On a cold December afternoon in 2015, the lights blinked out, town by town, across western Ukraine. It was two days before Christmas, and by sunset more than 230,000 residents had lost power.
Investigators quickly identified the culprit: a cyberattack against three power distribution centers. Firewalls protected the industrial networks that controlled grid components, but hackers had snuck through the digital defenses using stolen employee usernames and passwords. Once inside, they rewrote firmware, wiped operators’ computers, and shut down nearly 60 substations. Although the power came back on by midnight, the control centers had to spend months repairing the damage to their computer systems.
The first cyberattack ever to take out an electrical grid, the Ukraine hack served as a wake-up call to an escalating threat. For more than a century, power plants had prioritized one basic mandate: constant availability. Equipment in the energy industry must be operational every moment of every day; less than a second of latency could cause serious damage — for example, if a wind blade fails to adjust its angle during gusty conditions and strikes the tower or if a gas turbine accelerates and overheats, fracturing or melting its components — and endanger any field workers who happen to be nearby.
But guarding a power plant against cyberattacks necessitates advanced security procedures — which can conflict with the split-second pace of the electrical grid. Just as typing in your email password or two-factor authentication code takes time, so does verifying that a plant’s digital systems have not been tampered with. And whereas 30 years ago, communication between pieces of equipment needed only to be fast, now many transmissions must be encrypted and decrypted.
So how can the industry balance speed and security? In an increasingly interconnected world, protecting the electrical grid must be a team effort, so GE Vernova is collaborating with government agencies, academia, and industrial companies to help provide reliable energy around the globe. As part of GE Vernova’s contribution, a team of engineers is updating an advanced computer called the industrial controller, which governs most of the company’s wind and gas turbines, solar solutions, and hydropower facilities. A component of GE Vernova’s Mark VIe* power-plant control and monitoring system, the controller is tasked with optimizing equipment performance and availability amid fluctuating operating conditions. With the update, the team thinks the controller can also make assets in the industrial power sector more cybersecure.
“These assets have to run for 20 or 30 years, and they can’t skip a beat,” says Matthias Kasten, engineering manager for embedded systems and cybersecurity at GE Vernova Gas Power. “So we’re developing a holistic security solution to protect our industrial control system, from manufacturing to installation to operation and decommissioning.”
A New Threat
Cyberattacks are as old as the internet, but they are becoming more and more sophisticated and destructive. In meticulously planned and well-resourced breaches, criminal and state-sponsored actors are taking aim at critical national infrastructure. The Ukraine attack, for example, was widely suspected to be the work of Russia’s military intelligence service.
“Industrial assets are targets not just for hobbyist hackers or petty criminals, but nation-states,” Kasten says. “We have to defend against attackers with national-level funding.”
And any hardware that communicates with an internet-connected computer can be breached. To maximize energy production and reliability in real time, most power-plant machinery is monitored and controlled by software, constantly exchanging data with a central computer. Bad actors can worm in through the same communication channels. Even if the plant’s network is physically isolated from the internet, or “air-gapped,” an employee can knowingly or unknowingly act as a Trojan horse, for example by plugging an infected USB drive into the control system.
Upgrading the Turbine’s Brain
To safeguard assets at the necessary cadence, Kasten’s team is helping develop the next-generation industrial controller. Roughly the size of a paperback novel, the controller acts as the equipment’s brain: multiple times per second, via Ethernet, it reads information from sensors, consults with the control room that coordinates the whole plant, and delivers commands back to the asset’s actuators.
To boost defenses, the team first determined which security features were absolutely necessary — jettisoning any solutions that hindered performance for only marginal improvements in protection. They also included specialized processors called cryptographic accelerators, configured to make quick work of encryption and decryption, to help ensure secure, near-instantaneous communication.
But to safeguard the system as a whole, the team had to protect each individual component. So they developed specialized defenses to shield the hardware and software in the controller, as well as all the sensors, actuators, and systems it communicates with. Their approach, called the hardware root of trust, fortifies the system from the bottom up using cryptographic verification techniques. Before a controller unit is even assembled, GE Vernova requires outsourced components — such as CPUs and memory chips — to be electronically signed and verified. A chip in the controller is dedicated to a single task: confirming that hardware and firmware in the field have not been tampered with. The operating system and any application code that runs on it must then be authenticated by an encrypted digital signature from the publishers. If a single component fails its test, the controls platform will not boot up.
Outfitted with a modern CPU, the new controller, which will be rolled out over the next year, will also be able to run advanced machine learning algorithms that the team is developing to improve equipment performance.
“Some of our offshore wind turbines have blades as long as a football field,” Kasten explains. “The weight of the tip of the blade when the wind pushes against it is equivalent to that of an elephant. Wind turbulence is like an elephant jumping up and down on the blade, but optimization algorithms can help keep the turbine running smoothly no matter what.”
By working to ensure that power generation equipment operates properly, the Mark VIe platform is instrumental in enhancing grid performance and security on a global scale. GE Vernova’s installed base generates approximately a quarter of the world’s electricity, and the Mark VIe controls over 50,000 wind turbines and more than 7,000 gas turbines globally. Looking ahead, the company also plans to use the platform with its small modular nuclear reactors — which customers hope to deploy by the end of the decade — and any other new technologies that may come online.
“The impact can be massive,” Kasten says. “The controller can help these systems run efficiently and safely so that everyone around the world can have secure access to power.”
* Mark VIe is a trademark of GE Vernova and/or its affiliates.