Starting up the power grid after a major blackout isn’t as simple as pulling out the old jumper cables and restarting a dead car battery. The self-starting “black start” generation units that can resume operation without help from the transmission grid are smaller generators. They don’t have capacity to keep the system running.
Black start generation units feed larger generators via a “cranking path,” which FERC defines as “a portion of the electric system that can be isolated and then energized to deliver electric power from a generation source to enable the start-up of one or more other generating units.” Once larger generator turbines are rotating at speeds to keep frequency at a steady 60 hertz, the lights can come back on.
It’s a complicated process that can take hours. Performing it under a cyber attack would make it even more difficult.
That’s why the U.S. Department of Energy teamed up with the Defense Advanced Research Projects Agency (DARPA) to evaluate how well grid operators could restart the power system while simultaneously battling cyber criminals. The event was dubbed Liberty Eclipse, the same name used in a 2016 DOE cybersecurity exercise. This year’s event took place the first week of November on Plum Island, a restricted Department of Homeland Security site off the coast of Long Island.
Angst and air dancers
Liberty Eclipse – the 2018 version – tasked utility workers and researchers with maintaining power at one building on Plum Island when the rest of the grid was de-energized.
The storyline they responded to was this: A crippling cyber attack had already taken out power region-wide more than a month earlier. Two utilities were working together to keep power up at a site critical to national security, when another attack took down one of the two operational units serving the load. The utilities needed to route power from the utility that was still operating to the one that wasn’t.
To demonstrate power was still flowing to the building that the utility teams were supposed to keep energized, exercise officials used “high-visibility power indication devices.” These not-so-high-tech devices are better known as air dancers, the inflatable gyrating characters you typically see on sidewalks outside places like discount tire stores. Utility workers had to sidestep a series of cyber attacks to keep the air dancers flailing their nylon arms.
“We have a bunch of things that try to make this as painful as possible for everyone,” said DARPA project leader Walter Weiss to a group of reporters on day six of the exercise. “How do you actually keep the smartest people in the world busy for a week? That takes effort.”
In fact, during one day in the exercise, an anomaly in grid operations sent researchers chasing what they thought was a cyberattack for hours. “It was just a giant false positive for a day,” Weiss said. “If you take a bunch of researchers and stick them on an island like this, they’re going to get pretty paranoid.”
Damaged trust
Ultimately, because they couldn’t trust that computer systems were untouched by the hackers, the utility workers restored power the old-fashioned way: by sending people out to manually flip the appropriate switches.
Much of the technology tested in this exercise was developed under DARPA’s research around “Rapid Attack Detection, Isolation and Characterization Systems,” a.k.a. RADICS. Started in 2015 with $77 million in federal funds, RADICS aims to “enable black start recovery of the power grid amidst a cyber-attack on the U.S. energy sector’s critical infrastructure,” according to a DARPA website.
RADICS grantees design protective technology under the assumption that utility equipment has been compromised by cyber criminals. Tim Yardley, a senior researcher and associate director of the Information Trust Institute at the University of Illinois, runs the Cyber-Physical Experimentation Environment for RADICS, a computer system of realistic models for testing and validating cyber security tools based on data from hundreds of grid operators. The system provides a way for utilities to evaluate their security measures and design more resilient approaches.
“The cyber threat to the grid is real, and the threat of potential black start is here.”
“The cyber threat to the grid is real, and the threat of potential black start is here,” Yardley told the Senate Energy and Natural Resources Committee less than a month before the exercise. He added that U.S. utilities are prepared to “address the logistics of a traditional black-start scenario,” but he fears “that we are still not prepared to do so in the face of a cyber attack that eliminates our ability to trust the systems that we use to operate and restore our grid.”
Results from Liberty Eclipse 2018 should help utilities plan for black start when cyber attack is a factor. As with the first Liberty Eclipse exercise, a report with findings from this research effort will be made public in coming months.