As the Defense Advanced Research Projects Agency (DARPA) continues exploring emerging technologies for the Department of Defense, it's considering the implementation of artificial intelligence (AI) to tackle electric grid cybersecurity and get ahead of 5G deployment. "In the area of cyber operations, we have a program RADICS [Rapid Attack Detection, Isolation and Characterization Systems], which is designed to help recover critical portions of the power grid in the event of a full blackout caused by malware," Scherlis explained. The program partners with power companies, the National Guard, the Department of Homeland Security, and the Department of Energy to enable a "black start" recovery, a restart to the electric grid without external power, in the event of a cyberattack. Scherlis mentioned the program in context of AI, but the program is generally building new tech to accelerate recovery through improved situational awareness, network isolation, and the ability to adapt to changing cyber situations. "The idea of this program is how can we understand what is the state of affairs in the grid and incrementally restore service, purge the malware, and bring service back to the most critical assets and then stage that out beyond. They've done a number of field trials," Scherlis added.
Since April, more than 700 security experts have been battling a fictional cyber security crisis as part of the EU's biggest defence exercise to date. Featuring power cuts, drones and ransomware, the series of fictional attacks has targeted European digital networks. The seven-month exercise culminates this week, and detailed lessons learned will be shared with participants in the hopes of improving defence systems. Experts have warned that cyber attacks on any number of systems, including satellites and nuclear power station, could result in a global catastrophe. Since April, more than 700 security experts have been battling a fictional cyber security crisis as part of the EU's biggest defence exercise to date (stock image) Cyber Europe 2016 involved over 300 organisations from across 30 countries, with an aim'to safeguard the European Digital Single Market.'
Called the'largest interconnected machine,' the US electricity grid is a complex digital and physical system crucial to life and commerce in this country. Today, it is made up of more than 7,000 power plants, 55,000 substations, 160,000 miles of high-voltage transmission lines and millions of miles of low-voltage distribution lines. This web of generators, substations and power lines is organized into three major interconnections, operated by 66 balancing authorities and 3,000 different utilities. As the grid has become more dependent on computers and data-sharing, it has become more responsive to changes in power demand and better at integrating new sources of energy. But its computerized control could be abused by attackers who get into the systems.
Just after 2:30 p.m. on Dec. 23, 2015, a freezing day in Western Ukraine, an unknown hacker logged in to the Ivano-Frankivsk's computerized electrical grid control center and, in a few seconds, abruptly shut down all electricity to the area's 225,000 residents. The effects were immediate and far reaching. As night fell, the area plunged into darkness -- no lights, no heat. It was a complete blackout. After about six chaotic hours, electrical workers in the area were finally able to restore power to the region.
The US Department of Energy (DoE) is planning a "hands-on" test of the real-world consequences associated with successful cyberattacks against core country services. Cyberattacks levied against critical infrastructure, smart grids, and utilities are not a future possibility; but rather, they are happening now. Ukraine's power grid blackout in 2016 was one of the first real indicators that if there are bugs which can be exploited, critical services are just as vulnerable as the average consumer or business to cyberthreats. The malware responsible for the attack in Ukraine -- which caused the city of Kiev to lose power for an hour -- has been dubbed Industroyer by ESET researchers. Industroyer has been dubbed the "biggest threat to industrial control systems since Stuxnet," a worm which was used to compromise an Iranian nuclear facility in 2010.