Powering through cyber threats: Securing the grid in the digital age

Posted: January 17, 2025

What would you do if the power went out—and didn't come back on for days? What if no one in the country had any power? It might sound like fiction, but the prospect of a big, long blackout is a real concern.

Power grids keep the lights on in our homes, power our businesses, and support essential services such as hospitals. However, as these systems rely increasingly on digital technologies, they become more vulnerable to cyberattacks.

Cyberattack threats on utilities have increased^[1] dramatically since 2018, reaching frightening levels in 2022 following Russia’s invasion of Ukraine. At the Aspen Cybersecurity Summit on September 18, 2024, FBI Director Christopher Wray warned: “Cyber criminals and nation-state hackers alike have demonstrated that they’re not only willing but more and more able to hit the services people really cannot live without—things like hospitals and schools, utility companies and transportation providers.” He said that over the past four years, 15 of the U.S.’s 16 critical infrastructure sectors, including telecommunications, energy, and emergency services, have all fallen victim to ransomware.^[2]

In May 2021, in one of the biggest cyberattack incidents in the energy industry, fuel pipeline operator Colonial Pipeline was forced to shut down its entire network.^[3] Last year, the “Five Eyes” intelligence services of the US, Britain, Australia, Canada and New Zealand, warned that the Chinese state-sponsored group Volt Typhoon^[4] had been lurking in critical infrastructure in the US for at least five years.^[5] Affected organizations included maritime ports, internet service providers, communications, utilities, pipelines, mass transit and water and wastewater plants. The hack seemed to aim at taking physical control of this infrastructure rather than simply gathering intelligence. In April, FBI Director Christopher Wray gave a speech^[6] in which he said that the Chinese government is developing: "[the] ability to physically wreak havoc on our critical infrastructure at a time of its choosing…Its plan is to land low blows against civilian infrastructure to try to induce panic." The group attacks targeted^[7] equipment such as cameras, routers, modems, firewalls, and virtual private networks (VPNs) to create botnets^[8] that allow it to lie in wait for future attacks. Although the U.S. authorities launched a botnet takedown last year, the threat remains.^[9]

What makes the power grid vulnerable to cyberattacks?

The power grid was built decades ago, long before cybersecurity was a concern. In 2021,  the American Society of Civil Engineers gave the U.S. energy sector a C- grade,^[10] writing that “the majority of the nation’s grid is aging, with some components over a century old—far past their 50-year life expectancy—and others, including 70% of [transmission and distribution] lines, are well into the second half of their lifespans.”

U.S. utilities invest^[11] over $100 billion annually in upgrades, yet vulnerabilities persist. Older equipment lacks the advanced security features necessary to protect against modern threats, exposing the grid to attacks. Paradoxically, the digital transformation of the power grid also introduces vulnerabilities^[12] to cyberattacks. The interconnected nature of smart grids, which rely on internet-accessible technologies, expands the attack surface for cybercriminals.

For example, the proliferation of the Internet of Things devices in smart homes and businesses, such as smart thermostats and energy management systems, connects more devices to the grid. Many of these devices have poor security, making them easy targets for hackers.

The diversity of technologies within the grid presents another challenge. Equipment from various vendors comes with its own security standards, creating inconsistencies across the system. Implementing a uniform cybersecurity framework becomes nearly impossible, leaving gaps that hackers can exploit.

The grid’s reliance on real-time data is both its strength and its Achilles’ heel. Supervisory Control and Data Acquisition (SCADA) systems, for instance, play a critical role in monitoring and controlling power distribution. But because these systems depend on accurate, uninterrupted data, they are prime targets for cyberattacks. If attackers manipulate or disrupt the data flow, they could destabilize the entire grid.

Can AI help anticipate cyberattacks?

AI is transforming grid security by allowing the detection of anomalies that could indicate a cyberattack. For example, researchers from the Department of Energy's Oak Ridge National Laboratory and other collaborators are working on a project to develop a collection of machine learning-based tools to boost cybersecurity for the US power grid.

The new tool suite, AI-PhyX, is designed to streamline the collection and analysis of cybersecurity-related data to identify vulnerabilities, detect attacks, mitigate threats, and recover from incidents. The goal is to create a unified platform that combines various cybersecurity applications into one system, making it easier for utilities to manage their security efforts without facing fragmented analyses.

Similarly, Georgia Tech is developing a new AI method called DerGuard to enhance the security of renewable energy sources and local generators connected to the power grid. This project focuses on protecting distributed energy resources (DER), such as rooftop solar panels, controllable electric vehicle chargers, and battery storage systems, often found in low-voltage areas of the grid.

The concern is that if these systems are hacked, attackers could manipulate them to cause widespread issues, such as overloading equipment and voltage fluctuations, which could lead to blackouts and significant disruptions for customers. DerGuard aims to identify critical DERs that, if compromised, could cause the most damage to the power grid.  

Efforts to anticipate attacks are supported by collaboration among government agencies, utilities, and researchers. The U.S. Department of Energy has funded numerous initiatives to improve grid cybersecurity, including a $45 million investment^[13] in projects like AI-PhyX and DerGuard.

Beyond AI: The future of cybersecurity in power grids

While AI is at the core of defense, other technologies complement its capabilities.

Blockchain technology, for example, is a secure database system that organizes data into linked blocks to allow transparent information sharing across a network. It improves security by using consensus algorithms, ensuring that all parties agree on the data being shared, and maintaining an immutable ledger that prevents data manipulation. This makes it harder for cybercriminals to alter or tamper with information.

Meanwhile, quantum computing promises unbreakable encryption and secure communication protocols, and Large Language Models might secure communications in digital substations, the modern version of traditional electrical substations that uses advanced technology to improve how electricity is managed and distributed.

Anticipating cyberattacks on the power grid requires constant innovation and investment in advanced technologies. By combining AI with collaborative efforts, and emerging technologies, the energy sector can build a resilient, future-ready power grid capable of withstanding the evolving cyber threat landscape.

^{[1] US electric grid growing more vulnerable to cyberattacks, regulator says, Reuters, April 4, 2024
[2] 2024 Aspen Cyber Summit
[3] Cyber attack shuts down U.S. fuel pipeline ‘jugular,’ Biden briefed, Reuters, May 8, 2021
[4] PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure, February 07, 2024
[5] Chinese hackers are deep inside America’s telecoms networks, The Economist, December 12, 2024
[6] FBI says Chinese hackers preparing to attack US infrastructure, Reuters, April 18, 2024
[7] What is Volt Typhoon? A cybersecurity expert explains the Chinese hackers targeting US critical infrastructure, The Conversation, March 29, 2024
[8] What is a botnet? How can you protect your device? cybernews, November 15, 2023
[9] China's attacks on U.S. infrastructure aren't going anywhere, Axios, April 14, 2024
[10] American Society of Civil Engineers 2021 report
[11] Grid infrastructure investments drive increase in utility spending over the last two decades, November 18, 2024
[12] A Comprehensive Survey on the Security of Smart Grid: Challenges, Mitigations, and Future Research Opportunities, Computer Science, July 10, 2024
[13] DOE Announces $45 Million to Protect Americans From Cyber Threats and Improve Cybersecurity in America's Energy Sector, U.S. Department of Energy, February 26, 2024}