From JHU HUB: “Hacker-resistant power plant software shows real-world results in Hawaii “

Johns Hopkins
JHU HUB

2.21.18
Phil Sneiderman

A cyber attack disabling America’s power grid would be catastrophic. New software developed at Johns Hopkins could help mitigate that risk.

1
Disabling or tampering with the U.S. power grid on a large scale could disrupt lives and cause immense economic loss—which is what makes it a logical target for malicious hackers. Image credit: Getty Images

Ukraine has twice been the target of malicious cyber attacks on the country’s power grid. These attacks, widely considered to be the first examples of malicious hackers shutting off important state energy systems supplying heat and electricity to millions of homes, triggered a response from the U.S. Department of Defense to ensure America’s power grid security.

“Today, our power system is not designed to withstand the kind of attacks that happened in Ukraine,” said Yair Amir, professor and chair of the Department of Computer Science at Johns Hopkins University. “If even part of a power grid’s control system is compromised, the game is over. We need to make our grid more secure, resilient, and intrusion-tolerant.”

The U.S. power grid is a logical target for major cyberattacks, he said. Disabling or tampering with the grid on a large scale could seriously harm the country by disrupting lives and causing immense economic loss.

To mitigate that risk, Amir and a team of researchers developed a new, open-source control system for power grids called Spire. The intrusion-tolerant system is designed to keep power flowing even if part of the system is compromised.

In an experiment last April, a hacker team assembled by Sandia National Laboratories, a federally funded research and development center that works to address emerging national security challenges, was able to remotely obliterate a simulated commercial grid control system within a couple of hours. But the team could not penetrate the Spire system for three days. On the third day, the Sandia attack team was given remote access to part of Spire, but still its test hackers could not disrupt the system’s overall operations.

More recently, the Spire developers from Johns Hopkins were invited to get their feet wet in Hawaii. At the end of January, Amir and his team went to an offline Hawaiian Electric Company plant in Honolulu and spent two weeks testing the Spire system on the power plant’s equipment with the help of HECO engineers Keith Webster and John Tica. After a few days of setup and integration, Spire ran continuously without interruption for almost a full week.

The goal of the Hawaii deployment was to verify that Spire can operate without degrading the control system’s performance and without causing adverse effects to other power plant systems.

A power grid needs to respond to adverse events—say, a circuit breaker tripping or a generator shutting down—within hundreds of milliseconds, Amir said.

“If a generator goes out, the system needs to quickly detect it and compensate by increasing power in other generators or by cutting power to parts of the grid,” he said.

On the last day of the Hawaii test, Webster deployed a device to measure end-to-end reaction time of the commercial control system in the plant and of Spire. The measurements showed that the commercial system reflected a change in the grid’s power state within 900 milliseconds to one second. Spire showed the same change within 400–500 milliseconds, meeting the timeliness requirement.

The system works with the help of replicas. The researchers built it to contain six copies of the main control server that work together to agree on updates in the system. That’s the smallest number of replicas needed to get good protection, Amir said.

“Each replica votes on every data and decision,” he added. “If one of the replicas is compromised and another is going through maintenance, then the other good replicas will enable the system to continue working properly and in a timely manner.”

Why was the test conducted in Hawaii? First, the research project was funded by the Department of Defense, which is one of HECO’s largest customers. In addition, Amir said, the unique access to a “mothballed” power plant with fully functional control systems but without active power generation was perfect for grid-level control system tests.

“If something goes slightly wrong,” he said, “at least you don’t have a quarter million people losing power.”

Amir and his colleagues plan to release Spire 1.1, the version that was deployed in this test-deployment, in the coming weeks. Version 1.0, tested in April, is already available for download.

Making Spire open-source was kind of a no-brainer, Amir said. He has spent more than a decade of his research career working on intrusion-tolerant systems and networks. He said that releasing the source code openly increases awareness and the chance for real-life impact.

“We decided that we won’t just publish our results,” he added, “but we will release open-source solutions that will show people how to make control systems for the power grid secure, resilient, and intrusion-tolerant,” Amir said. “We want to create a community of people who are really interested in that. We need to protect our critical infrastructure.”

See the full article here .

Please help promote STEM in your local schools.
STEM Icon

Stem Education Coalition

About the Hub

We’ve been doing some thinking — quite a bit, actually — about all the things that go on at Johns Hopkins. Discovering the glue that holds the universe together, for example. Or unraveling the mysteries of Alzheimer’s disease. Or studying butterflies in flight to fine-tune the construction of aerial surveillance robots. Heady stuff, and a lot of it.

In fact, Johns Hopkins does so much, in so many places, that it’s hard to wrap your brain around it all. It’s too big, too disparate, too far-flung.

We created the Hub to be the news center for all this diverse, decentralized activity, a place where you can see what’s new, what’s important, what Johns Hopkins is up to that’s worth sharing. It’s where smart people (like you) can learn about all the smart stuff going on here.

At the Hub, you might read about cutting-edge cancer research or deep-trench diving vehicles or bionic arms. About the psychology of hoarders or the delicate work of restoring ancient manuscripts or the mad motor-skills brilliance of a guy who can solve a Rubik’s Cube in under eight seconds.

There’s no telling what you’ll find here because there’s no way of knowing what Johns Hopkins will do next. But when it happens, this is where you’ll find it.

Johns Hopkins Campus

The Johns Hopkins University opened in 1876, with the inauguration of its first president, Daniel Coit Gilman. “What are we aiming at?” Gilman asked in his installation address. “The encouragement of research … and the advancement of individual scholars, who by their excellence will advance the sciences they pursue, and the society where they dwell.”

The mission laid out by Gilman remains the university’s mission today, summed up in a simple but powerful restatement of Gilman’s own words: “Knowledge for the world.”

What Gilman created was a research university, dedicated to advancing both students’ knowledge and the state of human knowledge through research and scholarship. Gilman believed that teaching and research are interdependent, that success in one depends on success in the other. A modern university, he believed, must do both well. The realization of Gilman’s philosophy at Johns Hopkins, and at other institutions that later attracted Johns Hopkins-trained scholars, revolutionized higher education in America, leading to the research university system as it exists today.