For daily functioning and commerce of the United States and any other country, electricity generation is necessary. The main compositions of a power grid include generating electricity by power plants, transmission and distribution lines, and systems transferring to end-users. Additionally, the wholesale power companies, private and public electricity forms are connected to the power grid. Most electric grids have high levels of reliability despite their vulnerability to failures due to operational, manufactured, or natural events. New and evolving cybersecurity threats face the bulk power system. These threats can directly focus on the electric grid or its critical infrastructure affecting the grid’s operations. The intrusions that manipulate the industrial control system (ICS) networks are the most common and greatest threats of the grid and lead to malware capable of causing damage and controlling some aspects of the functionality of the grid. Recently, the internet of things (IoT) has raised several concerns, including the launch of denial-of-service and many other threats by botnet malware. Therefore, a potential impairment or manipulated operation of electric power networks might result from similar attacks on IoT devices.
The most recent malware threats include triton, crush override, black energy2 and 3, and those from the IoT. The triton is a threat that intends high impact attacks with physical consequences without any financial shakedown and affecting the triconex safety instrumented (SIS) systems controllers. In other instances, the triton uses a remotely accesses Trojan to practice their malware targets. An attack on the transmission control center is caused by crash override malware (Ashok et al.,2017). It can access the power grid systems used for their internal communications, thus destroying the physical systems. Another similar threat was STUXNET that destroyed centrifuges for uranium enrichment. Additionally, the black energy software can gather information causing vulnerability in critical infrastructure firms.
Power plants have been proved to be vulnerable to security attacks, specifically cyberattacks. Several resources cause cyber security, including professional hackers, current or former employees, professional attackers, organized crime groups, and industrial spies. These hacktivists are more likely to cause direct physical destruction to the power systems than any other part (Wencui et al.,2018). Various strategies have been devised to prevent such malware operations from fighting against these physical and cyberattacks in the future. These include increased cyber monitoring and incident reporting, enhanced threat and risk assessment, and building resiliency in the power grid.
Every state and country should have procedural strategies to improve monitoring of the bulk power systems, including implementing proposed plans to enhance these strategies. For instance, in the united states, the Federal Energy Regulatory Commission (FERC) plans to maximize reporting of cyber incidents. The reported cyber attack incidences are currently limited to having disrupted one or more reliable tasks of these systems according to the infrastructure protection reliability for CIP-008-5. Therefore, rather than only providing reports of compromising cases of critical operations, North American Electric Reliability Corporation (NERC) is responsible for expanding the CIP-008 standard to report all attempts of threats to any firm’s network.
Until the discovery of the last threat, most cybersecurity actions remain reactive. Some experts assert that focus on the attackers rather than the attack on the system itself, with others prioritizing intrusion detection, including the system’s vulnerability. Improvements have been made to the modernization programs, while others are undertaken as special projects. The origin of the threat is greatly responsible and affects the level of a threat’s elegance. The federal government’s national security apparatus is essential in reducing cyber-attacks (Huang et al.,2018). Intelligence on the existence and nature of the threat and the capability to fight the danger rely on the government security operations following the origin of cyber threats from foreign entities. Hence, timely and relevant information from government aids immediate actions on threats depending on the severity of the danger. Additionally, electricity industries provide appropriate revenues for reporting threat information to understand the relative risk to the potential hazards.
Furthermore, the diverse actors in cyber threat space, both political and non-political motivations, improve the speculations of an inevitable cyberattack. An aid to recover cyberattacks has taken a major focus in some resources on actions and technologies out possible. Building a smart grid, distribution of energy resources, and building a strategic reserve of critical components are among the strategies in place for improving resiliency and speeding up recovery from potential attacks (Quincozes et al.,2021). In building smart grids, governments can achieve electric power transmission and distribution system resilience through newly created and possible technologies. For instance, innovative technologies capable of resiliency distribution systems in terms of weather-related power outages and malicious attacks are reviewed by the electric power research institute (EPRI). Also, firms can achieve reliability and resiliency through smart grid technologies—isolation of problems through reconfiguration of utility networks through automated controls using real-time data.
Governments have considered distributed resources and microgrids as an increased element of the future grid capable of increasing resilience in the current grid. For example, an attempt to modernize its energy systems through the installation of distributed resources has been made by the state of New York in collaboration with investor-owned electric utilities. The primary potential for microgrids in cyberattacks and emergencies is their ability to operate independently off-grid. Finally, special attention has been driven towards massive and high voltage electric power transformers (LPTs) being targeted as critical components in physical and cyberattacks.