Your one-stop web resource providing safety and security information to manufacturers

There are plenty of security researchers dissecting and analyzing the attacks on the Ukraine power grid, but utility officials from the Ukraine and neighboring countries came to the U.S. to review a grid test bed at Iowa State.

The cyberattacks left 230,000 Ukrainians without power for up to six hours.

Power Grid Compromise
Fighting FUD from DC
Black Hat: ICS Security Movement
Black Hat: Hacking a Wind Farm

Along those lines, eight electric utility regulators from Ukraine and three other Black Sea countries – Armenia, Georgia and Moldova – came in to learn from Iowa State’s test bed showed them.

“It had a huge impact,” said David Jiles, an Iowa State Anson Marston Distinguished Professor in Engineering and Palmer Professor in Electrical and Computer Engineering and Stanley Chair in Interdisciplinary Engineering. “Seeing what we can do was enormously important to them.”

Schneider Bold

The Black Sea electricity regulators were on campus in September as part of a cybersecurity study tour sponsored by the U.S. Agency for International Development (USAID) and organized by the National Association of Regulatory Utility Commissioners.

The study tour featured three days of meetings, presentations and training sessions in Washington, D.C. Those were followed by two days of cybersecurity demonstrations and presentations at Iowa State, all organized by the university’s department of electrical and computer engineering, its Electric Power Research Center and its Information Assurance Center organized the Iowa State sessions. The Iowa leg of the tour also featured a field trip to MidAmerican Energy Co.’s control center in Urbandale.

The agency’s Cybersecurity Initiative began three years ago, said Steve Burns, the chief of USAID’s Energy and Infrastructure Division in the Bureau for Europe and Eurasia. The initiative is all about reducing the region’s vulnerabilities to cyberattacks, drafting cybersecurity strategies, boosting economic growth and increasing the region’s energy security.

Tour Final Leg
The study tour in Washington and Ames followed two previous sessions in Ukraine and Estonia.

Burns said Iowa State’s expertise was brought into the program after meeting and working with Jiles during his one-year term as a Jefferson Science Fellow and scientific adviser to the U.S. State Department and USAID.

Jiles, while using his fellowship to develop a triage tool to help countries fight off cyberattacks, suggested U.S. officials working to promote international cybersecurity should take advantage of a test bed developed at Iowa State.

The test bed is called “PowerCyber” and it’s part of grid cybersecurity studies led by Manimaran Govindarasu, Iowa State’s Ross Martin Mehl and Marylyne Munas Mehl Computer Engineering Professor; and Doug Jacobson, a University Professor of Electrical and Computer Engineering at Iowa State.

PowerCyber is a high-fidelity, remote-access tool for research and development to help train industry professionals and educate students to protect power grids. The test bed is designed to do vulnerability analysis, risk assessment, attack-defense evaluations and other tests.

The study tour’s visit to Iowa State featured several demonstrations in the PowerCyber lab, including a case study of the power grid attack in Ukraine. The visit also featured discussions of threats, lessons learned, best practices, strategy development and cybersecurity literacy.

‘Security Literacy’
“After 30 years of designing and using technology to protect systems, we still have problems and maybe we need to look at how to make the users more secure,” Jacobson said. “And so I talked about using security literacy as a way to educate users about cybersecurity concepts, threats and mitigations.”

Govindarasu said highlights of the study tour were strategic discussions of cybersecurity among academic researchers, government experts and representatives from several U.S. Department of Energy national laboratories.

One clear message to the visitors from the Black Sea countries: “Cybersecurity is a journey,” Govindarasu said. “There’s no end to it.”

Govindarasu said defense measures can start with better training for engineers to help them keep up with dynamic and evolving situations.

“A lot of this is trying to keep one step ahead,” Jiles said. “If you don’t, someone will figure out how to hack in and we’ll have problems.”

Helping the Black Sea regulators protect the power grids in their countries could also have benefits around the world.

“Cyberattacks in the region are growing in complexity and are a potential test bed for attacks in western Europe and here in the United States,” said Burns of USAID. “By working with the utilities and regulators throughout the region, we are better able to understand energy sector vulnerabilities and apply those lessons learned at home.”

After all, Jacobson said, “They are on the front line of cyberattacks against critical infrastructure.”

Pin It on Pinterest

Share This