Provinces continue to back nuclear power

Infrastructure Security Algorithm prioritizes cyber defense for power grids and critical infrastructure, mitigating ransomware, blackout risks, and cascading failures by guiding utilities, regulators, and cyber insurers on optimal security investment allocation.

Key Points

An algorithm that optimizes security spending to cut ransomware and blackout risks across critical infrastructure.

✅ Guides utilities on optimal security allocation

✅ Uses incentives to correct human risk biases

✅ Prioritizes assets to prevent cascading outages

Millions of people could suddenly lose electricity if a ransomware attack just slightly tweaked energy flow onto the U.S. power grid, as past US utility intrusions have shown.

No single power utility company has enough resources to protect the entire grid, but maybe all 3,000 of the grid's utilities could fill in the most crucial security gaps if there were a map showing where to prioritize their security investments.

Purdue University researchers have developed an algorithm to create that map. Using this tool, regulatory authorities or cyber insurance companies could establish a framework for protecting the U.S. power grid that guides the security investments of power utility companies to parts of the grid at greatest risk of causing a blackout if hacked.

Power grids are a type of critical infrastructure, which is any network - whether physical like water systems or virtual like health care record keeping - considered essential to a country's function and safety. The biggest ransomware attacks in history have happened in the past year, affecting most sectors of critical infrastructure in the U.S. such as grain distribution systems in the food and agriculture sector and the Colonial Pipeline, which carries fuel throughout the East Coast, prompting increased military preparation for grid hacks in the U.S.

With this trend in mind, Purdue researchers evaluated the algorithm in the context of various types of critical infrastructure in addition to the power sector, including electricity-sector IoT devices that interface with grid operations. The goal is that the algorithm would help secure any large and complex infrastructure system against cyberattacks.

"Multiple companies own different parts of infrastructure. When ransomware hits, it affects lots of different pieces of technology owned by different providers, so that's what makes ransomware a problem at the state, national and even global level," said Saurabh Bagchi, a professor in the Elmore Family School of Electrical and Computer Engineering and Center for Education and Research in Information Assurance and Security at Purdue. "When you are investing security money on large-scale infrastructures, bad investment decisions can mean your power grid goes out, or your telecommunications network goes out for a few days."

Protecting infrastructure from hacks by improving security investment decisions

The researchers tested the algorithm in simulations of previously reported hacks to four infrastructure systems: a smart grid, industrial control system, e-commerce platform and web-based telecommunications network. They found that use of this algorithm results in the most optimal allocation of security investments for reducing the impact of a cyberattack.

The team's findings appear in a paper presented at this year's IEEE Symposium on Security and Privacy, the premier conference in the area of computer security. The team comprises Purdue professors Shreyas Sundaram and Timothy Cason and former PhD students Mustafa Abdallah and Daniel Woods.

"No one has an infinite security budget. You must decide how much to invest in each of your assets so that you gain a bump in the security of the overall system," Bagchi said.

The power grid, for example, is so interconnected that the security decisions of one power utility company can greatly impact the operations of other electrical plants. If the computers controlling one area's generators don't have adequate security protection, as seen when Russian hackers accessed control rooms at U.S. utilities, then a hack to those computers would disrupt energy flow to another area's generators, forcing them to shut down.

Since not all of the grid's utilities have the same security budget, it can be hard to ensure that critical points of entry to the grid's controls get the most investment in security protection.

The algorithm that Purdue researchers developed would incentivize each security decision maker to allocate security investments in a way that limits the cumulative damage a ransomware attack could cause. An attack on a single generator, for instance, would have less impact than an attack on the controls for a network of generators, which sophisticated grid-disruption malware can target at scale, rather than for the protection of a single generator.

Building an algorithm that considers the effects of human behavior

Bagchi's research shows how to increase cybersecurity in ways that address the interconnected nature of critical infrastructure but don't require an overhaul of the entire infrastructure system to be implemented.

