Solar thermal plant buoys investors

Labrador Island Link Reliability faces scrutiny as Nalcor Energy and General Electric address software issues; Liberty Consulting warns of Holyrood risks, winter outages, grid stability concerns, and PUB oversight for Newfoundland and Labrador.

Key Points

It is the expected dependability of the link this winter, currently uncertain due to GE software and Holyrood risks.

✅ GE software delays may hinder reliable in-service by mid-November.

✅ Holyrood performance issues increase winter outage risk.

✅ PUB directs Hydro to plan contingencies and improve assets.

An independent consultant is questioning if the brand new Labrador Island link can be counted on to supply power to Newfoundland this coming winter.

In June, Nalcor Energy confirmed it had successfully sent power from Churchill Falls to the Avalon Peninsula through its more than 1500-kilometre link, but now the Liberty Consulting Group says it doesn't expect the link will be up and running consistently this winter.

"What we have learned supports a conclusion that the Labrador Island Link is unlikely to be reliably in commercial operation at the start of the winter," says the report dated Aug. 30, 2018.

The link relies on software provided by General Electric but Liberty says there are lingering questions about GE's ability to ensure the necessary software will be in place this fall.

"At an August meeting, company representatives did not express confidence in GE's ability to meet an in-service date for the Labrador Island Link of mid-November," says the report.

Liberty also says testing the link for a brief period this spring and fall doesn't demonstrate long-term reliability.

"The link will remain prone to the uncertainties any new major facility faces early in its operating life, especially one involving technology new to the operating company," according to the report.

Holyrood trouble

The report goes on to say island residents should also be worried about the reliability of the troubled Holyrood facility — a facility that's important when demand for energy is high during winter months.

Liberty says "poor performance at the Holyrood thermal generating station increases the risk of outages considerably."

The group's report concludes the deteriorating condition of Holyrood is a major threat to the island's power supply and Liberty says that threat "could produce very severe consequences when the Labrador Island Link is unavailable."

The consultant says questions about the Labrador Island Link's readiness combined with concerns about the reliability of Holyrood may mean power outages, and for vulnerable customers, debates over hydro disconnections policies often intensify during winter.

"This all suggests that, for at least part of this winter, the island interconnected system may be at the mercy of the weather, where severe events can test utilities' storm response efforts further."

The consultant's report also includes five recommendations to the PUB, reflecting the kind of focused nuclear alert investigation follow-up seen elsewhere.

In essence, Liberty is calling for the board to direct Newfoundland and Labrador Hydro to make plans for the possibility that the link won't be available this winter. It's also calling on hydro to do more to improve the reliability of its other assets, such as Holyrood, as some operators have even contemplated locking down key staff to maintain operations during crises.

Response to Liberty's report

Nalcor CEO Stan Marshall defended the Crown corporation's winter preparedness in an email statement to CBC.

"The right level of planning and investment has been made for our existing equipment so we can continue to meet all of our customer electricity needs for this coming winter season," he wrote.

Regarding the Labrador Island Link, Marshall called for patience.

"This is new technology for our province and integrating the new transmission assets into our current electricity system is complex work that takes time," he said.

There is also a more detailed response from Newfoundland and Labrador Hydro which was sent to the province's Public Utiltiies Board.

Hydro says it will keep testing the Labrador Island Link and increasing the megawatts that are wheeled through it. It also says in October it will begin to give the PUB regular reports on the link's anticipated in-service date.

Related News

• Electricity Forum News

• Power Generation News

Canada Critical Infrastructure Cyber Risks include state-sponsored actors probing the electricity grid and ICS/OT, ransomware on utilities, and espionage targeting smart cities, medical devices, and energy networks, pre-positioning for disruptive operations.

Key Points

Nation-state and criminal cyber risks to Canada's power, water, and OT/ICS, aiming to disrupt, steal data, or extort.

