Marines look to solar and biofuel power generation

Lawa Hydropower Station approved on the Jinsha River, a Yangtze tributary, delivers 2,000 MW via four units; 784 ft dam, 12 sq mi reservoir, Sichuan-Tibet site, US$4.59b investment, Huadian stake, renewable energy generation.

Key Points

A 2,000 MW dam project on the Jinsha River with four units, a 784 ft barrier, and 8.36 billion kWh annual output.

✅ Sichuan-Tibet junction on the Jinsha River

✅ 2,000 MW capacity; four turbine-generator units

✅ 8.36 bn kWh/yr; US$4.59b total; Huadian 48% stake

China has approved construction of the 2,000-MW Lawa hydropower station, a Yangtze tributary hydropower project on the Jinsha River, multiple news agencies are reporting.

Lawa, at the junction of Sichuan province and the Tibet autonomous region, will feature a 784-foot-high dam and the reservoir will submerge about 12 square miles of land. The Jinsha River is a tributary of the Yangtze River, and the project aligns with green hydrogen development in China.

The National Development and Reform Commission of the People’s Republic of China, which also guides China's nuclear energy development as part of national planning, is reported to have said that four turbine-generator units will be installed, and the project is expected to produce about 8.36 billion kWh of electricity annually.

Total investment in the project is to be US$4.59 billion, and Huadian Group Co. Ltd. will have a 48% stake in the project, reflecting overseas power infrastructure activity, with minority stakes held by provincial firms, according to China Daily.

In other recent news in China, Andritz received an order in December 2018 to supply four 350-MW reversible pump-turbines and motor-generators, alongside progress in compressed air generation technologies, for the 1,400-MW ZhenAn pumped storage plant in Shaanxi province.

Related News

• Electricity Forum News

• Power Generation News

US Power Grid Cyberattacks target utilities and nuclear plants, probing SCADA, ICS, and business networks at sites like Wolf Creek; suspected Russian actors, malware, and spear-phishing trigger DHS and FBI alerts on critical infrastructure resilience.

Key Points

Intrusions on energy networks probing ICS and SCADA, seeking persistence and elevating risks to critical infrastructure.

✅ Wolf Creek nuclear plant targeted; no operational systems breached

✅ Attackers leveraged stolen credentials, malware, and spear-phishing

✅ DHS and FBI issued alerts; utilities enhance cyber resilience

Hackers working for a foreign government recently breached at least a dozen US power plants, including the Wolf Creek nuclear facility in Kansas, according to current and former US officials, sparking concerns the attackers were searching for vulnerabilities in the electrical grid.

The rivals could be positioning themselves to eventually disrupt the nation’s power supply, warned the officials, who noted that a general alert, prompting a renewed focus on protecting the U.S. power grid, was distributed to utilities a week ago. Adding to those concerns, hackers recently infiltrated an unidentified company that makes control systems for equipment used in the power industry, an attack that officials believe may be related.

The chief suspect is Russia, according to three people familiar with the continuing effort to eject the hackers from the computer networks. One of those networks belongs to an ageing nuclear generating facility known as Wolf Creek -- owned by Westar Energy Inc, Great Plains Energy Inc, and Kansas Electric Power Cooperative Inc -- on a lake shore near Burlington, Kansas.

The possibility of a Russia connection is particularly worrying, former and current official s say, because Russian hackers have previously taken down parts of the electrical grid in Ukraine and appear to be testing increasingly advanced tools, including cyber weapons to disrupt power grids, to disrupt power supplies.

The hacks come as international tensions have flared over US intelligence agencies’ conclusion that Russia tried to influence the 2016 presidential election, and amid U.S. government condemnation of Russian power-grid hacking in recent advisories. The US, which has several continuing investigations into Russia’s activities, is known to possess digital weapons capable of disrupting the electricity grids of rival nations.

“We don’t pay attention to such anonymous fakes,” Kremlin spokesman Dmitry Peskov said, in response to a request to comment on alleged Russian involvement.

