On tiny Plum Island, DARPA stages a real-life blackout to put its grid recovery tools to the test.
(...)Funded by the Defense Advanced Research Projects Agency, the exercise, which ran the first week of November, served as a testing scenario for seven DARPA-developed grid recovery tools.
Over the past few years, the threat of grid hacking has morphed from a distant possibility to a stark reality. The most chilling incidents to date are two cyberattack-induced blackouts in Ukraine—one in December 2015 and the next a year later in December 2016—that caused power outages for hundreds of thousands of residents in Kiev for a few hours each time. Both attacks are thought to have been perpetrated by Russian state-sponsored hackers. And though a similar incident hasn't played out in the US so far, there is increasing evidence that various hacker groups have infiltrated US grid defenses. The Department of Homeland Security warned repeatedly this year that it has detected extensive Russian probing of the US grid.
(...)RADICS seeks to develop tools that aid in three phases of black start after a cyberattack.
The first involves creating sensors that can give accurate readings and situational awareness even after a hack has potentially skewed or degraded the reliability of existing monitoring equipment.
The second looks at developing specialized equipment for rapidly setting up a secure backup network in a pinch, since whatever malware caused the blackout may still infect some systems.
And the third focuses on tools that can quickly scan for threats to help understand how an attack happened, and how to lock down any remaining hacker footholds as power comes back online.
Those tools are all necessary pieces in the critical puzzle of jumpstarting a dead grid. "The real weakness is just how do you get that power back from nothing after 30 days when you don't even know what's up," says Gary Seifert, a federal electrical engineering contractor who conceived much of the RADICS test grid on Plum Island.
(...)In order to interact and safely share electricity, utilities also need to get their electromagnetic frequencies in tune at around 60 hertz, so part of the exercise involved not just getting Utility A and B running, but syncing them.
(...)In a blackout, utilities could launch the balloons, which would look for simple indicators of live power, like whether home Wi-Fi routers are on and emitting a network. The balloons could also detect whether two grids were operating separately or had come into sync, by listening for the "hum" around 60 Hz emitted by electrified infrastructure. Other tools included black boxes that monitor grid equipment, and remote equipment that can hook into secure industrial control networks.
(...)NRECA's tool establishes a baseline for normal behavior on critical infrastructure networks and then uses that standard to help detect deviating voltages, new devices on a network, or other unusual behavior.
"We're concerned about cybersecurity because the grid is changing. The new grid is more distributed and it's something that's actively managed, which makes us greener and more efficient and more reliable and resilient. But it also makes us more vulnerable."