✅ State-sponsored probing of power grid and utilities

✅ OT/ICS exposure grows as systems connect to IT networks

✅ Ransomware, espionage, and pre-positioning for disruption

State-sponsored actors are "very likely" trying to shore up their cyber capabilities to attack Canada's critical infrastructure — such as the electricity supply, as underscored by the IEA net-zero electricity report indicating rising demand for clean power, to intimidate or to prepare for future online assaults, a new intelligence assessment warns.

"As physical infrastructure and processes continue to be connected to the internet, cyber threat activity has followed, leading to increasing risk to the functioning of machinery and the safety of Canadians," says a new national cyber threat assessment drafted by the Communications Security Establishment.

"We judge that state-sponsored actors are very likely attempting to develop the additional cyber capabilities required to disrupt the supply of electricity in Canada, even as cleaning up Canada's electricity remains critical for climate goals."

Today's report — the second from the agency's Canadian Centre for Cyber Security wing — looks at the major cyber threats to Canadians' physical safety and economic security.

The CSE does say in the report that while it's unlikely cyber threat actors would intentionally disrupt critical infrastructure — such as water and electricity supplies — to cause major damage or loss of life, they would target critical organizations "to collect information, pre-position for future activities, or as a form of intimidation."

The report said Russia-associated actors probed the networks of electricity utilities in the U.S. and Canada last year and Chinese state-sponsored cyber threat actors have targeted U.S. utility employees. Other countries have seen their industrial control systems targeted by Iranian hacking groups and North Korean malware was found in the IT networks of an Indian power plant, it said.

The threat grows as more critical infrastructure goes high-tech.

In the past, the operational technology (OT) used to control dams, boilers, electricity and pipeline operations has been largely immune to cyberattacks — but that's changing as manufacturers incorporate newer information technology in their systems and products and as the race to net-zero drives grid modernization, says the report.

That technology might make things easier and lower costs for utilities already facing debates over electricity prices in Alberta amid affordability concerns, but it comes with risks, said Scott Jones, the head of the cyber centre.

"So that means now it is a target, it is accessible and it's vulnerable. So what you could see is shutting off of transmission lines, you can see them opening circuit breakers, meaning electricity simply won't flow to our homes to our business," he told reporters Wednesday.

While the probability of such attacks remains low, Jones said the goal of Wednesday's briefing is to send out the early warnings.

"We're not trying to scare people. We're certainly not trying to scare people into going off grid by building a cabin in the woods. We're here to say, 'Let's tackle these now while they're still paper, while they're still a threat we're writing down.'"

Steve Waterhouse, a former cybersecurity officer for the Department of National Defence who now teaches at Université de Sherbrooke, said a saving grace for Canada could be the makeup of its electrical systems.

"Since in Canada, they're very centralized, it's easier to defend, and debates about bridging Alberta and B.C. electricity aim to strengthen resilience, while down in the States, they have multiple companies all around the place. So the weakest link is very hard to identify where it is, but the effect is a cascading effect across the country ... And it could impact Canada, just like we saw in the big Northeastern power outage, the blackout of 2003," he said.

"So that goes to say, we have to be prepared. And I believe most energy companies have been taking extra measures to protect and defend against these type of attacks, even as Canada points to nationwide climate success in electricity to meet emissions goals."

In the future, attacks targeting so-called smart cities and internet-connected devices, such as personal medical devices, could also put Canadians at risk, says the report. 

Earlier this year, for example, Health Canada warned the public that medical devices containing a particular Bluetooth chip — including pacemakers, blood glucose monitors and insulin pumps — are vulnerable to cyber attacks that could crash them.

The foreign signals intelligence agency also says that while state-sponsored programs in China, Russia, Iran and North Korea "almost certainly" pose the greatest state-sponsored cyber threats to Canadian individuals and organizations, many other states are rapidly developing their own cyber programs.

Waterhouse said he was glad to see the government agency call out the countries by name, representing a shift in approach in recent years.

"To tackle on and be ready to face a cyber-attack, you have to know your enemy," he said.

"You have to know what's vulnerable inside of your organization. You have to know how ... vulnerable it is against the threats that are out there."

Commercial espionage continues
State-sponsored actors will also continue their commercial espionage campaigns against Canadian businesses, academia and governments — even as calls to make Canada a post-COVID manufacturing hub grow — to steal Canadian intellectual property and proprietary information, says the CSE.

"We assess that these threat actors will almost certainly continue attempting to steal intellectual property related to combating COVID-19 to support their own domestic public health responses or to profit from its illegal reproduction by their own firms," says the "key judgments" section of the report.

"The threat of cyber espionage is almost certainly higher for Canadian organizations that operate abroad or work directly with foreign state-owned enterprises."

The CSE says such commercial espionage is happening already across multiple fields, including aviation, technology and AI, energy and biopharmaceuticals.

While state-sponsored cyber activity tends to offer the most sophisticated threats, CSE said that cybercrime continues to be the threat most likely to directly affect Canadians and Canadian organizations, through vectors like online scams and malware.

"We judge that ransomware directed against Canada will almost certainly continue to target large enterprises and critical infrastructure providers. These entities cannot tolerate sustained disruptions and are willing to pay up to millions of dollars to quickly restore their operations," says the report.

Cybercrime becoming more sophisticated 
According to the Canadian Anti-Fraud Centre, Canadians lost over $43 million to cybercrime last year. The CSE reported earlier this year that online thieves have been using the COVID-19 pandemic to trick Canadians into forking over their money — through scams like a phishing campaign that claimed to offer access to a Canada Emergency Response Benefit payment in exchange for the target's personal financial details.

Online foreign influence activities — a dominant theme in the CSE's last threat assessment briefing — continue and constitute "a new normal" in international affairs as adversaries seek to influence domestic and international political events, says the agency.

"We assess that, relative to some other countries, Canadians are lower-priority targets for online foreign influence activity," it said.

"However, Canada's media ecosystem is closely intertwined with that of the United States and other allies, which means that when their populations are targeted, Canadians become exposed to online influence as a type of collateral damage."

According to the agency's own definition, "almost certainly" means it is nearly 100 per cent certain in its analysis, while "very likely" means it is 80-90 per cent certain of its conclusions. The CSE says its analysis is based off of a mix of confidential and non-confidential intelligence and sources. 

Related News

• Electricity Forum News

• Climate Change News

North Carolina Utility Arrears Crisis strains households and municipal budgets as COVID-19 cuts jobs; unpaid utility bills mount, shutoffs loom, and emergency aid, unemployment benefits, and CARES Act relief lag behind rising arrears across cities.

Key Points

A COVID-19 driven spike in unpaid utility bills, threatening households and municipal budgets as federal aid lapses.

✅ 1 million families behind on power, water, sewage bills

✅ $218M arrears accrued April to June, double last year

✅ Municipal utilities face shutoffs, budget shortfalls

As many as 1 million families in North Carolina have fallen behind on their electric, water and sewage bills, a sign of energy insecurity threatening residents and their cities with severe financial hardship unless federal lawmakers act to approve more emergency aid.

The trouble stems from the widespread economic havoc wrought by the coronavirus, which has left millions of workers out of a job and struggling to cover their monthly costs as some states moved to suspend utility shut-offs to provide relief. Together, they’ve been late or missed a total of $218 million in utility payments between April 1 and the end of June, according to data released recently by the state, nearly double the amount in arrears at this time last year.

In some cases, cities that own or operate their own utilities have been forced to absorb these losses, as some utilities reconnected customers to prevent harm, creating a dire situation in which the government’s attempt to save people from the financial brink instead has pushed municipal coffers to their own breaking point.

In Elizabeth City, N.C., for example, about 2,500 residents haven’t paid their electric bills on time, according to Richard Olson, the city manager. The late payments at one point proved so problematic that Olson said he calculated Elizabeth City wouldn’t have enough money to pay for its expenses in July. In response, city leaders requested and obtained a waiver from a statewide order, similar to New York’s disconnection moratorium, issued in March, that protects people from being penalized for their past-due utility bills.

The predicament has presented unique budget challenges throughout North Carolina, while illustrating the consequences of a cash crunch plaguing the entire country, where proposals such as a Texas electricity market bailout surfaced following severe grid stress. State and federal leaders have extended a range of coronavirus relief programs since March to try to help people through the pandemic. But the money is limited and restricted — and it’s not clear whether more help from Congress is on the way — creating a crisis in which the nation’s economic woes are outpacing some of the aid programs adopted to combat them.

“We are entering a phase where the utilities [may] be able to shut off power, but what was propping up people’s economic lives, the unemployment benefits and Cares Act support, won’t be there,” said Paul Meyer, the executive director of the North Carolina League of Municipalities.

White House, GOP in disarray over coronavirus spending plan as deadline nears on expiring emergency aid

The future of that safety-net support — and other federal aid — hangs in the balance as lawmakers returned to work this week in their final sprint ahead of the August recess. The White House and congressional leaders are split over the contours of the next coronavirus relief package, including the need to extend more aid to cities and states as some utilities have waived fees to help customers, and reauthorize an extra $600 in weekly unemployment payments that were approved as part of the Cares Act in March.

Outside Washington, workers, businesses and government officials nationwide have pleaded with federal lawmakers to renew or expand those programs. Last week, Roy Cooper, the Democratic governor of North Carolina, urged Congress to act swiftly and adopt a wide array of new federal spending, including proposals for DOE nuclear cleanup funding, stressing in a letter that the “actions you take in the next few weeks are vital to our ability to emerge from this crisis. ”

Related News

• Electricity Forum News

• Energy Policy News

Coal-to-Clean Energy Hubs leverage Bipartisan Infrastructure Law and Inflation Reduction Act funding to repurpose mine lands with microgrids, advanced nuclear, carbon capture, and rare earth processing, boosting energy security, jobs, and grid modernization.

Key Points

They are federal projects converting coal communities and mine lands into clean energy hubs, repurposing infrastructure.

✅ DOE demos on mine lands: microgrids, nuclear, carbon capture.

✅ Funding from BIL, CHIPS and IRA targets energy communities.

✅ Rare earths from coal waste bolster EV supply chains.

The Biden administration is channeling hundreds of millions of dollars in clean energy funding from recent legislation into its efforts to turn coal communities into clean energy hubs, the White House said.

The administration gave an update on its push across agencies to kick-start projects nationwide with funding Congress approved during Biden’s first two years in office. The effort includes $450 million from the Bipartisan Infrastructure Law that the Department of Energy will allocate to an array of new clean energy demonstration projects on former mine lands.

“These projects could focus on a range of technologies from microgrids to advanced nuclear to power plans with carbon capture,” Energy Secretary Jennifer Granholm said on a call with reporters Monday. “They’ll prove out the potential to reactivate or repurpose existing infrastructure like transmission lines and substations across an aging U.S. power grid, and these projects could spur new economic development in these communities.”

Among the projects the White House highlighted, it said $16 million from the infrastructure law will go to the University of North Dakota and West Virginia University to create design studies for the first-ever full-scale refinery facility in the U.S. that could extract and separate rare earth elements and minerals from coal mine waste streams. The materials are critical for electric vehicle-battery components that are currently heavily sourced from outside the U.S.

“Those efforts will pave the way toward building a first of its kind facility that produces essential materials for solar panels, wind turbines, EVs and more while cleaning up polluted land and water and creating good-paying jobs for local workers,” Granholm said.

Biden created an interagency working group focused on revitalizing coal-power communities through federal investments when he took office. In 2021, the group selected 25 priority areas ranging from West Virginia to Wyoming to focus on development, as high natural gas prices strengthened the case for clean electricity. There are nearly 18,000 identified mine sites across 1.5 million acres in the United States, according to the White House.

The massive effort fits into a broader Biden administration push to both fight climate change and support communities that have lost economic activity during a transition away from fossil fuel sources such as coal. While Biden’s most ambitious clean energy plans fell flat in Congress in the face of opposition from Republicans and some Democrats after the previous administration’s power plant overhaul, three major laws still unlocked funding for his administration to deploy.

Many of the initiatives are made possible through the Bipartisan Infrastructure Law, Chips and Science Act and the Inflation Reduction Act, even without a clean electricity standard on the books. The task force aims to make sure communities most affected by the changing energy landscape are taking maximum advantage of the federal benefits.

“Those new and expanded operations are coming to energy communities and creating good paying jobs,” Biden’s senior advisor for clean energy innovation and implementation John Podesta said on the call. “These laws can provide substantial federal support to energy communities like capping abandoned oil and gas wells, extracting critical minerals, building battery factories and launching demonstration projects in carbon capture or green hydrogen.”

The administration touted the potential benefits of the Inflation Reduction Act, a bill passed by Democrats to spur clean energy investments last year, even as early assessments show mixed results to date. At the time, U.S. consumers were dealing with decades-high inflation fueled in part by an energy crisis and high gas prices that drove debate — a point Republicans emphasized as the plan moved through Congress.

Deputy Treasury Secretary Wally Adeyemo said the Inflation Reduction Act aims to both “lower the deficit, as well as promote our energy security, lowering energy costs for consumers and combatting climate change.”

“As the Treasury works to implement the law, we’re focused on ensuring that all Americans benefit from the growth of the clean energy economy, particularly those who live in communities that have been dependent on the energy sector for job for a long time,” Adeyemo told reporters. “Economic growth and productivity are higher when all communities are able to reach their full potential.”

Related News

• Electricity Forum News

• Energy Policy News

Colorado Wildfire Power Shutoffs reduce ignition risk through PSPS, grid safety protocols, data-driven forecasts, and emergency coordination, protecting communities, natural resources, and infrastructure during extreme fire weather fueled by drought and climate change.

Key Points

Planned PSPS outages cut power in high-risk areas to prevent ignitions, protect residents, and boost wildfire resilience.

✅ PSPS triggered by forecasts, fuel moisture, and fire danger indices.

✅ Utilities coordinate alerts, timelines, and critical facility support.

✅ Paired with forest management, education, and rapid response.

Colorado, known for its stunning landscapes and outdoor recreation, has implemented proactive measures to reduce the risk of wildfires by strategically shutting off power in high-risk areas, similar to PG&E wildfire shutoffs implemented in California during extreme conditions. This approach, while disruptive, aims to safeguard communities, protect natural resources, and mitigate the devastating impacts of wildfires that have become increasingly prevalent in the region.

The decision to initiate power outages as a preventative measure against wildfires underscores Colorado's commitment to proactive fire management and public safety, aligning with utility disaster planning practices that strengthen grid readiness. With climate change contributing to hotter and drier conditions, the state faces heightened wildfire risks, necessitating innovative strategies to minimize ignition sources and limit fire spread.

Utility companies, in collaboration with state and local authorities, identify areas at high risk of wildfire based on factors such as weather forecasts, fuel moisture levels, and historical fire data. When conditions reach critical thresholds, planned power outages, also known as Public Safety Power Shutoffs (PSPS), are implemented to reduce the likelihood of electrical equipment sparking wildfires during periods of extreme fire danger, particularly during windstorm-driven outages that elevate ignition risks.

While power outages are a necessary precautionary measure, they can pose challenges for residents, businesses, and essential services that rely on uninterrupted electricity, as seen when a North Seattle outage affected thousands last year. To mitigate disruptions, utility companies communicate outage schedules in advance, provide updates during outages, and coordinate with emergency services to ensure the safety and well-being of affected communities.

The implementation of PSPS is part of a broader strategy to enhance wildfire resilience in Colorado. In addition to reducing ignition risks from power lines, the state invests in forest management practices, wildfire prevention education, and emergency response capabilities, including continuity planning seen in the U.S. grid COVID-19 response, to prepare for and respond to wildfires effectively.

Furthermore, Colorado's approach to wildfire prevention highlights the importance of community preparedness and collaboration, and utilities across the region adopt measures like FortisAlberta precautions to sustain critical services during emergencies. Residents are encouraged to create defensible space around their properties, develop emergency evacuation plans, and stay informed about wildfire risks and response protocols. Community engagement plays a crucial role in building resilience and fostering a collective effort to protect lives, property, and natural habitats from wildfires.

The effectiveness of Colorado's proactive measures in mitigating wildfire risks relies on a balanced approach that considers both short-term safety measures and long-term fire prevention strategies. By integrating technology, data-driven decision-making, and community partnerships, the state aims to reduce the frequency and severity of wildfires while enhancing overall resilience to wildfire impacts.

Looking ahead, Colorado continues to refine its wildfire management practices in response to evolving environmental conditions and community needs, drawing on examples of localized readiness such as PG&E winter storm preparation to inform response planning. This includes ongoing investments in fire detection and monitoring systems, research into fire behavior and prevention strategies, and collaboration with neighboring states and federal agencies to coordinate wildfire response efforts.

In conclusion, Colorado's decision to implement power outages as a preventative measure against wildfires demonstrates proactive leadership in wildfire risk reduction and public safety. By prioritizing early intervention and community engagement, the state strives to safeguard vulnerable areas, minimize the impact of wildfires, and foster resilience in the face of increasing wildfire threats. As Colorado continues to innovate and adapt its wildfire management strategies, its efforts serve as a model for other regions grappling with the challenges posed by climate change and wildfire risks.

Related News

• Electricity Forum News

• Utility Operations News

Infrastructure Security Algorithm prioritizes cyber defense for power grids and critical infrastructure, mitigating ransomware, blackout risks, and cascading failures by guiding utilities, regulators, and cyber insurers on optimal security investment allocation.

Key Points

An algorithm that optimizes security spending to cut ransomware and blackout risks across critical infrastructure.

✅ Guides utilities on optimal security allocation

✅ Uses incentives to correct human risk biases

✅ Prioritizes assets to prevent cascading outages

Millions of people could suddenly lose electricity if a ransomware attack just slightly tweaked energy flow onto the U.S. power grid, as past US utility intrusions have shown.

No single power utility company has enough resources to protect the entire grid, but maybe all 3,000 of the grid's utilities could fill in the most crucial security gaps if there were a map showing where to prioritize their security investments.

Purdue University researchers have developed an algorithm to create that map. Using this tool, regulatory authorities or cyber insurance companies could establish a framework for protecting the U.S. power grid that guides the security investments of power utility companies to parts of the grid at greatest risk of causing a blackout if hacked.

Power grids are a type of critical infrastructure, which is any network - whether physical like water systems or virtual like health care record keeping - considered essential to a country's function and safety. The biggest ransomware attacks in history have happened in the past year, affecting most sectors of critical infrastructure in the U.S. such as grain distribution systems in the food and agriculture sector and the Colonial Pipeline, which carries fuel throughout the East Coast, prompting increased military preparation for grid hacks in the U.S.

With this trend in mind, Purdue researchers evaluated the algorithm in the context of various types of critical infrastructure in addition to the power sector, including electricity-sector IoT devices that interface with grid operations. The goal is that the algorithm would help secure any large and complex infrastructure system against cyberattacks.

"Multiple companies own different parts of infrastructure. When ransomware hits, it affects lots of different pieces of technology owned by different providers, so that's what makes ransomware a problem at the state, national and even global level," said Saurabh Bagchi, a professor in the Elmore Family School of Electrical and Computer Engineering and Center for Education and Research in Information Assurance and Security at Purdue. "When you are investing security money on large-scale infrastructures, bad investment decisions can mean your power grid goes out, or your telecommunications network goes out for a few days."

Protecting infrastructure from hacks by improving security investment decisions

The researchers tested the algorithm in simulations of previously reported hacks to four infrastructure systems: a smart grid, industrial control system, e-commerce platform and web-based telecommunications network. They found that use of this algorithm results in the most optimal allocation of security investments for reducing the impact of a cyberattack.

