Cyber Security: A Focus on Power Grids

Hui Lin (Hugo) profile picture

Interview with Hui Lin (Hugo), Ph.D.

December 12, 2016

 

Tell us a little bit about what you do?

Within cyber security, I primarily research Cyber-Physical Systems and the Internet of Things. I focus on preventing remote insider attacks against power grids by strengthening the ability of existing networks to cope with penetration vulnerability.
Take a look at research by Peter Sauer and William Sanders on bettering cyber infrastructure for power grids here.

What is the Internet of Things?

The Internet of Things includes any computer devices, such as printers, surgical robotic arms, phone cameras, and self-driving cars. Devices like these are typically easy to hack into and do not know they are being penetrated because they do not run strong security systems. In the future, it could be possible for hackers to impact people’s driving abilities or change the outcomes of surgeries if the security systems on these everyday devices are not strengthened.

What tactics do hackers use to infiltrate systems?

A great advantage hackers have over the rest of us is time. They are able to focus all their energy on the task at mind, while those on the defense have to monitor several things at once whilst still going about their daily lives. I have heard of attackers using overwhelming amounts of phone calls to slow a call center’s productivity, attackers destroying the connectivity that allows communication between energy breakers and control centers to cause outages or high schoolers from Sweden infiltrating University systems here just to see how far they get. These people typically penetrate the easy machines first and jump from system to system depending on their vulnerability. Some are even able to disguise their software as valid so it is trusted by the targeted computer. Another tactic is STUXNET malware, which is used to target specific Siemens devices that are used in industrial control systems.

What motivates cyber attacks?

Many attackers simply seek to show off their abilities, while others may have a larger scale and more dangerous agendas. Hacks to the Internet of Things could be used for assassinations, while others may just send malicious emails to close web browsers. People can also use attacks for economic benefits.

What are the best ways to protect from cyber attacks?

The most important factor in cyber security is the people. People need to be trained to avoid threats like malicious links that can make their computers vulnerable, and use appropriate security measures like passwords.

Do you know of any tools being developed to counter large-scale attacks?

An operational tool called BRO is being developed at Berklee. It can be programmed to work in different situations so it works for corporate use and academic activities. What it does is share information between different systems so if an attack takes place at one university that data is given to other universities to make it harder for attackers to do the same thing elsewhere.

Do companies prepare for cyber attacks?

I do not think many companies see security as their top priority. When they create and sell products, their priority is constantly evolving the technologies to beat the competition, and any protections used would have to keep up with that. At some point, a business decision is made on whether protecting from cyber attacks is economical for the company.

In the case of power grids, current protections are in place to protect against accidents, not cyber attacks, even though one substation shutting down could mean the whole system losing functionality.

What are some instances of large scale cyber attacks?

In October, we experienced the largest distributed denial of service attack that targets on DNS server managed by Dyn. It is also the attack that uses the Internet of things, e.g., Internet-connected cameras, to achieve the goal

Another example is, a year or two ago there was a blackout in Ukraine issued by Russia. In a strategic attack like this, the attacker penetrates the industrial control system and is able to choose which section of the system to shut down.

Are cyber attacks on power grids common? What kinds are most prevalent?

The frequency of attacks is not that high for power systems, but the consequences of just one to an area’s infrastructure, and people are huge. Denial of service is the major way we observe them right now.