Detecting, blocking grid cyberattacks

To help block cyberattacks attacking the electric grid, researchers from Idaho National Laboratory (INL) have developed a device that alerts operators to abnormal commands and automatically blocks them, preventing attacks from accessing and damaging critical power grid components.

The Constrained Cyber Communication Device (C3D) autonomously reviews and filters commands being sent to protective relay devices, which instruct breakers to turn off the flow of electricity when a disturbance is detected -- like a failed power line -- to prevent damage to grid equipment.

Until now, relays were unable to block cyberattacks, which can send unexpected commands to grid equipment in milliseconds. C3D limits the relays’ ability to communicate so that only the most essential functions operate, providing a temporal cybersecurity defense. When grid operators are warned of a potential attack, for example, they can use C3D to shut off engineering access to the relays – while still allowing access to protection and monitoring controls – thereby reducing the risk of attacks without impacting service delivery. 

"As cyberattacks against the nation's critical infrastructure have grown more sophisticated, there is a need for a device to provide a last line of defense against threats," INL Program Manager Jake Gentle said. "The C3D device sits deep inside a utility's network, monitoring and blocking cyberattacks before they impact relay operations."

The researchers constructed a 36-foot mobile substation – with C3D wired into the relays’ communication network -- and connected it to INL's full-scale electric power grid test bed to establish an at-scale power grid environment.

They then sent a sudden power spike command to the substation relays and monitored the reaction. The C3D device instantly blocked the command and prevented the attack from damaging the larger grid.

The technology and associated software will undergo further testing over the next several months before being made available for licensing to private industry, INL officials said.

About the Author

Susan Miller is executive editor at GCN.

Over a career spent in tech media, Miller has worked in editorial, print production and online, starting on the copy desk at IDG’s ComputerWorld, moving to print production for Federal Computer Week and later helping launch websites and email newsletter delivery for FCW. After a turn at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she rejoined what was to become 1105 Media in 2004, eventually managing content and production for all the company's government-focused websites. Miller shifted back to editorial in 2012, when she began working with GCN.

Miller has a BA and MA from West Chester University and did Ph.D. work in English at the University of Delaware.

Connect with Susan at [email protected] or @sjaymiller.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected