WEBVTT 1 00:00:00.840 --> 00:00:02.919 Usually when we talk about a system crashing, there is 2 00:00:02.960 --> 00:00:04.960 like a certain blast radius we expect, you know. 3 00:00:05.040 --> 00:00:08.599 Right, Yeah, like if a retail website goes down, exactly. 4 00:00:08.119 --> 00:00:10.640 You can't buy those shoes you wanted, and it's annoying, 5 00:00:11.039 --> 00:00:13.439 but it's really just an isolated digital blip. 6 00:00:13.640 --> 00:00:18.280 The physical world around you remains totally untouched. I mean, 7 00:00:18.359 --> 00:00:20.120 you just close your laptop and your day goes on. 8 00:00:20.280 --> 00:00:22.879 Right, But today we are doing a deep dive into 9 00:00:22.920 --> 00:00:27.399 a hidden, really high stakes battleground where that digital physical 10 00:00:27.440 --> 00:00:30.079 boundary just completely vanished. 11 00:00:29.719 --> 00:00:31.480 It has it entirely disappears. 12 00:00:31.600 --> 00:00:35.359 Yeah, we're looking at our electricity infrastructure. Historically the power 13 00:00:35.359 --> 00:00:39.880 grid was just pure physics, right, coal copper wires, giant 14 00:00:39.880 --> 00:00:41.079 metal switches. 15 00:00:40.719 --> 00:00:42.520 You big heavy machinery exactly. 16 00:00:42.880 --> 00:00:46.640 But now it's what engineers call a cyber physical system 17 00:00:46.960 --> 00:00:50.799 or CPS, and that means computer code can literally cause 18 00:00:50.880 --> 00:00:52.759 physical destruction in the real world. 19 00:00:52.960 --> 00:00:55.799 And the traditional rules of cybersecurity, you know, the ones 20 00:00:55.840 --> 00:00:58.320 protecting that shoe website we talked about, they are completely 21 00:00:58.359 --> 00:00:59.240 turned upside down. 22 00:00:59.079 --> 00:01:01.399 Here because it's not about passwords anymore. 23 00:01:01.119 --> 00:01:03.359 No, not at all. It's about protecting the laws of 24 00:01:03.399 --> 00:01:07.879 physics and understanding this is so vital because well, your home, 25 00:01:08.359 --> 00:01:12.920 your appliances, your most mundane daily habits are now intimately 26 00:01:12.959 --> 00:01:15.439 connected to this massive cyberphysical web. 27 00:01:15.519 --> 00:01:19.040 Okay, let's unpack this. Our grounding source for this journey 28 00:01:19.239 --> 00:01:24.159 is this twenty seventeen technical deep dive called Cyberphysical Security 29 00:01:24.200 --> 00:01:27.680 and Privacy in the Electric Smart Grid by Bruce McMillan 30 00:01:27.760 --> 00:01:28.560 and Thomas Roth. 31 00:01:28.719 --> 00:01:29.959 A fascinating read. 32 00:01:29.920 --> 00:01:33.079 It really is. And to understand how the grid is hacked, 33 00:01:33.200 --> 00:01:35.920 we first have to understand how radically the architecture has 34 00:01:36.000 --> 00:01:38.640 changed over the years. We are moving from this giant 35 00:01:38.719 --> 00:01:42.599 centralized machine to a massive distributed internet of things. 36 00:01:42.920 --> 00:01:45.799 Yeah, because for over a century, the bulk transmission grid 37 00:01:45.840 --> 00:01:48.439 was heavily centralized. Power flowed strictly. 38 00:01:48.120 --> 00:01:49.640 One way right top down right. 39 00:01:49.519 --> 00:01:53.599 Exactly from a massive generation plant like coal, nuclear, hydro, 40 00:01:53.719 --> 00:01:56.079 down to the substations and finally to you. The consumer 41 00:01:56.680 --> 00:01:59.799 control meant a central operator actually you know, manually flipping 42 00:01:59.840 --> 00:02:01.680 him relays, or are sending a guy in a truck 43 00:02:01.719 --> 00:02:02.840 to physically turn a switch. 44 00:02:03.000 --> 00:02:04.760 I always kind of picture the old grid like a 45 00:02:04.920 --> 00:02:09.240 giant megaphone, you know, the utility stands at the top 46 00:02:09.400 --> 00:02:13.080 just shouting power down to the masses, it's a completely 47 00:02:13.120 --> 00:02:13.879 one way street. 48 00:02:14.120 --> 00:02:15.120 That's a great analogy. 49 00:02:15.360 --> 00:02:20.919 Thanks, But the modern smart grid is it's more like 50 00:02:20.960 --> 00:02:24.120 a giant, chaotic group chat, like every single device is 51 00:02:24.159 --> 00:02:25.479 talking at the exact same time. 52 00:02:25.560 --> 00:02:27.319 And the main issue with a group chat is that 53 00:02:27.439 --> 00:02:30.360 everybody has a microphone. Right at the most basic level, 54 00:02:30.360 --> 00:02:34.680 we have what's called advanced Metering infrastructure or AMI. These 55 00:02:34.680 --> 00:02:36.439 are the smart meters on the side of your house. 