The team's findings appear in a paper presented at this year's IEEE Symposium on Security and Privacy, the premier conference in the area of computer security. The team comprises Purdue professors Shreyas Sundaram and Timothy Cason and former PhD students Mustafa Abdallah and Daniel Woods.

"No one has an infinite security budget. You must decide how much to invest in each of your assets so that you gain a bump in the security of the overall system," Bagchi said.

The power grid, for example, is so interconnected that the security decisions of one power utility company can greatly impact the operations of other electrical plants. If the computers controlling one area's generators don't have adequate security protection, as seen when Russian hackers accessed control rooms at U.S. utilities, then a hack to those computers would disrupt energy flow to another area's generators, forcing them to shut down.

Since not all of the grid's utilities have the same security budget, it can be hard to ensure that critical points of entry to the grid's controls get the most investment in security protection.

The algorithm that Purdue researchers developed would incentivize each security decision maker to allocate security investments in a way that limits the cumulative damage a ransomware attack could cause. An attack on a single generator, for instance, would have less impact than an attack on the controls for a network of generators, which sophisticated grid-disruption malware can target at scale, rather than for the protection of a single generator.

Building an algorithm that considers the effects of human behavior

Bagchi's research shows how to increase cybersecurity in ways that address the interconnected nature of critical infrastructure but don't require an overhaul of the entire infrastructure system to be implemented.

As director of Purdue's Center for Resilient Infrastructures, Systems, and Processes, Bagchi has worked with the U.S. Department of Defense, Northrop Grumman Corp., Intel Corp., Adobe Inc., Google LLC and IBM Corp. on adopting solutions from his research. Bagchi's work has revealed the advantages of establishing an automatic response to attacks, and analyses like Symantec's Dragonfly report highlight energy-sector risks, leading to key innovations against ransomware threats, such as more effective ways to make decisions about backing up data.

There's a compelling reason why incentivizing good security decisions would work, Bagchi said. He and his team designed the algorithm based on findings from the field of behavioral economics, which studies how people make decisions with money.

"Before our work, not much computer security research had been done on how behaviors and biases affect the best defense mechanisms in a system. That's partly because humans are terrible at evaluating risk and an algorithm doesn't have any human biases," Bagchi said. "But for any system of reasonable complexity, decisions about security investments are almost always made with humans in the loop. For our algorithm, we explicitly consider the fact that different participants in an infrastructure system have different biases."

To develop the algorithm, Bagchi's team started by playing a game. They ran a series of experiments analyzing how groups of students chose to protect fake assets with fake investments. As in past studies in behavioral economics, they found that most study participants guessed poorly which assets were the most valuable and should be protected from security attacks. Most study participants also tended to spread out their investments instead of allocating them to one asset even when they were told which asset is the most vulnerable to an attack.

Using these findings, the researchers designed an algorithm that could work two ways: Either security decision makers pay a tax or fine when they make decisions that are less than optimal for the overall security of the system, or security decision makers receive a payment for investing in the most optimal manner.

"Right now, fines are levied as a reactive measure if there is a security incident. Fines or taxes don't have any relationship to the security investments or data of the different operators in critical infrastructure," Bagchi said.

In the researchers' simulations of real-world infrastructure systems, the algorithm successfully minimized the likelihood of losing assets to an attack that would decrease the overall security of the infrastructure system.

Bagchi's research group is working to make the algorithm more scalable and able to adapt to an attacker who may make multiple attempts to hack into a system. The researchers' work on the algorithm is funded by the National Science Foundation, the Wabash Heartland Innovation Network and the Army Research Lab.

Cybersecurity is an area of focus through Purdue's Next Moves, a set of initiatives that works to address some of the greatest technology challenges facing the U.S. Purdue's cybersecurity experts offer insights and assistance to improve the protection of power plants, electrical grids and other critical infrastructure.

Related News

• Electricity Forum News

• Grid Technologies News