agencies, government entities and even some congressional committee members.

I feel strongly that this is an important area of both research and development, and there’s a need for people to focus on it. We are pleased that the industry initiatives such as NASPI and AMI are focusing on security in the early design stages. This is a sign that industry is aware that it’s better to put in security from the ground up rather than try to add it later.

Even for deployed systems there is a strong desire to develop resistance to cyber attacks. An example of this is the NERC CIP Standards – the North American Electric Reliability Corporation – a regulatory entity in the North American grid, which has issued critical infrastructure protection standards that are now mandated for industry.

The industry is beginning to put basic access control and security measures in place, though our research indicates that there’s a lot more work to be done, with many problems still to be solved. We hope that government and industry will continue to support R&D activities in the area, to help ensure that the power grid remains secure.

Dr. Himanshu Khurana is a Principal Research Scientist at the Information Trust Institute at the University of Illinois at Urbana-Champaign. His research interests are in distributed system security and he has published over 20 articles in this field. He is currently serving as Principal Scientist for the Trustworthy Cyber Infrastructure for the Power Grid (TCIP) Center. In this role, he helps to integrate the research activities of all researchers associated with the TCIP Center.

Trustworthy Cyber Infrastructure for the Power Grid

Researchers from the University of Illinois at Urbana-Champaign, Dartmouth College, Cornell University and Washington State University are together addressing the challenge of how to protect the nation's power grid by significantly improving the way the power grid infrastructure is built, making it more secure, reliable, and safe.

This National Science Foundation-funded project, with support from the Department of Energy and the Department of Homeland Security, recognizes that today's quality of life depends on the continuous functioning of the nation's electric power infrastructure, which in turn depends on the health of an underlying computing and communication network infrastructure.