A newly disclosed government report warns that the power grid may become more vulnerable to hacking attacks on the Global Positioning System as grid operators expand the use of advanced monitors that depend on GPS signals.
The report by the Department of Homeland Security noted that timing signals transmitted from GPS system satellites are crucial inputs to synchrophasor systems that track operating conditions on the grid in millisecond intervals. Nearly 2,000 of the systems were installed on the North American grid as of the end of last year. Most of the rollout was funded by the 2009 American Recovery and Reinvestment Act.
The GPS signals used by the grid, the aircraft industry, financial markets and other civilian sectors, are vulnerable to attack, according to the DHS report, written in November 2012. The report was released under the Freedom of Information Act and published by the noncommercial Governmentattic.org website.
Successful attacks could including jamming to interrupt transmissions between satellites and ground receivers and "spoofing," which delivers bogus data to ground receivers.
Attacks could disable or render useless the advanced grid-monitoring systems called phasor measurement units (PMUs). The time signals from atomic clocks in GPS satellites allow grid operators to assemble operating data from many PMUs to get a wide-angle view of grid conditions. Interfering with sychrophasor data could deny grid operators the most accurate data on voltages, frequencies and generator alignments, all of which must be closely controlled at all times.
"The Energy Sector depends on GPS for providing electrical power system reliability and grid efficiency, synchronizing services among power networks, and finding malfunctions within transmission networks," according to the report, "National Risk Assessment — Risks to U.S. Critical Infrastructure from Global Positioning System Disturbances."
"The electricity subsector currently has sufficient redundancies in place to withstand most GPS disruptions, although spoofing attacks against multiple targets could cause significant service outages. However, as the electricity subsector becomes increasingly reliant on phasor measurement units (PMUs) as part of the smart grid evolution, vulnerability to GPS disruption could increase," the DHS report said.
The GPS system is vulnerable, "but there is not vulnerability of the grid as yet," said Alison Silverstein, project manager of the North American SynchroPhasor Initiative, a technology collaboration among the power industry, the North American Electric Reliability Corp., academics and the Department of Energy.
Utilities have multiple ways to collect the time signals that PMUs require, Silverstein said. "Secondly, and more immediately," she said, "no grid operating entity is as yet [solely] using synchrophasor technology for mission-critical operations." If PMU data were cut off because of a hacking attack, operators would still have older data analysis and estimating systems to represent real-time grid conditions, she added.
The GPS issue "is not going to bring down the grid anytime soon," she said.
Synchrophasor technology collects and reports grid data 100 times faster than older technologies, officials say. "Had synchrophasor data been available 10 years ago, the massive Aug. 14, 2003, Northeast blackout probably could have been averted," Silverstein said in a 2013 interview. "They could have seen problems growing on the Ohio grid at least an hour or more before the blackout occurred," she said. "A whole lot of pain could be averted." She was one of three staff directors of the U.S.-Canada task force that investigated the outage.
If jamming causes a PMU to deliver erroneous measurements, such as power frequency reading, power flow calculations based on the PMU would also be in error. "This could cause overheating to some elements of the grid in the affected area, such as overloaded lines or overloaded transformers. If the device is used for adaptive protection, in the case of a fault, coordination of the protection system could be disrupted and backup protection might operate to isolate the fault before the local protection device operates," the DHS report said.
North Korean attack
DHS noted that from 2010 through 2012, "North Korea jammed GPS signals in South Korea numerous times for periods that lasted between 4 and 16 days, disrupting GPS receivers in many cell towers in addition to over one thousand aircraft and hundreds of ships.
"It is difficult to assess fully the nature, intent, and source of threats to the GPS signal — particularly disruptions affecting critical infrastructure — partly because the United States does not have a nationally integrated capability to detect, identify, and locate GPS service interruptions. However, most user-reported interference events are not malicious. Government testing, equipment malfunctions, software updates, and other issues have the potential to increase the severity or duration of an event. …
"Natural phenomena like geomagnetic storms can also create wide-scale degradations depending on their severity. Producing wide-scale degradation through jamming may require nation-state capabilities, but the power needed to broaden such jamming impacts would also expose the jamming source to identification and interdiction more quickly," DHS said.
Industry experts who reviewed the issue with DHS officials agreed that outages are unlikely because of the redundancy in the grid.
The experts were divided on the effects of an attack with multiple, intermittent jammers, which would be difficult to identify, locate and disable, "thus enabling effects to persist for up to or more than 30 days." Most experts (who were not identified in the report) thought the impact on power delivery would be isolated, although some thought there could be "widespread degradation" of service, resulting in isolated outages.
A 2012 report by researchers from Carnegie Mellon University and Coherent Navigation, a San Mateo, Calif., firm, concluded that "GPS and GPS-dependent systems are significantly more vulnerable than previously thought." The team ran intrusion tests on common GPS equipment, concluding, "The overall landscape of GPS vulnerabilities is startling." The report also proposed advanced defensive strategies to protect GPS systems.
"Low-end" GPS receivers rely on simple software, the researchers said. But high-end systems, including Internet-linked servers, are significantly more complex. "We show the software stack [in such servers] can be compromised, in some cases remotely," the team said. "Since GPS receivers are typically treated as devices, not computers, such vulnerabilities are likely to go unpatched, and represent a serious vulnerability in critical applications."
They added, "Higher-level software and systems routinely treat GPS navigation solutions as trusted inputs." That can permit GPS attacks to flow up to dependent software on systems that rely on GPS signals. The researchers said they showed that the date function of PMUs used in the "smart grid" can be permanently desynchronized.
Jane’s Intelligence Review reported in March that while military-grade GPS systems are "generally far more resilient than the unencrypted devices used by civilians," terrorist groups and criminal organizations are seeking to gain technological capabilities to expand attack capabilities.
Silverstein said the threats to the grid are recognized. "We are recommending that no system use GPS alone" as a source of critical data "because of the vulnerabilities," she said. Grid operators should have redundant sources of time signals in case the GPS signal is lost or corrupted, she added. "More and more designers of systems are building in alternative timing methods," she said.
The Federal Energy Regulatory Commission’s regulations on cybersecurity do not deal specifically with protections of synchrophasors from attacks on GPS systems.
Some members of Congress have been pressing federal agencies to develop a backup system for the GPS network. Rep. John Garamendi (D-Calif.) said at a hearing in July that the need for backup has been recognized since 2001.
"This is a very significant national security issue," said Garamendi, a member of the House Armed Services Committee, "and cannot be delayed any longer."