Main menu


The Department of Defense used hacker ingenuity to test microgrid technology at DEF CON

featured image

Written by Suzanne Smalley

The Department of Defense plans to deploy local self-contained power grids (microgrids) at 134 Army bases starting this fall. But first, they tested the technology at his DEF CON and asked for help finding potentially devastating vulnerabilities so hackers could better avoid cyberattacks.

collaboration Deployed last weekend at the annual cybersecurity and hacking conference in Las Vegas, more than 1,700 DEF CON attendees took part in the Department of Defense microgrid hacking challenge, many of whom successfully shut down a mock grid. .

Benny was one of them. An ethical hacker from Colorado who doesn’t want to give out his last name, he short-circuited the Pentagon’s model his microgrid after several minutes of trying various attacks.

“When you lose public infrastructure, you lose stability, and it forces hackers to think about how to break in, how to manipulate data, and the impact of data being manipulated. That’s a very good idea.” I think,” he said.

That’s exactly what the Pentagon is aiming for. The defense official said he attended DEF CON in hopes of finding potential hacks and working to prevent them because he understands that microgrids can be vulnerable. I was.

“Like the more experimental ones we are considering, the new microgrid will [being] … automatically connected to weather data,” said Katie Olson, director of Defense Digital Services, a team of hackers, engineers and data scientists within the Department of Defense. Olson said hackers would see this as an “easy opportunity to wreak havoc on the grid by forcing large amounts of data into it.” [falsely] Saying, “It’s windy today,” [it] overload. ”

The Army is pushing its microgrid efforts because the system is energy-efficient, cost-effective, and keeps the base running even in the event of large-scale power grid losses due to cyberattacks or natural disasters. Because you can But there are also drawbacks. Microgrids rely on advanced technologies that connect various components that provide intelligence and automation, making them vulnerable to a variety of attacks.

“In general, renewable energy projects are very often smart energy projects and are inherently connected to online systems and networks, making them susceptible to cybersecurity attacks,” says Energy Security and Climate Change Program at the Center for Strategic and International Studies. “Failure to perform due diligence on some of these hacking exercises could raise significant security and operational concerns, especially for military installations.”

“We know the nation’s power grid is under constant stress. , we know there are clear cybersecurity threats.”

Jarrod Ross, U.S. Army

DEF CON hackers tried many creative ways to disrupt the grid. One of the most successful examples was the insertion of bad code into the National Oceanic and Atmospheric Administration weather forecast that the microgrid relies on to function.

In this way, Benny and many other hackers at DEF CON were able to disable the wind turbines and solar panels that power the brightly lit model district that is the heart of the game. Each time the hackers won a challenge, the lights in the neighborhood’s homes would flicker on and off, and a small wind turbine would turn red, smoke, and fall to the ground. According to officials, what was of value to DDS was that he saw the various creative ways DEF CON participants found to manipulate the predictive data that the model microgrid relies on.

Nick Ashworth is a Technical Architect at DDS working on microgrid resilience. He is a veteran engineer and former naval tactical cyber electronic warfare expert. But on Saturday, he discovered that because the microgrid operates on a Kelvin temperature scale that doesn’t use negative values, it’s possible to insert negative numbers into the grid’s prediction model and crash the system. Betrayed by a young man.

He said hacking was something no one at DDS had thought of yet.

“She came over and had fun and kicked her ass,” Ashworth said. She said, ‘Well, can we go below zero?'”

Ashworth told her she could. When she asked what happened to her girl, he says he told her. Physics has a real problem with that. ”

It’s critical that the Pentagon do a good job of cybersecurity protections for the microgrid, officials said. In addition to national security concerns due to unpowered military installations, microgrid performance also impacts ordinary people as areas near military installations are also connected to the network. increase.

Ashworth said this was a good thing, noting that 246 people were killed in a powerful winter storm that hit Texas in February 2022. If these storms occurred while microgrids were running at U.S. military installations, the system could have been able to power homes occupied by vulnerable people, he said.

That may be true, but experts say microgrids are susceptible to cyber-attacks, despite their status as fail-safes for regular power grids. Some question whether it is reliable as a power source.

“You are actually making [the Army base] Creating a smart grid makes it more susceptible to cyberattacks because there are entrances and points of entry where people can get in and trick the system,” said the Center for Sustainable Electric Energy Systems at the University of Wisconsin-Milwaukee. said Rob Cuzner, president of Consultant for Navy microgrid projects. “There’s not a lot of network communication with traditional grids.”

That’s why Paul Farnan, the Army’s Deputy Assistant Secretary for Bases and Environment, believes DDS support is important.

“We need the technical expertise that DDS brings, and the technical expertise that this whole community here has to bring to educate us,” said DDS, formerly of the Microgrid Partnership. Farnan said he didn’t know.

California’s Fort Hunter Liggett will be the first Army facility to get a microgrid when construction is completed next year at a reported price of $21.6 million. Ashworth’s team will head west in his February to conduct penetration tests on the site and manually check the grid for vulnerabilities. DDS also plans a bug bounty program to further test the microgrid. Ashworth said the Army will use the findings as a template to create new cybersecurity standards for microgrids.

Ashworth and his team see the project as a big bet, but that doesn’t mean they didn’t enjoy DEF CON. Recalling teenage girl Kelvin her trick, Ashworth grinned and said,