“We Are Turning Hamburg off Now”
Two experts from the University of Bremen confirm that widespread power outages are in fact possible
It is a nightmarish scenario that the thriller author Marc Elsberg described in his novel Blackout: A Europe-wide power outage leads to murder and manslaughter. The digitalization of important structures brings the danger of external attacks with it. Additionally, complex networks are very fragile. The Federal Office of Civil Protection and Disaster Assistance (BKK) has already appealed for everyone to prepare themselves for widespread power outages. How big is the danger really? An interview with the electrical engineer and computer scientist Professor Kai Michels and the legal scholar Dr. Dennis-Kenji Kipker:
Mr. Michels, Mr. Kipker, have your prepared yourselves for a widespread power outage and collected food supplies for at least 14 days as the Federal Office of Civil Protection and Disaster Assistance recommends?
Kai Michels: My wife and I are considering it. The least that one should do is to store several cases of water at home. That will be the first thing to become rare, as no water will come out of the taps. One would probably find something to eat for a few days.
Dennis-Kenji Kipker: I have never thought about it. I do deal with critical infrastructures but how it could affect me personally has fallen by the wayside.
Mr. Michels, system dynamics and control technology in the power plant sector is your field. How big do you believe the danger of power outages to be – regardless for which reasons?
Kai Michels: The danger is there. I believe cyber-attacks to be possible. However, it will not affect the control centers of large power networks, as they are really very well protected against external attacks. Power plants are slightly less secure, as they have increasing possibilities for remote maintenance. If the power plant manufacturers have access to the computers in the plant via the network then so do hackers. And of course there are smaller network operators in each town and each region. I doubt that they are as well protected as the big ones. Damage can surely be done if the attack is coordinated.
In 2019, there were several incidents where hackers were not involved but rather immense fluctuations in the European power networks nearly led to a shutting down…
Kai Michels: This can occur due to the fluctuations in regenerative source input. Most of the solar panel systems on Germany’s roofs have an automatic emergency shut down, for example. When there is too little power in the network and the frequency sinks below 49.8 Hz due to this, these systems turn off so that their sensitive electronics are protected. If they all shut down at once – at a moment when we already have too little power in the network – then the network breaks down. It is in exactly in such moments that we need people in the large network control centers who react boldly and consequently straight away – namely by shutting down the entire town supply. They then need to decide: “We are turning Hamburg off now.” That decision needs to be made within minutes. There is, of course, a risk regarding whether they are actually brave enough to do it. If not, the network may entirely collapse as the result of a chain reaction and that would mean a total blackout. That happened in Italy in 2003.
Mr. Kipker, you have specialized yourself on cyber security in the frame of your scientific work. How big is the danger that terrorists, hacker, or secret services flip the switch on our power networks to “off”?
Dennis-Kenji Kipker: I am not aware of any widespread attack on the German infrastructure. However, there is a real danger in my opinion. The legislature has recognized this and initiated measures in order to specially regulate and protect critical infrastructures. In other sectors, for example the health sector, there have been larger attacks that have resulted in hospitals no longer being operational or personal data being leaked. Waterworks have also been attacked. As Mr. Michels already indicated, small regional providers often do not have the resources to operate IT security to a suitable extent. The Technical Inspection Agency (TÜV) created a so-called honeypot – they simulated unsecured waterworks. In a short space of time, people attempted to influence the industry control facilities. There are dangers but they are hard to put into numbers.
It is often said that the next war will not be fought conventionally or atomically but also on the internet…
Dennis-Kenji Kipker: That will be the case. As early as 2010, the Stuxnet computer worm made history: It was written in order to interfere with specific Siemens controls that are used in waterworks, climate technology, or pipelines. Because Stuxnet mainly caused damage to a reprocessing plant and a nuclear power plant in Iran, we had to assume that the attack was politically motivated. It is still not known who was behind the attack. There are only suspicions. However, the example shows that something like that is generally possible.
It is suspected that Stuxnet was smuggled in on a USB stick. However, everything is interconnected and accessible via the Internet of Things. Is that not the perfect gateway?
Kai Michels: It is exactly that aspect that makes me nervous and of which I always warn in my talks: The whole discussion on Industry 4.0 where every single device has internet access and is therefore able to be manipulated by whomever. I actually thought about if it is all a strategy of the NSA foreign intelligence agency and that is why everyone is suddenly backing this topic. Smart devices are able to be manipulated! The thriller by Marc Elsberg is based on manipulated electricity meters – it is exactly such a scenario that I believe to be plausible. Interestingly, our nuclear power plants cannot be attacked, as they have no computer. They are still running with switching technology from the 1970s. That is still the only technology that is sufficient in terms of the extremely high security requirements in this area. If we decentralize our power supplies via regenerative power generation plants in the future, which are connected to the internet, then damage could be caused by an extensive attack.
Dennis-Kenji Kipker: I also believe the USB stick – the internal offender – to be a possibility. I am of a similar opinion regarding the dangers of networking. Many manufacturers of devices or components within Industry 4.0 had nothing to do with cyber security until recently. Components from suppliers, whose security is not being checked, are being built in. Many applications become more convenient thanks to computerization but it is inevitable that the risks also increase. If you take a look at the field of legislation and cyber security, many institutions within the energy sector are named as being part of the critical infrastructure. They need to implement technical and organizational security measures. But when is an institution responsible for supply to the population deemed critical? The threshold is currently when around 500,000 people are being supplied. In the frame of a legislation amendment, we are currently trying to register and secure critical infrastructures below said threshold. The IT Security Act of 2015 was a first draft and it now has to be improved point by point.
Mr. Michels, if someday it is in fact “dark” everywhere – how will the power return?
Kai Michels: Some power plants have extra emergency diesel power so that they can reboot themselves. However, because they are still connected to the network and all consumers, who broke down suddenly, are still set to “on”, it would collapse again straight away. The power plant has to be “activated” first and then its charge has to be reduced so that it can be powered up again. Subsequently, it has to be networked with other power plants that have also been started “clean”. So the network would have to be slowly activated piece by piece. But how this is meant to work during a widespread power outage when communication has broken down entirely remains to be seen. There are, of course, emergency plans but these have only been carried out in theory. At no point will we know how long it will take and we will be – in the most literal sense – in the dark. That is why, after a sufficient amount of water, a battery-operated radio is also obligatory.
Profile: Kai Michels
Professor Kai Michels studied electrical engineering and computer science at TU Braunschweig and also completed his PhD there. As a scientific assistant, he subsequently carried out research at the Institute of Control Engineering in Braunschweig before he moved into the economic sector in 1997 and worked for Siemens AG in the fields of power plant control technology, power plant simulation, and gas conveyance technology. From 2002 to 2010, Michels worked for Fichtner Ingenieurberatung GmbH in Stuttgart and Ludwigshafen, where he was the director. Since 2010, he has been the head of the Institute of Automation at the University of Bremen, where is also the chair of the System Dynamics and Control group.
Profile: Dennis-Kenji Kipker
Dr. Dennis-Kenji Kipker studied law at the University of Bremen. He was subsequently a member of Professor Benedikt Buchner’s working group. In 2015, he competed his PhD with a dissertation on “Information Freedom and State Security – Legal Challenges of Modern Surveillance Technologies.” Since 2016, Dennis-Kenji Kipker is the scientific director at the Institute for Information, Health, and Medical Law (IGMR) at the University of Bremen. He was involved in the nationwide “Monitor IT Security of Critical Infrastructures” study, amongst others.