Iranian Cyberattacks & Energy Security

Amid the recent flurry of what the US government says are Iranian cyberattacks on US power companies (announced in late May), it is becoming increasingly clear that the country’s power grid infrastructure needs a major overhaul to improve national security. Iranian hackers allegedly gained access to control-system software involved in the monitoring and functionality of oil or gas pipelines along the Canadian border, where many firms have operations.

The US government believes the latest cyberattacks were sponsored by the Iranian government and that the national power grid is the next logical threat. Constructing a smart grid infrastructure is one preventive measure to protect the US power grid, which includes the upgrading of analog components, power meters, sensors, and information technology.

Lawmakers on Capitol Hill are stepping up pressure to boost cybersecurity in the utility power sector. Reps. Edward Markey (D-MA) and Henry Waxman (D-CA) issued a report a few weeks ago citing lapses in the computer networks running the nation’s power grid. Based on a survey of 150 power companies, the report found that over twelve utilities reported either daily, constant, or frequent cyberattacks attempts and one even quoted it was the target of about 10,000 per month. The report found that many electric utilities were not implementing voluntary added precautions promoted in recent Congressional legislation being considered, making them vulnerable to threats.

The US has an aging and outdated power grid infrastructure that requires a major overhaul to lessen the likelihood of blackouts and disruptions from either intended or unintended mishaps in control and functionality. During President Obama’s first year in office, he dramatically supported smart grid technology as the solution and offered $3.9 billion to boost this sector in the Recovery Act, also known as the stimulus program.

It was envisioned that this funding would continue and spur a revolutionary upgrade to the nation’s power grid, fueled by a significant transition towards renewable energy sources such as wind, solar, and geothermal that would require a more interconnected and smarter grid system to incorporate these fluctuating sources of power.

It didn’t happen. Congress failed to pass comprehensive clean energy or carbon cap-and-trade reform, which would have accelerated the building of a whole new smart grid infrastructure that would have been not only more efficient in transporting power over long distances, but also less prone to cyberattacks.

However, the market for smart grid sensors in North America is predicted to double in size over the next two years, according to a study published in late May by IMS Research. The report, entitled The North American Market for Smart Grid Sensors — 2013, discusses the significant transition that is happening with the feeder line sensing market in North America. Feeder lines are the power lines leaving a generating station and going to a power substation; or the lines leaving a substation and going to multiple customers.

Sensing at this point won't provide as much detail in power usage, but until all customers have smart meters installed, this will provide very useful information to the power utility companies. This is an important market trend to be involved in — the IMS report calls out annual revenue reaching or exceeding $100 million by 2015. Older devices are being replaced by next-generation decentralized grid intelligence and automation technologies that are offered by new market players, several of which received stimulus funding in years past.

Companies such as Analog Devices anticipated smart grid component growth back in 2009 during the announcement of Recovery Act smart grid initiatives by President Obama, and this company acquired PowerBUS RHINO power-line communications technology, a small privately-held Canadian company to boost its market-leading portfolio of products for energy-metering applications. Its power-line communications can transform any stand-alone meter into a device that can be controlled or monitored either locally or remotely. Signals are sent and received over existing power lines or twisted-pair wires, and negate the need for the installation of new wires or assemblies to support smart grid applications.

China has invested aggressively in smart grid technology for both domestic use and for elevating its manufacturing base. It will be interesting to see if the US increases federal funding for a smarter grid to prioritize not only energy security, but national security, amid the potential for foreign cyberattacks.

11 comments on “Iranian Cyberattacks & Energy Security

  1. Davidled
    June 10, 2013

    US government alerts a global Cyberattacks from all around world. In other hands, other country invests a tech fund to train and develop hacker.  It sound like all worlds is being invisible war every second. Cyberattack has a big impact to damage virtually the government facility.  I guess that in the next few years, UN might consider Cyberattack as actual warfare.

  2. Netcrawl
    June 10, 2013

    Interesting topic, thanks for sharing, power generation companies will need to team up with a service providers or IT security specialist that has in-depth tech experience responding to cyber threats, its pretty serious matter which involved critical infrastructures like utilities and power generation companies. 

  3. Netcrawl
    June 10, 2013

    It's a whole new wprld- its the dawn of the digital battlefield, its all about computer codes, viruese, malwares, all within the reach of your fingertips, with devastating impact on some of nation's critical infratructures. 

  4. Brad Albing
    June 11, 2013

    @DaeJ >>I guess that in the next few years, UN might consider Cyberattack as actual warfare . The UN may in fact do that, tho' I'm not sure it will matter one bit if they do.

  5. Brad Albing
    June 11, 2013

    With respect to the power companies data network, I thought I read somewhere that these networks are supposed to be completely isolated from the rest of the interwebs. Does anyone recall that?

  6. eafpres
    June 11, 2013

    Many people associate the term smart grid with smart metering.  They are actually vastly different things.  The grid is comprised of generation, distribution, transmission, and use of electricity.  There are large power conversion and management stations at generation, distribution, and transmission substations.  These must work cooperatively to balance load, deal with unusual load conditions, react to outages elsewhere, etc.  While it is nice to get address-specific consumption information via smart metering, that is only a part of the solution.

    Monitoring what is going on in all the substations, and managing switching in and out transformer capacity, and dealing with power factor issues, is essential to the health and reliabiltiy of the grid.

    An issue is that rapid deployment of M2M technology may actually create more attack points in the grid.  Although the statements about Power Line Communications are true in a certain sense, PLC is not a panacea for the entire grid.  The data signals are not able to seamlessly flow back through all the substation transformers and power conditioning equipment.  Therefore, a large amount of grid communications are and will be through other networks, creating a much larger “attack cross section”.

    An important step would be that any government funds invested in upgrading the grid in any fashion be with the caveat that minimum data/cyber security measures are in place from the hardware level all the way to the back office applications.

  7. Brad Albing
    June 11, 2013

    @eafpres – re [6/11/2013 9:26:31 PM] – probably a bunch more to discuss here regarding upgrading the power grid and the security of same – but now we're moving farther away from our analog discussions… just sayin'.

  8. eafpres
    June 11, 2013

    Hi Brad–point taken…'tho transformers and transmission lines still count as analog, yes?

  9. Brad Albing
    June 12, 2013

    @eafpres >>transformers and transmission lines still count as analog – yep – sure do -as does the ways and means to couple the Power Line Communications (PLC) data into/out of the power lines; and to get the PLC data to jump around (bypass) the distribution transformers in the substation; and to not have the PLC data attenuated by the various reactive components added to the system to tweak the power factor.

    But when we get into software and security protocols, my eyes glaze over.

  10. bjcoppa
    June 12, 2013

    Glad to see the discussion that has arisen due to the points made in this article. It is a debate worth having amid the enormous national dialogue going on now over information and cybersecurity. The power grid infrastructure is vulnerable. Increased connectivity and sensor capability along with IT power station security are necessary for the national grid to become smarter and thwart future attacks and lessen user error which can also lead to blackouts.

  11. jessepkm
    July 23, 2017

    It is very sad to know also that many of the professionals in the field of information security are not interested in working in those areas, because they choose by the giants of silicon valley and what it has to offer.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.