What would it take for an entire American city to lose power? What circumstances and failures in the electrical grid’s infrastructure would lead to a dramatic, long-term blackout? And what weak points could utility companies invest in to help prevent a catastrophic shutdown?
A three-year project at Lawrence Livermore National Laboratory (LLNL) is attempting to answer those questions using a new algorithm called “Squirrel” to model power outages and enable government agencies and utilities to automatically identify weaknesses in the power grid. Squirrel is part of a three-year Laboratory Directed Research & Development (LDRD) project aimed at determining the risk to the grid from a cyberattack, called the Quantitative Intelligent Adversary Risk Assessment (QIARA). But because Squirrel is “cause agnostic,” according to project manager Jovana Helms, it can be used with any kind of threat or hazard, including a malicious hack, earthquake or even squirrels (which often chew into electrical wires and cause outages).
“Squirrel is part of a methodology to assess the risk by identifying critical failures,” Helms said. “It solves the inverse problem: for a given consequence of interest it enumerates critical failures that can lead to that consequence. It tells you where to pay attention and how to prioritize your resources. Once you enumerate critical failures you can determine which hazards can cause it and develop mitigations that are hazard agnostic or tailored to a specific hazard.”
Researchers say one of the major challenges in determining risks to the grid is the cascade effect. If one substation fails it could impact the entire grid infrastructure. Using Squirrel, in conjunction with GridDyn, an open source power grid simulator developed at LLNL that models transmission power flow, researchers analyzed what series of actions would have to happen to cause a 500-megawatt load loss on a small grid model. Surprisingly, Helms said, the simulation found 730 critical failures of consequence, including the most susceptible relays and grid components. In about half of all critical failures, one particular relay was consistently part of the enumerated failures. Such insight could be particularly crucial when resources for bolstering grid resiliency are limited, researchers said.
“Let’s say our concern is that a bad actor will take one gigawatt of power offline. We’re looking at what are the ways that could happen,” said principal investigator Meghan McGarry. “Squirrel helps us identify what critical failures would lead to that outcome. What we want to know is what input conditions are required for the load loss of our output. What changes do I have to make to the input to lose that one gigawatt?”
Squirrel, the researchers said, could allow government agencies and public utilities to narrow the list of possible scenarios that could lead to catastrophic failures and determine where to prioritize protection, which would be virtually impossible with manual methods. Using the Lab’s high-performance computing capabilities, the algorithms are able to work off the GridDyn model, change various parameters and look at potential solutions that could stave off a massive outage.
“We can start with what we care about and work backward,” Helms said. “It eliminates inconsequential scenarios and identifies how a consequence of interest can happen. When we start with the consequence, the first step is to identify critical failures that can cause it. That’s where Squirrel comes in. It finds critical failure points in an automated way.”
Because the modern grid is much more automated and exposed to the internet, Helms said, it is smarter, but also much more vulnerable to adversaries and malicious hackers. In light of incidents such as the malware-induced grid outage in the Ukraine in 2015 and 2016, the threat of a hack resulting in a blackout is very real, Helms said.
Despite the risk, cybersecurity is costly and time-consuming for utility companies, and currently it isn’t humanly possible to dream up all the scenarios that would lead to an undesirable outcome. With natural disasters, researchers can use probability models to get a solid estimate of whether a failure will happen, but intelligent adversaries or hackers wouldn’t be probabilistic in nature, they said. But by knowing what to protect, scientists could narrow the list of attack scenarios that would result in a major outage.
A little more than a year into the project, there’s still more work to be done before Squirrel can be applied to large-scale systems. LLNL researchers will further develop the modeling capabilities in the coming years and push for more complex, coupled models that can consider combined consequences like communication and power flow, gas and electricity, as well as more complicated transmission and distribution models. Follow-on work could involve collaborating directly with utility companies to identify vulnerabilities and perform risk assessment using actual grid systems from the utilities to create more accurate models. Squirrel has garnered interest from utility partners. If successful, researchers said, Squirrel could help utilities and government agencies increase the resilience of the grid against any type of impactful situation and could later be applied to oil and gas pipelines and transportation.
“Right now, we have a simple model that might have 46 transmission lines that can be switched on or off,” McGarry said. “Even in a simplified grid, you’re already in a problem space that’s 2⁴⁶ possible configurations, which is too big to search with brute force. The main aspect now is developing algorithms for a more intelligent analysis of the space. Our goal is to is to model a 10,000-line system, that would be a useful scale. But even at the level we are now, you can look at it and determine components that are critical to the system.”
Other key LLNL contributors to the Squirrel effort include applied mathematics postdoctoral researcher Sarah Osborn, computational mathematician Colin Ponce and computer scientist Tom Benson.