It was unclear whether President Donald Trump was planning to address the cyber attacks at his meeting on Friday with Russian President Vladimir Putin. In an earlier speech in Warsaw, Trump called out Russia’s “destabilising activities” and urged the country to join “the community of responsible nations.”

The Department of Homeland Security and Federal Bureau of Investigation said they are aware of a potential intrusion in the energy sector. The alert issued to utilities cited activities by hackers since May.

“There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks,” the government agencies said in a joint statement.

The Department of Energy also said the impact appears limited to administrative and business networks and said it was working with utilities and grid operators to enhance security and resilience.

“Regardless of whether malicious actors attempt to exploit business networks or operational systems, we take any reports of malicious cyber activity potentially targeting our nation’s energy infrastructure seriously and respond accordingly,” the department said in an emailed statement.

Representatives of the National Security Council, the Director of National Intelligence and the Nuclear Regulatory Commission declined to comment. While Bloomberg News was waiting for responses from the government, the New York Times reported that hacks were targeting nuclear power stations.

The North American Electric Reliability Corp, a nonprofit that works to ensure the reliability of the continent’s power system, said it was aware of the incident and was exchanging information with the industry through a secure portal.

“At this time, there has been no bulk power system impact in North America,” the corporation said in an emailed statement.

In addition, the operational controls at Wolf Creek were not pierced, according to government officials, even as attackers accessed utility control rooms elsewhere in the U.S., according to separate reports. “There was absolutely no operational impact to Wolf Creek,” Jenny Hageman, a spokeswoman for the nuclear plant, said in a statement to Bloomberg News.

“The reason that is true is because the operational computer systems are completely separate from the corporate network.”

Determining who is behind an attack can be tricky. Government officials look at the sophistication of the tools, among other key markers, when gauging whether a foreign government is sponsoring cyber activities.

Several private security firms, including Symantec researchers, are studying data on the attacks, but none has linked the work to a particular hacking team or country.

“We don’t tie this to any known group at this point,” said Sean McBride, a lead analyst for FireEye Inc, a global cyber security firm. “It’s not to say it’s not related, but we don’t have the evidence at this point.”

US intelligence officials have long been concerned about the security of the country’s electrical grid. The recent attack, striking almost simultaneously at multiple locations, is testing the government’s ability to coordinate an effective response among several private utilities, state and local officials, and industry regulators.

Specialised teams from Homeland Security and the FBI have been scrambled to help extricate the hackers from the power stations, in some cases without informing local and state officials. Meanwhile, the US National Security Agency is working to confirm the identity of the hackers, who are said to be using computer servers in Germany, Italy, Malaysia and Turkey to cover their tracks.

Many of the power plants are conventional, but the targeting of a nuclear facility adds to the pressure. While the core of a nuclear generator is heavily protected, a sudden shutdown of the turbine can trigger safety systems. These safety devices are designed to disperse excess heat while the nuclear reaction is halted, but the safety systems themselves may be vulnerable to attack.

Homeland Security and the FBI sent out a general warning about the cyber attack to utilities and related parties on June 28, though it contained few details or the number of plants affected. The government said it was most concerned about the “persistence” of the attacks on choke points of the US power supply. That language suggests hackers are trying to establish backdoors on the plants’ systems for later use, according to a former senior DHS official who asked not to be identified.

Those backdoors can be used to insert software specifically designed to penetrate a facility’s operational controls and disrupt critical systems, according to Galina Antova, co-founder of Claroty, a New York firm that specialises in securing industrial control systems.

“We’re moving to a point where a major attack like this is very, very possible,” Antova said. “Once you’re into the control systems -- and you can get into the control systems by hacking into the plant’s regular computer network -- then the basic security mechanisms you’d expect are simply not there.”

The situation is a little different at nuclear facilities. Backup power supplies and other safeguards at nuclear sites are meant to ensure that “you can’t really cause a nuclear plant to melt down just by taking out the secondary systems that are connected to the grid,” Edwin Lyman, a nuclear expert with the Union of Concerned Scientists, said in a phone interview.

The operating systems at nuclear plants also tend to be legacy controls built decades ago and don’t have digital control systems that can be exploited by hackers. Wolf Creek, for example, began operations in 1985. “They’re relatively impervious to that kind of attack,” Lyman said.

The alert sent out last week inadvertently identified Wolf Creek as one of the victims of the attack. An analysis of one of the tools used by the hackers had the stolen credentials of a plant employee, a senior engineer. A US official acknowledged the error was not caught until after the alert was distributed.

According to a security researcher who has seen the report, the malware that activated the engineer’s username and password was designed to be used once the hackers were already inside the plant’s computer systems.

The tool tries to connect to non-public computers, and may have been intended to identify systems related to Wolf Creek’s generation plant, a part of the facility typically more modern than the nuclear reactor control room, according to a security expert who asked to note be identified because the alert is not public.

Even if there is no indication that the hackers gained access to those control systems, the design of the malware suggests they may have at least been looking for ways to do so, the expert said.

Stan Luke, the mayor of Burlington, the largest community near Wolf Creek, which is surrounded by corn fields and cattle pastures, said he learned about a cyber threat at the plant only recently, and then only through golfing buddies.

With a population of just 2,700, Burlington boasts a community pool with three water slides and a high school football stadium that would be the envy of any junior college. Luke said those amenities lead back to the tax dollars poured into the community by Wolf Creek, Coffey County’s largest employer with some 1,000 workers, 600 of whom live in the county.

E&E News first reported on digital attacks targeting US nuclear plants, adding it was code-named Nuclear 17. A senior US official told Bloomberg that there was a bigger breach of conventional plants, which could affect multiple regions.

Industry experts and US officials say the attack is being taken seriously, in part because of recent events in Ukraine. Antova said that the Ukrainian power grid has been disrupted at least twice, first in 2015, and then in a more automated attack last year, suggesting the hackers are testing methods.

Scott Aaronson, executive director for security and business continuity at the Edison Electric Institute, an industry trade group, said utilities, grid operators and federal officials were already dissecting the attack on Ukraine’s electric sector to apply lessons in North America before the US government issued the latest warning to “energy and critical manufacturing sectors”. The current threat is unrelated to recently publicised ransomware incidents or the CrashOverride malware, Mr Aaronson said in an emailed statement.

Neither attack in Ukraine caused long-term damage. But with each escalation, the hackers may be gauging the world’s willingness to push back.

“If you think about a typical war, some of the acts that have been taken against critical infrastructure in Ukraine and even in the US, those would be considered crossing red lines,” Antova said.

Related News

• Electricity Forum News

• Grid Technologies News

CER Interactive Electricity Bill Tool compares provincial electricity prices, fees, taxes, and usage. Explore household appliance costs, hydroelectric generation, and consumption trends across Canada with interactive calculators and a province-by-province breakdown.

Key Points

An online CER report with calculators comparing electricity prices, fees, and usage to explain household energy costs.

✅ Province-by-province bill, price, and consumption comparison

✅ Calculator for appliance and electronics energy costs

✅ Explains fees, taxes, regulation, and generation sources

Canadians have a new way to assess their electricity bill in a new, interactive online report released by the Canada Energy Regulator (CER).

The report titled What is in a residential electricity bill? features a province-to-province comparison of electricity bills, generation and consumption. It also explains electricity prices across the country, including how Calgary electricity prices have changed, allowing people to understand why costs vary depending on location, fees, regulation and taxes.  

Learn how fees and usage impacts your electricity bill in new online CER tool
Interactive tools allow people to calculate the cost of household appliances and electronic use for each province and territory, and to understand how Ontario rate increases may affect monthly bills. For example, an individual can use the tools to find out that leaving a TV on for 24-hours in Quebec costs $5.25 per month, while that same TV on for a whole day would cost $12.29 per month in Saskatchewan, $20.49 per month in the Northwest Territories, and $15.30 per month in Nova Scotia.

How Canadians use energy varies as much as how provinces and territories produce it, especially in regions like Nunavut where unique conditions influence costs. Millions of Canadians rely on electricity to power their household appliances, charge their electronics, and heat their homes. Provinces with abundant hydro-electric resources like Quebec, B.C., Manitoba, and Newfoundland and Labrador use electricity for home heating and tend to consume the most electricity.

By gathering data from various sources, this report is the first Canadian publication that features interactive tools to allow for a province-by-province comparison of electricity bills while highlighting different elements within an electricity bill, a helpful context as Canada faces a critical supply crunch in the years ahead.

The CER monitors energy markets and assesses Canadian energy requirements and trends, including clean electricity regulations developments that shape pricing. This report is part of a portfolio of publications on energy supply, demand and infrastructure that the CER publishes regularly as part of its ongoing market monitoring.

"No matter where you go in the country, Canadians want to know how much they pay for power and why, especially amid price spikes in Alberta this year," says lead author Colette Craig. "This innovative, interactive report really explains electricity bills to help everyone understand electricity pricing and consumption across Canada."

Quick Facts

• Quebec ranks first in electricity consumption per capita at 21.0 MW.h, followed by Saskatchewan at 20.0 MW.h, Newfoundland and Labrador at 19.3 MW.h.
• About 95% of Quebec's electricity is produced from hydroelectricity.
• Provinces that use electricity for home heating tend to consume the most electricity.
• Canada's largest consuming sector for electricity was industrial at 238 TW.h. The residential and commercial sectors consumed 168 TW.h and 126 TW.h, respectively.
• In 2018, Canada produced 647.7 terawatt hours (TW.h) of electricity. More than half of the electricity in Canada (61%) is generated from hydro sources. The remainder is produced from a variety of sources, such as fossil fuels (natural gas and petroleum), nuclear, wind, coal, biomass, solar.
• Canada is a net exporter of electricity. In 2019, net exports to the U.S. electricity market totaled 47.0 TW.h.
• The total value of Canada's electricity exports was $2.5 billion Canadian dollars and the value of imports was $0.6 billion Canadian dollars, resulting in 2019 net exports of $1.9 billion.
• All regions in Canada are reflected in this report but it does not include data that reflects the COVID-19 lockdown and its effects on residential electricity bills.
   

Related News

• Electricity Forum News

• Energy Policy News

Gulf Power 40% One-Time Bill Decrease approved by the Florida Public Service Commission delivers a May fuel credit and COVID-19 relief, cutting residential and business costs across rate classes while supporting budgeting and energy savings.

Key Points

PSC-approved fuel credit cutting May electric bills about 40% for homes and 40-55% for businesses as COVID-19 relief.

✅ One-time May fuel credit on customer bills

✅ Residential cut ~40%; business savings 40-55% by rate class

✅ Online tools show daily usage and projected bill

Gulf Power announced that the Florida Public Service Commission unanimously approved its request to issue a one-time decrease of approximately 40% for the typical residential customer bill beginning May 1, similar to recent Georgia Power bill reductions seen elsewhere. Business customers will also see a significant one-time decrease of approximately 40-55% in May, depending on usage and rate class.

"We are pleased that the Florida Public Service Commission has approved our request to deliver this savings to our customers when they need it most. We felt that this was the right thing to do, especially during times like these," said Gulf Power President Marlene Santos. "Our customers and communities now more than ever count on the reliable and affordable energy we deliver, and we are pleased that May bills will reflect this additional, significant savings for our customers."

In Florida, fuel savings are typically refunded to customers over the remainder of the year to provide level, predictable bills. However, given the emergent and significant financial challenges facing many customers due to COVID-19, Gulf Power instead sought approval to give customers the total annual savings in their May bill, similar to a lump-sum electricity credit approach, which will be reflected as a line-item fuel credit on their May statement.

New tools to help save energy and money

Many customers are working from home and, in general, staying at home more. More time and extra people in the home will likely increase power usage, which could lead to higher monthly bills.

Gulf Power recently added new tools to our customers' online account portal to help them better understand and manage their energy usage, including their monthly projected bill amount and a breakdown of daily energy usage, which is available for most residential customers*. Customers can now see their previous day's energy usage using their online account portal to help them more easily understand how their previous day's activities impacted energy usage, allowing them to quickly make adjustments to keep bills low. The new projected bill feature is a valuable tool to assist customers in budgeting for their next month's energy bill.

Additional energy-saving tips that can be implemented with no additional cost or equipment are also available. As always, Gulf Power's free online Energy Checkup tool will provide customers with a customized report based on their home's actual energy use.

Helping customers pay their bills

Gulf Power has a long history of working with its customers during difficult times, including periods of pandemic-related energy insecurity, and will continue to do so. Gulf Power encourages customers that are having difficulty paying their energy bill to visit GulfPower.com/help to view available resources that can provide assistance to qualifying customers.

Customers are encouraged to pay their electric bill balance each month to avoid building up a large balance, which they will continue to bear responsibility for. Gulf Power will work with the customer's personal situation and assist with a solution, similar to how utilities in Texas have waived fees during this period, to help customers fulfill their personal responsibility for their Gulf Power balance.

Those who can afford or want to help others who may need assistance with their energy bill can make a donation to Project SHARE in your online customer portal. Project SHARE donations are added to a customer's monthly bill and all contributions are distributed to local offices of The Salvation Army. Customers in need of utility bill assistance can apply for Project SHARE assistance at The Salvation Army office in their county.

Supporting our communities

The Gulf Power Foundation gave $500,000 to United Way organizations across Northwest Florida to assist those most vulnerable during this time, which has helped support food, housing and other essential needs throughout the region. In addition, the Foundation recently made a $10,000 donation to Feeding the Gulf Coast and launched an employee donation campaign to provide food for our neighbors in need, while Entergy emergency relief fund offers a similar example of industry support. In total, Gulf Power and its fellow NextEra Energy companies and employees have so far committed more than $4 million in COVID-19 emergency assistance funds that will be distributed directly to those in need and to partner organizations working on the frontlines of the crisis to provide critical support to the most vulnerable members of the community.

Lower fuel costs are enabling Gulf Power to issue a one-time decrease of approximately 40% for the typical residential customer bill in May, even as FPL faces a hurricane surcharge controversy in the state
- a significant savings amid the ongoing COVID-19 pandemic

Gulf Power will deliver savings to customers through a one-time bill decrease, rather than the standard practice of spreading out savings over the remainder of the year, even as FPL proposes multi-year rate hikes elsewhere

Related News

• Electricity Forum News

• Energy Policy News

UK Coal-Free Electricity Record highlights rapid growth in renewables as National Grid phases out coal; wind, solar, and offshore projects surge, green tariffs expand, and energy comparison helps consumers switch to cheaper, cleaner deals.

Key Points

Britain's longest coal-free run, enabled by renewables, lower demand, and grid shifts for cheaper, greener tariffs.

✅ Record set after two months without coal-fired generation

✅ Renewables outpace fossil fuels; wind and solar dominate

✅ Green tariffs expand; prices at three-year lows

On Wednesday 10 June, Britain hit a significant landmark: the UK went for two full months without burning coal to generate power – that's the longest period since the 1880s, following earlier milestones such as a full week without coal power in the recent past.

According to the National Grid, Britain has now run its electricity network without burning coal since midnight on the 9 April. This coal-free period has beaten the country’s previous record of 18 days, six hours and 10 minutes, which was set in June 2019, even though low-carbon generation stalled in 2019 according to analyses.

With such a shift in Britain’s drive for renewables and lower electricity demand following the coronavirus lockdown, as Britain recorded its cleanest electricity during lockdown to date, now may be the perfect time to do an online energy comparison and switch to a cheaper, greener deal.

Only a decade ago, around 40 per cent of Britain’s electricity came from coal generation, but since then the country has gradually shifted towards renewable energy, with the coal share at record lows in the system today. When Britain was forced into lockdown in response to the coronavirus pandemic, electricity demand dropped sharply, and the National Grid took the four remaining coal-fired plants off the network.

Over the past 10 years, Britain has invested heavily in renewable energy. Back in 2010, only 3 per cent of the country's electricity came from wind and solar, and many people remained sceptical. However, now, the UK has the biggest offshore wind industry in the world. Plus, last year, construction of the world’s single largest wind farm was completed off the coast of Yorkshire.

At the same time, Drax – Britain’s biggest power plant – has started to switch from burning coal to burning compressed wooden pellets instead, reflecting the UK's progress as it keeps breaking its coal-free energy record again across the grid. By this time next year, the plant hopes to have phased out coal entirely.

So far this year, renewables have generated more power than all fossil fuels put together, the BBC reports, and the energy dashboard shows the current mix in real time. Renewables have been responsible for 37 per cent of electricity supplied to the network, with wind and solar surpassing nuclear for the first time, while fossil fuels have accounted for 35 per cent. During the same period, nuclear accounted for 18 per cent and imports made up the remaining 10 per cent.

What does this mean for consumers?

As the country’s electricity supply moves more towards renewables, customers have more choice than ever before. Most of the ‘Big Six’ energy companies now have tariffs that offer 100 per cent green electricity. On top of this, specialist green energy suppliers such as Bulb, Octopus and Green Energy UK make it easier than ever to find a green energy tariff.

The good news is that our energy comparison research suggests that green energy doesn’t have to cost you more than a traditional fixed-price energy contract would. In fact, some of the cheapest energy suppliers are actually green companies.

At present, energy bills are at three-year lows, which means that now is the perfect time to switch supplier. As prices remain low and renewables begin to dominate the marketplace, more switchers will be drawn to green energy deals than ever before.

However, if you’re interested in choosing a green energy supplier, make sure that you look at the company's fuel mix. This way, you’ll be able to see whether they are guaranteeing the usage of green energy, or whether they’re just offsetting your usage. All suppliers must report how their energy is generated to Ofgem, so you’ll easily be able to compare providers.

You may find that you pay more for a supplier that generates its own energy from renewables, or pay less if the supplier simply matches your usage by buying green energy. You can decide which option is right for you after comparing the prices.

Related News

• Electricity Forum News

• Power Generation News

Infrastructure Security Algorithm prioritizes cyber defense for power grids and critical infrastructure, mitigating ransomware, blackout risks, and cascading failures by guiding utilities, regulators, and cyber insurers on optimal security investment allocation.

Key Points

An algorithm that optimizes security spending to cut ransomware and blackout risks across critical infrastructure.

✅ Guides utilities on optimal security allocation

✅ Uses incentives to correct human risk biases

✅ Prioritizes assets to prevent cascading outages

Millions of people could suddenly lose electricity if a ransomware attack just slightly tweaked energy flow onto the U.S. power grid, as past US utility intrusions have shown.

No single power utility company has enough resources to protect the entire grid, but maybe all 3,000 of the grid's utilities could fill in the most crucial security gaps if there were a map showing where to prioritize their security investments.

Purdue University researchers have developed an algorithm to create that map. Using this tool, regulatory authorities or cyber insurance companies could establish a framework for protecting the U.S. power grid that guides the security investments of power utility companies to parts of the grid at greatest risk of causing a blackout if hacked.

Power grids are a type of critical infrastructure, which is any network - whether physical like water systems or virtual like health care record keeping - considered essential to a country's function and safety. The biggest ransomware attacks in history have happened in the past year, affecting most sectors of critical infrastructure in the U.S. such as grain distribution systems in the food and agriculture sector and the Colonial Pipeline, which carries fuel throughout the East Coast, prompting increased military preparation for grid hacks in the U.S.

With this trend in mind, Purdue researchers evaluated the algorithm in the context of various types of critical infrastructure in addition to the power sector, including electricity-sector IoT devices that interface with grid operations. The goal is that the algorithm would help secure any large and complex infrastructure system against cyberattacks.

"Multiple companies own different parts of infrastructure. When ransomware hits, it affects lots of different pieces of technology owned by different providers, so that's what makes ransomware a problem at the state, national and even global level," said Saurabh Bagchi, a professor in the Elmore Family School of Electrical and Computer Engineering and Center for Education and Research in Information Assurance and Security at Purdue. "When you are investing security money on large-scale infrastructures, bad investment decisions can mean your power grid goes out, or your telecommunications network goes out for a few days."

Protecting infrastructure from hacks by improving security investment decisions

The researchers tested the algorithm in simulations of previously reported hacks to four infrastructure systems: a smart grid, industrial control system, e-commerce platform and web-based telecommunications network. They found that use of this algorithm results in the most optimal allocation of security investments for reducing the impact of a cyberattack.

The team's findings appear in a paper presented at this year's IEEE Symposium on Security and Privacy, the premier conference in the area of computer security. The team comprises Purdue professors Shreyas Sundaram and Timothy Cason and former PhD students Mustafa Abdallah and Daniel Woods.

"No one has an infinite security budget. You must decide how much to invest in each of your assets so that you gain a bump in the security of the overall system," Bagchi said.

The power grid, for example, is so interconnected that the security decisions of one power utility company can greatly impact the operations of other electrical plants. If the computers controlling one area's generators don't have adequate security protection, as seen when Russian hackers accessed control rooms at U.S. utilities, then a hack to those computers would disrupt energy flow to another area's generators, forcing them to shut down.

Since not all of the grid's utilities have the same security budget, it can be hard to ensure that critical points of entry to the grid's controls get the most investment in security protection.

The algorithm that Purdue researchers developed would incentivize each security decision maker to allocate security investments in a way that limits the cumulative damage a ransomware attack could cause. An attack on a single generator, for instance, would have less impact than an attack on the controls for a network of generators, which sophisticated grid-disruption malware can target at scale, rather than for the protection of a single generator.

Building an algorithm that considers the effects of human behavior

Bagchi's research shows how to increase cybersecurity in ways that address the interconnected nature of critical infrastructure but don't require an overhaul of the entire infrastructure system to be implemented.

As director of Purdue's Center for Resilient Infrastructures, Systems, and Processes, Bagchi has worked with the U.S. Department of Defense, Northrop Grumman Corp., Intel Corp., Adobe Inc., Google LLC and IBM Corp. on adopting solutions from his research. Bagchi's work has revealed the advantages of establishing an automatic response to attacks, and analyses like Symantec's Dragonfly report highlight energy-sector risks, leading to key innovations against ransomware threats, such as more effective ways to make decisions about backing up data.

There's a compelling reason why incentivizing good security decisions would work, Bagchi said. He and his team designed the algorithm based on findings from the field of behavioral economics, which studies how people make decisions with money.

"Before our work, not much computer security research had been done on how behaviors and biases affect the best defense mechanisms in a system. That's partly because humans are terrible at evaluating risk and an algorithm doesn't have any human biases," Bagchi said. "But for any system of reasonable complexity, decisions about security investments are almost always made with humans in the loop. For our algorithm, we explicitly consider the fact that different participants in an infrastructure system have different biases."

To develop the algorithm, Bagchi's team started by playing a game. They ran a series of experiments analyzing how groups of students chose to protect fake assets with fake investments. As in past studies in behavioral economics, they found that most study participants guessed poorly which assets were the most valuable and should be protected from security attacks. Most study participants also tended to spread out their investments instead of allocating them to one asset even when they were told which asset is the most vulnerable to an attack.

Using these findings, the researchers designed an algorithm that could work two ways: Either security decision makers pay a tax or fine when they make decisions that are less than optimal for the overall security of the system, or security decision makers receive a payment for investing in the most optimal manner.

"Right now, fines are levied as a reactive measure if there is a security incident. Fines or taxes don't have any relationship to the security investments or data of the different operators in critical infrastructure," Bagchi said.

In the researchers' simulations of real-world infrastructure systems, the algorithm successfully minimized the likelihood of losing assets to an attack that would decrease the overall security of the infrastructure system.

Bagchi's research group is working to make the algorithm more scalable and able to adapt to an attacker who may make multiple attempts to hack into a system. The researchers' work on the algorithm is funded by the National Science Foundation, the Wabash Heartland Innovation Network and the Army Research Lab.

Cybersecurity is an area of focus through Purdue's Next Moves, a set of initiatives that works to address some of the greatest technology challenges facing the U.S. Purdue's cybersecurity experts offer insights and assistance to improve the protection of power plants, electrical grids and other critical infrastructure.

Related News

• Electricity Forum News

• Grid Technologies News