Power of blockchain, unchained
Minnkota and the University of North Dakota are partnering to develop new technology to protect power facility control systems.
Imagine you’re driving down the interstate at the posted speed limit of 75 mph. Suddenly, your speedometer tells you you’re travelling at 55 mph. You don’t want to hold up traffic, so you increase your speed until that speedometer says 75 mph again.
Now you see red and blue flashing lights in your mirror. You’re going too fast and the authorities have caught you. You made a decision based on faulty dashboard information caused by a hacker, and now there are consequences.
This is the example Michael Mann uses to explain how malicious data manipulators can create devastating issues for a power generation facility.
“You may think that a hacker is going in and cranking up the generator itself, but they don’t have to,” explained Mann, professor and director of the Institute for Energy Studies at the University of North Dakota (UND). “It could simply be sending false signals, which makes you believe things are bad, and then you are actually the one that causes the adverse effect.”
This kind of attack is the reason why Mann and his research team hope to collaborate with Minnkota on a study of integrating blockchain technology into power plant control system security.
“UND proposed a unique idea. As soon as you hear the word ‘blockchain,’ interest is piqued,” said Dan Inman, Minnkota vice president and chief information security offier. “I initially couldn’t see how it would economically work for utilities because when people think of blockchain, they think of Bitcoin or other cryptocurrency.”
UND researchers laid out their plan. They would work with the control center team at the Milton R. Young Station near Center, N.D., to create a mock-up of how power data flows from point to point within a plant control system. Researchers would then apply blockchain technology to those simulated testbeds, using the data system of a real-world generation facility while maintaining the security integrity of Minnkota’s actual data.
In February, UND responded to a Department of Energy (DOE) proposal call that would award funding to research projects addressing power grid security – a focus born from recent large-scale cyberattacks in Ukraine that disrupted electric service to more than 200,000 consumers.
Mann assembled the interdisciplinary team of Hossein Salehfar (electrical engineering/power systems) and Jun Liu (computer science) knowing UND had a perfect environment to tackle this global challenge.
“Sometimes universities are doing esoteric work that is interesting to the researcher, but without a lot of applicable value. Our researchers want to make it realistic and have applications, in this case to the electric utility industry,” Mann said. “We reached out to Minnkota thinking this would be a great project for them – partnering with UND so we can meet the DOE’s goal, but also the goals of Minnkota and of the state.”
Minnkota’s Gerry Pfau, senior manager of project development at the Young Station, admits that he, like others approached at the ideation of this partnership, thought more of blockchain as security for transactions – not for general data protection.
“It surprised me, all of the ways it can be used in different industries,” Pfau said.
From supply chain management of produce at Walmart to high-value cargo tracking at FedEx, more and more businesses are examining how they can leverage the principles of blockchain to become more efficient and secure.
But what is blockchain? It can be a confusing concept.
Simply described, blockchain is a “decentralized digital ledger.” The content of every node (data holder) within that ledger is shared with a cluster of other computers, so all the computer points in the system can own and verify the data at once. If someone from outside that “chain” tries to manipulate the data, they must manipulate it at every point in the system at the same time – virtually impossible to pull off unnoticed.
UND’s Salehfar explains that in the case of a power facility, data sent to different plants or sub operations through the utility would be replicated and distributed across the system.
“If somebody hacks into the system, they’ll probably have access to one of the nodes of the distributed system, yet there are still many other locations where your data is untouched, giving you the security you need,” he said. “That’s what this project is about – to work with Minnkota to look at some of the ways they control different distributive resources, and how we can make sure that all of this data that is going back and forth is secured and private.”
Future of security
Although Minnkota already has multiple layers of security to keep threats out of the system, Inman acknowledged that the world of cybersecurity is constantly evolving.
“Nothing is 100%,” he said, “and we’re just a little co-op, trying to protect ourselves from state-sponsored hackers. If we can see some advantages in implementing new practices, cost-effectively, and add more layers of security without giving up anything, that’s a win-win for everybody.”
“Our control system is vital for the operation of the plant. We can’t do what we do without it,” Pfau added. “To have the possibility of something that will protect us if someone did break into the network – that would give us a warning and we could lock them out – could be critical to the plant’s success.
If the DOE accepts UND’s funding proposal this summer, research could begin as soon as September 2019. The team knows that its work will only be the beginning of a multiyear journey to implement blockchain security into utilities like Minnkota. From there, they won’t set the cruise control at 55 mph – this kind of innovation is going places, fast.
“The ultimate goal is really much more than what this project is going to be. It’s on a wide scale because it’s a technology that can be applied to so many areas of utilities,” Salehfar assessed, adding that industry trends are moving toward more direct customer interaction, which involves a broad and sophisticated data system. “It’s going to take some years of research to come to that. This is a first step that will help utilities, internally, make their operations secure.”