User:Erinbourque/sandbox

Electrical grid Electrical grid

-subsections on "Trends" could be bolstered, especially in relation to cybersecurity and cyberattacks with political motives

I could also to the above on the following articles, depending on where the subject of my first literature review (vulnerability of the U.S. electrical grid to cyberattacks) fits:

Smart grid policy in the United States

Smart grid

---

Electrical grid

Security section:

While modernization of electrical grids into smart grids allows for optimization of everyday processes, a smart grid, being online, can be vulnerable to cyberattacks. Transformers which increase the voltage of electricity created at power plants for long-distance travel, transmission lines themselves, and distribution lines which deliver the electricity to its consumers are particularly susceptible. These systems rely on sensors which gather information from the field and then deliver it to control centers, where algorithms automate analysis and decision-making processes. These decisions are sent back to the field, where existing equipment execute them. Hackers have the potential to disrupt these automated control systems, severing the channels which allow generated electricity to be utilized. This is called a denial of service or DoS attack. They can also launch integrity attacks which corrupt information being transmitted along the system as well as desynchronization attacks which affect when such information is delivered to the appropriate location. Additionally, intruders can again access via renewable energy generation systems and smart meters connected to the grid, taking advantage of more specialized weaknesses or ones whose security has not been prioritized. Because a smart grid has a large number of access points, like smart meters, defending all of its weak points can prove difficult.

The damage from a well-executed, sizable cyberattack could be extensive and long-lasting. One incapacitated substation could take from nine days to over a year to repair, depending on the nature of the attack. It can also cause an hours-long outage in a small radius. It could have an immediate effect on transportation infrastructure, as traffic lights and other routing mechanisms as well as ventilation equipment for underground roadways is reliant on electricity. Additionally, infrastructure which relies on the electric grid, including wastewater treatment facilities, the information technology sector, and communications systems could be impacted

The December 2015 Ukraine power grid cyberattack, the first recorded of its kind, disrupted services to nearly a quarter of a million people by bringing substations offline. The Council on Foreign Relations has noted that states are most likely to be the perpetrators of such an attack as they have access to the resources to carry one out despite the high level of difficulty of doing so. Cyber intrusions can be used as portions of a larger offensive, military or otherwise. Some security experts warn that this type of event is easily scalable to grids elsewhere. Insurance company Lloyd's of London has already modeled the outcome of a cyberattack on the Eastern Interconnection, which has the potential to impact 15 states, put 93 million people in the dark, and cost the country's economy anywhere from $243 billion to $1 trillion in various damages.

According to the U.S. House of Representatives Subcommittee on Economic Development, Public Buildings, and Emergency Management, the electric grid has already seen a sizable number of cyber intrusions, with two in every five aiming to incapacitate it. As such, the U.S. Department of Energy has prioritized research and development to decrease the electric grid's vulnerability to cyberattacks, citing them as an "imminent danger" in its 2017 Quadrennial Energy Review. The Department of Energy has also identified both attack resistance and self-healing as major keys to ensuring that today's smart grid is future-proof. While there are regulations already in place, namely the Critical Infrastructure Protection Standards introduced by the North America Electric Reliability Council, a significant number of them are suggestions rather than mandates. Most electricity generation, transmission, and distribution facilities and equipment are owned by private stakeholders, further complicating the task of assessing adherence to such standards. Additionally, even if utilities want to fully comply, they may find that it is too expensive to do so.

Some experts argue that the first step to increasing the cyber defenses of the smart electric grid is completing a comprehensive risk analysis of existing infrastructure, including research of software, hardware, and communication processes. Additionally, as intrusions themselves can provide valuable information, it could be useful to analyze system logs and other records of their nature and timing. Common weaknesses already identified using such methods by the Department of Homeland Security include poor code quality, improper authentication, and weak firewall rules. Once this step is completed, some suggest that it makes sense to then complete an analysis of the potential consequences of the aforementioned failures or shortcomings. This includes both immediate consequences as well as second- and third-order cascading impacts on parallel systems. Finally, risk mitigation solutions, which may include simple remediation of infrastructure inadequacies or novel strategies, can be deployed to address the situation. Some such measures include recoding of control system algorithms to make them more able to resist and recover from cyberattacks or preventative techniques that allow more efficient detection of unusual or unauthorized changes to data. Strategies to account for human error which can compromise systems include educating those who work in the field to be wary of strange USB drives, which can introduce malware if inserted, even if just to check their contents.