Researchers at Iowa State University and the University of Illinois at Urbana-Champaign are leading a new effort to improve the cybersecurity of the electrical grid in nine Midwestern states, as part of a program supported by the National Security Agency.
The Regional Coalition for Critical Infrastructure Protection — also known as ReCIPE — plan to spend two years using a $2 million grant developing attack simulations and training materials to better protect the rural region’s energy sector.
“Energy is the primary critical infrastructure,” said Doug Jacobson, an Iowa State professor of electrical and computer engineering, and the lead investigator for the ReCIPE group. “The Midwest has some challenges. There’s lots of distributed generation of power, and very widespread distribution of that.”
The ReCIPE coalition — which plans to look at facilities in Iowa, Illinois, Nebraska, Kansas, Minnesota, Wisconsin, Indiana, Michigan and Ohio — is funded by a grant from the NSA’s National Centers of Academic Excellence in Cybersecurity, which supports cyber-focused research at colleges and universities. In addition to academic researchers, Jacobson said the group will also get help from National Guard units, homeland security and emergency management agencies and electric utilities themselves.
Jacobson told StateScoop that protecting the Midwest’s energy infrastructure from cybercriminals and government-backed hackers is complex because the region depends on a mix of deep-pocketed corporate utilities and local cooperatives with limited resources to power a vast, mostly rural expanse.
“While an organization like MidAmerican [Energy Company]” — a Berkshire Hathaway-owned utility that serves two-thirds of Iowa and portions of three other states — “or one of these large multi-state providers have resources, a small utility does not,” he said. “You can cause a pretty major disruption.”
He also said that while he’s not aware of any cyberattacks that’ve taken out the Midwest’s electrical utilities, recent incidents affecting other components of the United States’ critical infrastructure serve as a stiff reminder.
“You look what happened to Colonial Pipeline,” he said. “Any of these infrastructures are potentially vulnerable.”
Jacobson said Iowa State and Illinois were picked to lead the new coalition because the two universities are home to test beds for cybersecurity research. Iowa State’s Center for Cybersecurity Innovation and Outreach, of which Jacobson serves as director, has researched and discovered vulnerabilities in commercial technology products and attempted to perfect new mitigation techniques. One of those strategies, he said, is a “moving target” defense, in which a network is built with dynamic configurations that shift constantly in an attempt to throw off attackers.
“Imagine all the computers running around aimlessly, so an attacker who goes in, two minutes from now they’re someplace else,” Jacobson said.
With the grant, the ReCIPE group will aim to scale up those activities, though Jacobson said he’ll know more after he meets with NSA officials in Washington.
“They’re an organization that expects results and reporting on those results,” he said. “The goal is a regional coalition. It’s going to be a very fun project.”