LONDON (Reuters) - Electricity supplies across Argentina, Uruguay and parts of Paraguay were blacked out for several hours on Sunday when the regional power grid suffered a cascading failure.
There is no suggestion that anything malicious caused the blackout; most likely it was an equipment failure.
But earlier at the weekend, the New York Times revealed the United States had hacked into Russia’s grid and was ready to carry out an offensive cyberattack (“U.S. escalates online attacks on Russia’s power grid”, NYT, June 15).
And before the 2015 nuclear deal with world powers, the United States had developed a plan, codenamed Nitro Zeus, to collapse Iran’s electricity system in the event of conflict, according to the New York Times.
The three stories illustrate the growing risks to power networks posed by control failures, solar storms and now hacking, whether by criminals, terrorists or state spying agencies.
Nearly every aspect of the modern economy depends on electricity from the grid, including space and water heating, lighting, water supplies, transportation and industrial processes.
Amory and L Hunter Lovins warned about the resulting economic and national security vulnerability almost 40 years ago (“Brittle power: energy strategy for national security”, 1982).
“Complex energy devices were built and linked together one by one without considering how vulnerable a system this process was creating,” they wrote. “A few people could probably black out most of the country.”
MULTIPLE RISK FACTORS
Even a small problem has the potential to trigger a cascading power failure that cuts electricity supply to millions of customers in minutes.
In August 2003, overgrown trees came into contact with power lines in the Cleveland-Akron area of Ohio and caused a cascading failure that blacked out the entire U.S. Northeast and neighbouring parts of Canada.
Computer system failures, poor control-room practice and inadequate planning meant local grid controllers lost situational awareness and reacted too slowly to the escalating problem.
As the local grid became progressively more unstable, power lines and stations went into automatic shutdown to protect themselves, sending unusual power flows surging into neighbouring areas.
The problem spread as safety systems detected unusual power flows wheeling across the grid and raced to disconnect transmission lines and power generation units.
At least 265 power plants, with more than 508 individual generating units, shut down - including 10 nuclear plants, which are designed to halt immediately if grid instability is detected.
(Control rods will drop into the core immediately to kill the nuclear reaction safely if the power plant senses any unusual activity on the neighbouring grid).
The events of August 2003 illustrate how even “trivial” problems can trigger a region-wide blackout if the grid is not managed properly (“Final report of the August 14, 2003 blackout”, U.S. Department of Energy, 2004).
Power grids are complex and tightly integrated systems where there is always the potential for failure at a single point, or just a few points simultaneously, to ripple across the network and cause cascading failure.
Massive, cascading failures have occurred repeatedly in North America as well as in South America, India and Indonesia over the last 50 years, sometimes affecting tens or hundreds of millions of people.
Electricity grids must balance various aspects of supply and demand on an instantaneous basis (including frequency, voltage, power and reactive power).
Control rooms manage the system conservatively, running constant scenario analysis to plan for a huge range of contingencies.
Consumption can usually be forecast reasonably accurately by statistical models, so the major short-term risks arise from equipment failure.
Grid controllers constantly plan for the sudden loss of the largest one (n-1) or two (n-2) generation and transmission assets on the grid.
Control room staff must have an updated plan for dealing with the next n-1 or n-2 contingencies at all times, usually by calling on reserve generation held on standby or by reducing demand.
In an emergency, voltage can be reduced, large customers can be asked to curb their consumption, or in the worst case, groups of users can be forcibly disconnected.
Grids must be managed with a good safety margin because most generation, transmission and distribution assets have safety cutouts that will cause them to shut down and disconnect automatically if they are at risk of overloading or otherwise operating outside safe limits.
The failure of one component (e.g. a single power plant or transmission line) can overload the rest of the system if not managed properly and cause cascading failure as more components automatically disconnect to protect themselves.
MORE EXOTIC THREATS
Grid managers must also prepare for more unusual risks, including solar storms, which have the potential to overload local transmission systems and fry transformers.
Geomagnetic storms have already caused blackouts in Quebec (1989) as well as South Africa and Sweden (2003).
Regulators fear a repeat of the much more massive solar storms that occurred in 1921 and 1859 (the “Carrington Event”), which disrupted telegraph systems and could cause extensive, difficult-to-repair damage to the grid.
Some large transformers could take six months or more to replace because they are highly customised and not kept in stock.
Risk managers must prepare for less exotic problems, including vandalism, sabotage and terrorism targeting transformers and power lines. Snipers attacked large transformer units in California in 2013.
Now regulators and grid managers must also contend with the threat of cyberattacks by hackers, extortionists, terrorists or spying agencies aimed at disrupting power flows.
Networks are inherently vulnerable to cyberattacks, since penetration at any one point can put the entire system at risk.
Electricity grids have been the focus of particular attention but communications systems, including telecoms and the internet, exhibit similar vulnerabilities.
The risks are heightened because these once-separate systems are increasingly converging to produce an even more complex and poorly understood system-of-systems.
Gas, electricity and water are already interlinked. Electricity is linked with manufacturing and transportation and will become more so with the adoption of electric vehicles.
But the “internet of things” and 5G telecom networks will result in an even tighter coupling of systems as more processes in homes, offices, factories and transport systems are remotely controlled via the internet.
Networks are set to become an important element of the future battlespace, which is why most major powers and even some minor ones are investing heavily in offensive and defensive capabilities.
So far, however, there is no agreement on how the normal conventions and laws of diplomacy and warfare will apply to networks.
COMMAND AND CONTROL
International law normally requires proportionality in conflict and attempts to draw a distinction between military and civilian targets.
But networks blur the distinction between military and civilian systems and there is no agreement on how seriously to treat network attacks compared with conventional attacks using kinetic and explosive weapons.
Once launched, a network attack may be hard to control, as it cascades across systems in ways that are hard to predict and may be difficult to limit.
Network attacks also raise difficult questions about the attribution of responsibility and proportionate retaliation, since many can be launched anonymously.
Network attacks may be especially suited for asymmetric warfare and terrorism, since they require far fewer resources than conventional and nuclear forces.
The bottom line is that networks are increasingly a source of vulnerability for civilian as well as military targets, with the possibility of widespread and long-lasting disruption.
John Kemp is a Reuters market analyst. The views expressed are his own.
- Time to be afraid: preparing for the next big solar storm (Reuters, July 2014)
- Snipers won’t blackout the U.S. power grid, but Sun may (Reuters, March 2014)
- U.S. orders power grid to prepare for solar storms (Reuters, February 2014)
- Protecting the power grid and GPS from solar storms (Reuters, April 2013)
Editing by Dale Hudson
Our Standards: The Thomson Reuters Trust Principles.