As director of Purdue's Center for Resilient Infrastructures, Systems, and Processes, Bagchi has worked with the U.S. Department of Defense, Northrop Grumman Corp., Intel Corp., Adobe Inc., Google LLC and IBM Corp. on adopting solutions from his research. Bagchi's work has revealed the advantages of establishing an automatic response to attacks, and analyses like Symantec's Dragonfly report highlight energy-sector risks, leading to key innovations against ransomware threats, such as more effective ways to make decisions about backing up data.

There's a compelling reason why incentivizing good security decisions would work, Bagchi said. He and his team designed the algorithm based on findings from the field of behavioral economics, which studies how people make decisions with money.

"Before our work, not much computer security research had been done on how behaviors and biases affect the best defense mechanisms in a system. That's partly because humans are terrible at evaluating risk and an algorithm doesn't have any human biases," Bagchi said. "But for any system of reasonable complexity, decisions about security investments are almost always made with humans in the loop. For our algorithm, we explicitly consider the fact that different participants in an infrastructure system have different biases."

To develop the algorithm, Bagchi's team started by playing a game. They ran a series of experiments analyzing how groups of students chose to protect fake assets with fake investments. As in past studies in behavioral economics, they found that most study participants guessed poorly which assets were the most valuable and should be protected from security attacks. Most study participants also tended to spread out their investments instead of allocating them to one asset even when they were told which asset is the most vulnerable to an attack.

Using these findings, the researchers designed an algorithm that could work two ways: Either security decision makers pay a tax or fine when they make decisions that are less than optimal for the overall security of the system, or security decision makers receive a payment for investing in the most optimal manner.

"Right now, fines are levied as a reactive measure if there is a security incident. Fines or taxes don't have any relationship to the security investments or data of the different operators in critical infrastructure," Bagchi said.

In the researchers' simulations of real-world infrastructure systems, the algorithm successfully minimized the likelihood of losing assets to an attack that would decrease the overall security of the infrastructure system.

Bagchi's research group is working to make the algorithm more scalable and able to adapt to an attacker who may make multiple attempts to hack into a system. The researchers' work on the algorithm is funded by the National Science Foundation, the Wabash Heartland Innovation Network and the Army Research Lab.

Cybersecurity is an area of focus through Purdue's Next Moves, a set of initiatives that works to address some of the greatest technology challenges facing the U.S. Purdue's cybersecurity experts offer insights and assistance to improve the protection of power plants, electrical grids and other critical infrastructure.

Related News

• Electricity Forum News

• Grid Technologies News

Baltimore Substation Attack Plot highlights alleged neo-Nazi plans targeting electrical substations and the power grid, as FBI and DHS warn of domestic extremism threats to critical infrastructure, with arrests in Maryland disrupting potential sniper attacks.

Key Points

An alleged extremist plot to disable Baltimore's power grid by shooting substations, thwarted by federal arrests.

✅ Two suspects charged in Maryland conspiracy

✅ Targets included five substations around Baltimore

✅ FBI cites domestic extremism threat to infrastructure

A neo-Nazi in Florida and a Maryland woman conspired to attack several electrical substations in the Baltimore area, federal officials say.

Sarah Beth Clendaniel and Brandon Clint Russell were arrested and charged in a conspiracy to disable the power grid by shooting out substations via "sniper attacks," according to a criminal complaint from the U.S. Attorney's Office for the District of Maryland.

Clendaniel allegedly said she wanted to "completely destroy this whole city" and was planning to target five substations situated in a "ring" around Baltimore, the complaint said. Russell is part of a violent extremist group that has cells in multiple states, and he previously planned to attack critical infrastructure in Florida, the complaint said.

"This planned attack threatened lives and would have left thousands of Marylanders in the cold and dark," Maryland U.S. Attorney Erek Barron said in a press release. "We are united and committed to using every legal means necessary to disrupt violence, including hate-fueled attacks."

The news comes as concerns grow about an increase in targeted substation attacks on U.S. substations tied to domestic extremism.

What to know about substation attacks

Federal data shows vandalism and suspicious activities at electrical facilities soared nationwide last year, and cyber actors have accessed utilities' control rooms as well.

At the end of the year, attacks or potential attacks were reported on more than a dozen substations and one power plant across five states, and Symantec documented Russia-linked Dragonfly activity targeting the energy sector earlier. Several involved firearms.

In December, targeted attacks on substations in North Carolina left tens of thousands without power amid freezing temperatures, spurring renewed focus on protecting the U.S. power grid among officials. The FBI is investigating.

Vandalism at facilities in Washington left more than 21,000 without electricity on Christmas Day, even as hackers breached power-plant systems in other states. Two men were arrested, and one told police he planned to disrupt power to commit a burglary.

The Department of Homeland Security last year said domestic extremists had been developing "credible, specific plans" since at least 2020 and would continue to "encourage physical attacks against electrical infrastructure," and the U.S. government has condemned Russia for power grid hacking as well.

Last February, three neo-Nazis pleaded guilty to federal crimes related to a scheme to attack the grid with rifles, with each targeting a substation in a different region of the U.S., even as reports that Russians hacked into US electric utilities drew widespread attention.

Related News

• Electricity Forum News

• Grid Technologies News

Assault on Kyiv's Power Grid intensifies as missiles and drones strike critical energy infrastructure. Ukraine's air defenses intercept threats, yet blackouts, heating risks, and civilian systems damage mount amid escalating winter conditions.

Key Points

Missile and drone strikes on Kyiv's power grid to cripple infrastructure, cause blackouts, and pressure civilians.

✅ Targets power plants, substations, and transmission lines

✅ Air defenses intercept many missiles and drones

✅ Blackouts jeopardize heating, safety, and communications

In a troubling escalation of hostilities, Russian forces launched a relentless five-hour assault on Kyiv, employing missiles and drones to target critical infrastructure, particularly Ukraine's power grid. This attack not only highlights the ongoing conflict between Russia and Ukraine but also underscores the vulnerability of essential services, as seen in power outages in western Ukraine in recent weeks, in the face of military aggression.

The Nature of the Attack

The assault began early in the morning and continued for several hours, with air raid sirens ringing out across the capital as residents were urged to seek shelter. Eyewitnesses reported a barrage of missile strikes, along with the ominous whir of drones overhead. The Ukrainian military responded with its air defense systems, successfully intercepting a number of the incoming threats, but several strikes still managed to penetrate the defenses.

One of the most alarming aspects of this attack was its focus on Ukraine's energy infrastructure. Critical power facilities were hit, resulting in significant disruptions to electricity supply across Kyiv and surrounding regions. The attacks not only caused immediate outages but also threatened to complicate efforts to keep the lights on in the aftermath.

Impacts on Civilians and Infrastructure

The consequences of the missile and drone strikes were felt immediately by residents. Many found themselves without power, leading to disruptions in heating, lighting, and communications. With winter approaching, the implications of such outages become even more serious, as keeping the lights on this winter becomes harder while temperatures drop and the demand for heating increases.

Emergency services were quickly mobilized to assess the damage and begin repairs, but the scale of the attack posed significant challenges. In addition to the direct damage to power facilities, the strikes created a climate of fear and uncertainty among civilians, even as many explore new energy solutions to endure blackouts.

Strategic Objectives Behind the Assault

Military analysts suggest that targeting Ukraine's energy infrastructure is a calculated strategy by Russian forces. By crippling the power grid, the intention may be to sow chaos and undermine public morale, forcing the government to divert resources to emergency responses rather than frontline defenses. This tactic has been employed previously, with significant ramifications for civilian life and national stability.

Moreover, as winter approaches, the vulnerability of Ukraine’s energy systems becomes even more pronounced, with analysts warning that winter looms over the battlefront for civilians and troops alike. With many civilians relying on electric heating and other essential services, an attack on the power grid can have devastating effects on public health and safety. The psychological impact of such assaults can also contribute to a sense of hopelessness among the population, potentially influencing public sentiment regarding the war.

International Response and Solidarity

The international community has responded with concern to the recent escalation in attacks. Ukrainian officials have called for increased military support and defensive measures to protect critical infrastructure from future assaults, amid policy shifts such as the U.S. ending support for grid restoration that complicate planning. Many countries have expressed solidarity with Ukraine, reiterating their commitment to support the nation as it navigates the complexities of this ongoing conflict.

In addition to military assistance, humanitarian aid is also critical, and instances of solidarity such as Ukraine helping Spain amid blackouts demonstrate shared resilience. As the situation continues to evolve, many organizations are working to provide relief to those affected by the attacks, offering resources such as food, shelter, and medical assistance. The focus remains not only on immediate recovery efforts but also on long-term strategies to bolster Ukraine’s resilience against future attacks.

Related News

• Electricity Forum News

• Grid Technologies News

California Electricity Reserve Mandate requires 3.3 GW of new capacity to bolster grid reliability amid solar power volatility, peak demand, and wildfire-driven blackouts, as CPUC directs PG&E, Edison, and Sempra to procure resource adequacy.

Key Points

A CPUC order for utilities to add 3.3 GW of reserves, safeguarding grid reliability during variable renewables and peaks

✅ 3.3 GW procurement to meet resource adequacy targets

✅ Focus on grid reliability during peak evening demand

✅ Prioritizes renewables, storage; limits new fossil builds

As if California doesn’t have enough problems with its electric service, now state regulators warn the state may be short on power supplies by 2021 if utilities don’t start lining up new resources now.

In the hopes of heading off a shortfall as America goes electric, the California Public Utilities Commission has ordered the state’s electricity providers to secure 3.3 additional gigawatts of reserve supplies. That’s enough to power roughly 2.5 million homes. Half of it must be in place by 2021 and the rest by August 2023.

The move comes as California is already struggling to accommodate increasingly large amounts of solar power that regularly send electricity prices plunging below zero and force other generators offline so the region’s grid doesn’t overload. The state is also still reeling from a series of deliberate mass blackouts that utilities imposed last month to keep their power lines from sparking wildfires amid strong winds. And its largest power company, PG&E Corp., went bankrupt in January.

Now as natural gas-fired power plants retire under the state’s climate policies, officials are warning the state could run short on electricity on hot evenings, when solar production fades and commuters get home and crank up their air conditioners. “We have fewer resources that can be quickly turned on that can meet those peaks,” utilities commission member Liane Randolph said Thursday before the panel approved the order to beef up reserves.

The 3.3 gigawatts that utilities must line up is in addition to a state rule requiring them to sign contracts for 15% more electricity than they expect to need. Some critics question the need for added supplies, particularly after the state went on a plant-building boom in the 2000s.

But California’s grid managers say the risk of a shortfall is real and could be as high as 4.7 gigawatts, especially during heat waves that test the grid again. Mark Rothleder, with the California Independent System Operator, said the 15% cushion is a holdover from the days before big solar and wind farms made the grid more volatile. Now it may need to be increased, he said.

“We’re not in that world anymore,” said Rothleder, the operator’s vice president of state regulatory affairs. “The complexity of the system and the resources we have now are much different.”

The state’s three major utilities, PG&E, Edison International and Sempra Energy, will be largely responsible for securing new supplies. The commission banned fossil fuels from being used at any new power generators built to meet the requirement — though it left the door open for expansions at existing ones.

Some analysts argue California is exporting its energy policies to Western states, making electricity more costly and less reliable.

PG&E said in an emailed statement that it was pleased the commission didn’t adopt an earlier proposal to require 4 gigawatts of additional resources. Edison similarly said it was “supportive.” Sempra didn’t immediately respond with comment.

Extending Deadlines

The pending plant closures are being hastened by a 2020 deadline requiring California’s coastal generators to stop using aging seawater-cooling systems. Some gas-fired power plants have said they’ll simply close instead of installing costly new cooling systems. So the commission on Thursday also asked California water regulators to extend the deadline for five plants.

The Sierra Club, meanwhile, called on regulators to turn away from fossil fuels altogether, saying their decision Thursday “sets California back on its progress toward a clean energy future.”

The move to push back the deadline also faces opposition from neighboring towns. Redondo Beach Mayor Bill Brand, whose city is home to one of the plants in line for an extension, told the commission it wasn’t necessary, since California utilities already have plenty of electricity reserves.

“It’s just piling on to that reserve margin,” Brand said.

Related News

• Electricity Forum News

• Energy Policy News

France Nuclear Power Outages threaten the grid as EDF reactors undergo stress corrosion inspections, maintenance delays, and staff shortages, driving electricity imports, peak-demand curtailment plans, and potential rolling blackouts during a cold snap across Europe.

Key Points

EDF maintenance and stress corrosion cut reactor output, forcing imports and blackouts as cold weather lifts demand.

✅ EDF inspects stress corrosion cracks in reactor piping

✅ Maintenance backlogs and skilled labor shortages slow repairs

✅ Government plans demand cuts, imports, and rolling blackouts

France is bracing for possible power outages in the coming days as falling temperatures push up demand while state-controlled nuclear group EDF struggles to bring more production on line.

WHY CAN'T FRANCE MEET DEMAND?
France is one of the most nuclear-powered countries in the world, with a significant role of nuclear power in its energy mix, typically producing over 70% of its electricity with its fleet of 56 reactors and providing about 15% of Europe's total power through exports.

However, EDF (EDF.PA) has had to take a record number of its ageing reactors offline for maintenance this year just as Europe is struggling to cope with cuts in Russian natural gas supplies used for generating electricity, with electricity prices surging across the continent this year.

That has left France's nuclear output at a 30-year low, and mirrors how Europe is losing nuclear power more broadly, forcing France to import electricity and prepare plans for possible blackouts as a cold snap fuels demand for heating.

WHAT ARE EDF'S MAINTENANCE PROBLEMS?
While EDF normally has a number of its reactors offline for maintenance, it has had far more than usual this year due to what is known as stress corrosion on pipes in some reactors, and during heatwaves river temperature limits have constrained output further.

At the request of France's nuclear safety watchdog, EDF is in the process of inspecting and making repairs across its fleet since detecting cracks in the welding connecting pipes in one reactor at the end of last year.

Years of under-investment in the nuclear sector mean that there is precious little spare capacity to meet demand while reactors are offline for maintenance, and environmental constraints such as limits on energy output during high river temperatures reduce flexibility.

France also lacks specialised welders and other workers in sufficient numbers to be able to make repairs fast enough to get reactors back online.

WHAT IS BEING DONE?
In the very short term, after a summer when power markets hit records as plants buckled in heat, there is little that can be done to get more reactors online faster, leaving the government to plan for voluntary cuts at peak demand periods and limited forced blackouts.

In the very short term, there is little that can be done to get more reactors online faster, leaving the government to plan for voluntary cuts at peak demand periods and limited forced blackouts.

Meanwhile, EDF and others in the French nuclear industry are on a recruitment drive for the next generation of welders, pipe-fitters and boiler makers, going so far as to set up a new school to train them.

President Emmanuel Macron wants a new push in nuclear energy, even as a nuclear power dispute with Germany persists, and has committed to building six new reactors at a cost his government estimates at nearly 52 billion euros ($55 billion).

As a first step, the government is in the process of buying out EDF's minority shareholders and fully nationalising the debt-laden group, which it says is necessary to make the long-term investments in new reactors.
 

Related News

• Electricity Forum News

• Power Generation News

Iceland Bitcoin Mining Energy Shortage highlights surging cryptocurrency and blockchain data center electricity demand, as hydroelectric and geothermal power strain to cool servers, stabilize grid, and meet rapid mining farm growth amid Arctic-friendly conditions.

Key Points

Crypto mining data centers in Iceland are outpacing renewable power, straining the grid and exceeding residential electricity demand.

✅ Hydroelectric and geothermal capacity nearing allocation limits

✅ Cooling-friendly climate draws energy-hungry mining farms

✅ Grid planning and regulation lag rapid data center growth

The value of bitcoin may have stumbled in recent months, but in Iceland it has known only one direction so far: upward. The stunning success of cryptocurrencies around the globe has had a more unexpected repercussion on the island of 340,000 people: It could soon result in an energy shortage in the middle of the Atlantic Ocean.

As Iceland has become one of the world's prime locations for energy-hungry cryptocurrency servers — something analysts describe as a 21st-century gold-rush equivalent — the industry’s electricity demands have skyrocketed, too. For the first time, they now exceed Icelanders’ own private energy consumption, and energy producers fear that they won’t be able to keep up with rising demand if Iceland continues to attract new companies bidding on the success of cryptocurrencies, a concern echoed by policy moves like Russia's proposed mining ban amid electricity deficits.

Companies have flooded Iceland with requests to open new data centers to “mine” cryptocurrencies in recent months, even as concerns mount that the country may have to slow down investments amid an increasingly stretched electricity generation capacity, a dynamic seen in BC Hydro's suspension of new crypto connections in Canada.

“There was a lot of talk about data centers in Iceland about five years ago, but it was a slow start,” Johann Snorri Sigurbergsson, a spokesman for Icelandic energy producer HS Orka, told The Washington Post. “But six months ago, interest suddenly began to spike. And over the last three months, we have received about one call per day from foreign companies interested in setting up projects here.”

“If all these projects are realized, we won’t have enough energy for it,” Sigurbergsson said.

Every cryptocurrency in the world relies on a “blockchain” platform, which is needed to trade with digital currencies. Tracking and verifying a transaction on such a platform is like solving a puzzle because networks are often decentralized, and there is no single authority in charge of monitoring payments. As a result, a transaction involves an immense number of mathematical calculations, which in turn occupy vast computer server capacity. And that requires a lot of electricity, as analyses of bitcoin's energy use indicate worldwide.

The bitcoin rush may have come as a surprise to locals in sleepy Icelandic towns that are suddenly bustling with cryptocurrency technicians, but there’s a simple explanation. “The economics of bitcoin mining mean that most miners need access to reliable and very cheap power on the order of 2 or 3 cents per kilowatt hour. As a result, a lot are located near sources of hydro power, where it’s cheap,” Sam Hartnett, an associate at the nonprofit energy research and consulting group Rocky Mountain Institute, told the Washington Post.

Top financial regulators briefed a Senate panel on Feb. 6 about their work with cryptocurrencies like Bitcoin, and the risks to potential investors. (Reuters)

Located in the middle of the Atlantic Ocean and famous for its hot springs and mighty rivers, Iceland produces about 80 percent of its energy in hydroelectric power stations, compared with about 6 percent in the United States, and innovations such as underwater kites illustrate novel ways to harness marine energy. That and the cold climate make it a perfect location for new data-mining centers filled with servers in danger of overheating.

Those conditions have attracted scores of foreign companies to the remote location, including Germany's Genesis Mining, which moved to Iceland about three years ago. More have followed suit since then or are in the process of moving. 

While some analysts are already sensing a possible new revenue source for the country that is so far mostly known abroad as a tourist haven and low-budget airline hub, others are more concerned by a phenomenon that has so far mostly alarmed analysts because of its possible financial unsustainability, alongside issues such as clean energy's dirty secret that complicate the picture. Some predictions have concluded that cryptocurrency computer operations may account for “all of the world’s energy by 2020” or may already account for the equivalent of Denmark's energy needs. Those predictions are probably too alarmist, though. 

Most analysts agree that the real energy-consumption figure is likely smaller, and several experts recently told the Washington Post that bitcoin — currently the world's biggest cryptocurrency — used no more than 0.14 percent of the world’s generated electricity, as of last December. Even though global consumption may not be as significant as some have claimed, it still presents a worrisome drain for a tiny country such as Iceland, where consumption suddenly began to spike with almost no warning — and continues to grow fast.

Some networks are considering or have already pushed through changes to their protocols, designed to reduce energy use. But implementing such changes for the leading currency, bitcoin, won't be as easy because it is inherently decentralized. The companies that provide the vast amounts of computing power needed for these transactions earn a small share, comparable to a processing fee or a reward.

They are the source of the Icelandic bitcoin miners’ income — a revenue source that many Icelanders are still not quite sure what to make of, especially if the lights start flickering.

Related News

• Electricity Forum News

• Renewable Energy News