Episode 95 | Intelligence Island | DARPA





Cyberattacks have exploded in the past 10 years. Attacks on the grid, if successful, could potentially cost the nation billions in lost productivity.

DARPA's RADICS program is developing tools to fight these threats. Since 2018, the program has invited our nation's utilities to participate in a week-long series of exercises. The simulation envisions a cyberattack that has taken out the grid, and operators must now attempt a "black start."

Michael Toecker, Senior Engineering Consultant for the RADICS Program, has helped lead these simulations.

"The RADICS scenario imagines a pretty long period where there is no electric power, and as part of that, are we going to have Internet access?" he asks. "If we presuppose all of these things, we basically need to take everyone back to the Stone Age and build it back up again."

To simulate an attack like this, the DARPA team have taken over part of New York's Plum Island. The island itself is a bit of a mystery to the public, in large part to the Plum Island Animal Disease Center, which tests live viruses. In 2008, an unidentifiable animal washed ashore across from Plum Island, and was quickly christened the Montauk Monster.

"There is no Plum Island Monster," jokes Mike. "It does not exist."

Personally, I first heard about the RADICS program earlier this year from some colleagues who had been through the exercise. According to one first-hand account, they got some power up after the first day but were hit by another virus. "We were there a week attempting to reestablish our grid and made very little progress before we had to leave. Very eye opening experience," he told me.

"We have former military folks who design and run this exercise. They do not permit weakness from our utility participants," says Mike. He admits the first two days are "chaos," but utility participants begin to use the tools DARPA is developing.

For instance, modern utilities rely on SCADA to remote-monitor activities on their infrastructure. A cyberattack can render this equipment untrustworthy or useless. Mike says RADICS developed an "out-of-band SCADA system" to connect with points in substations and begin to get readings again.

In addition to the electrical infrastructure, the exercise also includes a natural gas pipeline simulation, where participants have to bring on compressor stations to get fuel to a "power plant." In the real world, the compressor stations would be reliant on electricity, and needed to get the gas.

In addition to the initial cyberattack, my colleague earlier described what Mike calls the "TA5" group. Even after the attack, TA5 is attempting to bring down the "grid" again, during the last two days, also known as "live adversary."

"They keep the other team on their heels by making sure that they fully corrected a problem before moving forward," adds Mike.

So why so many attempted cyberattacks now? Mike believes three factors have made these more prevalent:

  1. Utilities have a larger online presence, both external (i.e. bill pay) and internal (SCADA)
  2. Cyberattacks are more profitable
  3. "Hacking" is now commoditized or for hire

But why would a cyberattacker want to take down the grid? Mike believes an attack of that nature likely isn't financially-motivated.

"The consequences of doing that type of attack are pretty high. And I don't think anyone who wants to get into those kinds of consequences without a serious motive of their own," he says.

RADICS's 7th exercise was delayed in May 2020 due to COVID-19. However, Mike says the team is developing a virtual simulation, combined with in-person staff to provide hands, eyes, and ears.

I asked him if utilities should develop their own RADICS-style cyberattack/black start exercises. He says between the two, the tools to fight a cyberattack are key.

"One of the things I think utilities should look at is—yes—look at the black start concern here, but also try to apply it to your normal, everyday conditions."

Useful Links: