Sophisticated worms – automated software that spreads between computer devices – can infect an entire electric grid in a matter of seconds, but there may be effective defenses against them, according to Rob Johnson, assistant professor of computer science at Stony Brook University.
The critical role various computing devices have assumed in the daily functioning of the power grid has dramatically altered the security needs of utilities. While safeguards are already in place to protect against physical threats, like natural disasters, utilities may lack the tools to protect their networks from cyber attacks, such as worms.
Worms have the potential to disrupt, or even disable, the electrical grid. “Worms are a real problem,” said Johnson at the Advanced Energy Conference in New York on Wednesday. “The best written worms can spread through an entire network in a matter of seconds.”
“We need an automated method for responding to worms if we’re going to have a stable and reliable power grid,” Johnson said.
There are various types of worms, but Johnson homed in on the hit list worm – calling it the “ultimate” worm – as especially worrisome. It can infect the entire internet in 30 seconds, and defense mechanisms such as centralized and peer-to-peer alert systems may prove ineffective, he said.
Under a centralized network, a computer, Smart Grid device or machine that detected a worm could report it to a vendor, such as Microsoft, leaving the vendor to verify that the alert is legitimate and spread the word to other devices. But “this central server is going to be a bottleneck”. Johnson said.
Using a peer-to-peer network, the machine that detected the worm would tells its neighbors, and those neighbors would spread the message to their neighbors, etc. “But there’s a problem, which is that if we can spread an alert quickly, what’s preventing the worm from basically hijacking our network and using it to accelerate its own spread?” Johnson said.
A bipartite defensive network, in contrast, would use a peer-to-peer network, but sidestep the hijacking issue by transmitting the message only between computers using different operating systems. “Almost all the time, a worm either attacks Windows or it attacks Macs, or it attacks Linux machines, but very rarely is there a worm that attacks more than one at a time,” Johnson said.
The idea is to set up the network so that if a Windows computer detects a worm, it tells only Macs, he said. “If a worm does manage to take over that computer, it can’t use the dissemination that we spread, because all it would learn about is a bunch of Macs, which it can’t infect.”
Stony Brook researchers ran a simulation to assess at the impact of a worm using three variations on automated response systems: centralized, peer-to-peer, and bipartite defensive networks. They found that absent the bipartite defensive network, a hit list worm infected 99% of a network in under a minute. Using the defense network, “we managed to protect the vast majority of the network”, Johnson said.
But cooperation will be key, and there may be substantial technical hurdles. For example, while building a bipartite defensive network for something like a smart grid has the advantage of involving relatively few key equipment suppliers, it is unclear whether an equipment manufacturer would be willing or able to supply customers with exclusively Mac Smart Meters and exclusively Linux routers.
For now, it remains very much at the pre-implementation stage. “This is blue-sky research,” Johnson said.
