Imagine massive blackouts, the disruption of essential government services, or hackers gaining access to millions of networked consumer devices. Birol Yeşilada has been thinking about cyber threats to infrastructure in the Pacific Northwest. Whereas attention at the national level has primarily focused on defense, transportation, and telecommunications, Yeşilada argues we should also emphasize essential infrastructure at the local and regional levels.
“For the federal government, much of the focus has been on upgrading and securing the top level of infrastructure from cyberattacks,” said Yeşilada, government faculty and director of Portland State University’s Mark O. Hatfield School of Government. “We need a top-down approach, but we also need a bottom-up approach if we’re going to protect what I call ‘America’s soft underbelly’—the vulnerabilities at local and regional governments, utilities and special districts serving the communities we live in.”
Yeşilada is the principal investigator of a new two-year, $2 million grant awarded to PSU by the National Security Agency. The grant establishes and funds a consortium of public, private and academic partners that will address cybersecurity issues related to smart grid infrastructure in the Pacific Northwest, Hawaii and Colorado. Yeşilada will work with co-investigators Tugrul Daim, PSU engineering and technology management faculty, and Barbara Endicott-Popovsky, executive director of Center for Information Assurance and Cybersecurity at the University of Washington-Bothell.
Portland State is the only Oregon university recognized as a National Center of Academic Excellence in Cybersecurity Research by the federal government. The new grant solidifies the university’s regional leadership in the area of cybersecurity risk management.
What’s the smart grid? It’s the electric grid of the 21st century, incorporating digital technology that enables two-way communication between power utilities and end-users. The smart grid promises to improve transmission and integration of renewable sources like wind, solar and wave energy, reduce demand and mitigate the impact of power outages by allowing for automatic rerouting of electricity across the grid.Still, its network connections are not without security risks. Today’s grid is susceptible to physical attacks and cyberattacks directed against power plants and other power infrastructure.But with the smart grid, a determined hacker can infiltrate a victim’s networks and computers, as demonstrated by recent cyberattacks on firms SolarWinds and Kaseya. In those cases, thousands of businesses and government agencies were caught in the net of the attacks, demonstrating just how vulnerable end-users are to cybersecurity threats by malicious actors intent on disrupting critical systems, conducting espionage, or collecting ransom.
Protecting municipal, regional and state governments, public utilities and other critical users such as healthcare providers, water, police and fire districts from cyber threats to the smart grid requires a holistic approach.
“No single entity or institution can address this kind of challenge on its own,” Yeşilada said. “You need to work together from the bottom-up.”
So what does it look like to approach addressing cybersecurity and the smart grid from the bottom-up?
“It starts with understanding what the risks and challenges are,” said Tugrul Daim, professor of engineering and technology management at Portland State University. “And to do that, we have to bring the stakeholders together.”
The stakeholders include partnering colleges and universities in the Pacific Northwest, Hawaii and Colorado, federal agencies such as the Bonneville Power Administration, the Departments of Energy and Defense, as well as private sector organizations like Portland General Electric and T-Mobile.
Through workshops with consortium partners, Daim and a team of researchers will develop technology roadmaps—management and planning tools that help link the challenges in a technology-oriented sector or business—in this case, the smart grid, to the research, development, policy and education needed to address those challenges.
Following the technology road mapping process, Yeşilada and the Portland State team, in partnership with consortium members across Washington and Idaho and the Pacific Northwest National Laboratory, will lead virtual tabletop exercises integrating real-world equipment to analyze and evaluate current technologies and uncover future smart grid solutions.
According to Daim, the goal of these exercises is to help stakeholders identify gaps within their organization and develop plans to address them. Those plans might involve investing in new technologies, workforce education and development, and advocating at the state and federal level for cybersecurity laws and policies better aligned with the challenges presented by the smart grid.
“This is the start of many years of work,” Daim said. “Cybersecurity is a big challenge. We are under attack and we need to address that.”
The new grant provides opportunities for Portland State to step in and meet some of the needs identified by consortium members, be they building communities of stakeholders, developing new technologies, providing policy expertise, or educating the next generation workforce.
“Given the threats we face, we have a long way to go,” Yeşilada said. “Hopefully, this project starts us moving in the direction of a whole-of-system approach to addressing the cybersecurity threats posed by smart grid technology.”