UA to lead new cybersecurity center to protect nation’s energy grid

Thanks to a multimillion dollar award announced Friday (Oct. 9) from the U.S. Department of Energy, the University of Arkansas will lead a new national center that will focus upgrading and protecting the nation’s energy grid from cyber-attacks.

University officials said the new educational venture is made possible by a $12.2 million grant from the U.S. Department of Energy, augmented by $3.3 million in matching funds from research partners.

“We’re proud to be recognized as a national leader in the area of power electronics research and security,” Alan Mantooth, distinguished professor of the university’s electrical engineering program, said in a statement. “The impact of this work is tremendous. All too frequently we are hearing of how foreign entities are hacking into U.S. computer systems. This center’s mission is directly focused on protecting America’s electric energy delivery system, and we are pleased to have a great team with which to approach these challenges.”

As principal investigator and director of the new center, Mantooth will lead a team of researchers to identify and develop solutions for vulnerabilities across the U.S. power grid. Their goal is to protect hardware assets, make systems less susceptible to cyberattack and provide reliable delivery of electricity if such an attack were to occur. Specific objectives include protecting core power grid controls and communications infrastructure, building security and privacy protection into components and services and providing security management capabilities and security testing and validation.

“By providing more reliable delivery of power as a result of reducing outages caused by cyber-attacks, the electric power system remains up, and economic loss associated with downtime is eliminated,” Mantooth said. “This is what we are seeking. And, from a homeland security perspective, the electric power grid in general becomes less susceptible to attack.”

OTHER PARTNERS
In addition to the UA researchers, all of whom are associated with the university’s National Center for Reliable Electric Power Transmission, the new cybersecurity research center includes faculty from the University of Arkansas at Little Rock, Carnegie Mellon University, Florida International University and Lehigh University. Arkansas Electric Cooperative Corporation (AECC), a Little Rock-based generation and transmission cooperative, will also serve as an industry partner. As a wholesale power provider for the state’s 17 electric distribution cooperatives, AECC will serve as the primary beta test site of all developed security tools and technologies.

“We look forward to exchanging real-world experience and knowledge with our academic partners,” said Robert McClanahan, vice president of information technology for AECC. “Cybersecurity threats are one of largest, most complicated issues that power providers face and will continue to face in the future.”

The UA-led team was one of two chosen by the Department of Energy. The other team, led by the University of Illinois, includes the University of California-Berkeley, Massachusetts Institute of Technology and Washington State University.  

OBAMA PLAN TO PROTECT ENERGY GRID
The Department of Energy award to the University of Arkansas is part of the Obama administration’s focus to protect the nation’s energy grid from cybersecurity attacks. In April 2014, the Energy Department released a new guidance to help U.S. industry strengthen energy delivery system cybersecurity. That directive developed a public-private working group that included federal agencies and private industry leaders that works on strategies to help the U.S. energy sector and technology suppliers build in cybersecurity protections during product design and manufacturing.

“As we deploy advanced technologies to make the U.S. power grid more reliable and resilient, we must simultaneously advance cybersecurity protections. The cybersecurity guidance released today will help industry further strengthen these technologies and protect our critical energy infrastructure,” said Energy Secretary Ernest Moniz.

During that same time, the Federal Energy Regulatory Commission (FERC) approved reliability standards to enhance the physical security for the most-critical Bulk-Power System facilities and reduce the overall vulnerability of the energy grid to attacks.  

ARKANSAS CONNECTIONS
The final rules, submitted by the North American Electric Reliability Corp. (NERC), reflect views expressed in 39 sets of comments on the Notice of Proposed Rulemaking issued in July 2104. The federal commission, which includes former Arkansas Public Service Commission Chairwoman Colette Honorable, had directed NERC to develop and submit new standards that require owners and operators of the nation’s energy grid to perform a risk assessment of their systems to identify and evaluate potential threats, and then develop and implement a plan to protect them against attacks.

In July, FERC commissioners made revisions to those rules to protect the power grid from additional cyber vulnerabilities and malware threats. Those updated standards addressed issues ranging from personnel and training to physical security of the bulk electric system’s cyber systems and information protection.

In an interview with Talk Business & Politics, Southwest Power Pool CEO Nick Brown said the cyber threat to the nation’s energy is “ongoing and continuing.” Partly in response to the FERC proposed standards and the SPP’s own internal reviews, Brown said cybersecurity has moved to the top of the list of important matters that are discussed at Little Rock grid operator’s monthly manager’s meetings.

“We have worked diligently to protect against any number of reliability threats to our (system),” Brown said. “Cyber (attacks) have risen to the top of the list as our primary area of focus and clearly because we are spending a lot of time and energy and trying to protect against it.”

At one of the nation’s largest regional transmission organizations, SPP’s footprint spans almost 575,000 square miles in all or parts of 14 states in the central U.S. and includes more than 800 generating plants, nearly 5,000 substations and about 56,000 miles of high-voltage transmission lines.

Officials at Midcontinent Independent System Operator, the Carmel, Ind.-based grid operator that opened a $62 million state-of-the-art command center in West Little Rock early this year, also said they were reviewing FERC’s proposed cybersecurity rules and consulting with respective stakeholders but refused further comment .

“Due to security considerations, MISO does not comment on its cybercecurity policies and procedures,” Jay Hermacinski, spokesman for the Indiana-based RTO, said in a statement.

MISO’s 50,000-square-foot Little Rock campus controls the grid operator’s South region, which includes 18,000 miles of transmission, 50,000 megawatts (MW) of general capacity, and 30,000 MW of load across parts of Arkansas, Louisiana, Mississippi, Texas and the city of New Orleans.