56 00:02:36.719 --> 00:02:38.639 They allow two way communication, so. 57 00:02:38.599 --> 00:02:40.879 The utility talks to the house and the house talks 58 00:02:40.919 --> 00:02:41.719 back exactly. 59 00:02:41.879 --> 00:02:44.840 Yeah, the utility sends pricing signals and they engage in 60 00:02:44.879 --> 00:02:46.439 something called demand side management. 61 00:02:46.520 --> 00:02:50.199 Demand side management, Okay, that's when the utility actually overrides 62 00:02:50.240 --> 00:02:52.680 and turns off your heavy appliances, right, like an air 63 00:02:52.680 --> 00:02:54.240 conditioner or a water heater. 64 00:02:54.120 --> 00:02:58.479 Yeah, during peak usage hours to dynamically balance the load 65 00:02:58.560 --> 00:03:02.199 on the grid. And the architecture scals up even further 66 00:03:02.319 --> 00:03:05.520 into microgrids. So think of a military base or like 67 00:03:05.560 --> 00:03:09.120 a really forward thinking neighborhood with its own solar panels 68 00:03:09.479 --> 00:03:11.319 and massive battery storage. 69 00:03:11.439 --> 00:03:12.960 Right, so they generate their own power. 70 00:03:13.319 --> 00:03:16.199 Yeah, and it operates connected to the main utility, but 71 00:03:16.280 --> 00:03:17.800 it can actually island itself. 72 00:03:17.879 --> 00:03:20.360 Island itself like cut the. 73 00:03:20.240 --> 00:03:25.800 Cord, literally physically severing the connection and running completely independently 74 00:03:25.919 --> 00:03:27.159 if the main grid goes down. 75 00:03:27.560 --> 00:03:31.520 Okay, but the holy grail of this distributed architecture is 76 00:03:31.560 --> 00:03:35.319 something called the Freedom system, right friedm. 77 00:03:34.759 --> 00:03:37.719 Yeah, the Freedom system. It's a fully distributed peer to 78 00:03:37.759 --> 00:03:41.000 peer energy internet. There is no central. 79 00:03:40.680 --> 00:03:42.240 Boss at all, So who's in charge? 80 00:03:42.360 --> 00:03:45.919 Well, smart solid state transformers act as brokers. They're constantly 81 00:03:45.960 --> 00:03:49.039 negotiating power sharing and voltage stability with each other. 82 00:03:49.120 --> 00:03:52.319 Okay, but if we give every single house, every solar panel, 83 00:03:52.360 --> 00:03:54.639 and every electric car a voice in this group chat, 84 00:03:55.000 --> 00:03:57.719 I mean, in a megaphone system, if someone hacks a house, 85 00:03:57.919 --> 00:03:59.960 they're just whispering into a void. 86 00:03:59.800 --> 00:04:00.719 Right, nobody hears it. 87 00:04:00.879 --> 00:04:03.879 But in a group chat, every house has a microphone 88 00:04:03.919 --> 00:04:06.680 hooked up to the main speakers, So if one house screams, 89 00:04:07.120 --> 00:04:09.800 it can blow out the entire neighborhood's audio. Aren't we 90 00:04:09.879 --> 00:04:13.280 just opening up like millions of new front doors for hackers? 91 00:04:13.360 --> 00:04:16.040 Well, what's fascinating here is that this cyber physical connection 92 00:04:16.639 --> 00:04:21.399 introduces vulnerabilities that simply didn't exist before. A single rogue 93 00:04:21.519 --> 00:04:24.680 cyber command can now alter the physical flow of power 94 00:04:25.079 --> 00:04:26.600 through these advanced power. 95 00:04:26.360 --> 00:04:29.360 Electronics, which are the FACTS devices right. 96 00:04:29.319 --> 00:04:32.199 Yes, flexible AC transmission or a FTTS devices. 97 00:04:32.399 --> 00:04:34.959 Let's drill into that mechanism for a second. How does 98 00:04:34.959 --> 00:04:39.279 a cyber command physically break the grid using a FACTS device? 99 00:04:39.639 --> 00:04:43.600 So AFTS devices act like giant intelligent routers for electricity. 100 00:04:44.079 --> 00:04:47.240 They constantly adjust the resistance and voltage on transmission lines 101 00:04:47.560 --> 00:04:51.360 to basically push or pull alternating current where it's needed 102 00:04:51.399 --> 00:04:52.439 most to stay efficient. 103 00:04:52.600 --> 00:04:54.720 Okay, so it's directing traffic exactly. 104 00:04:55.120 --> 00:04:58.079 Now. If an attacker gains control of a FACTS device, 105 00:04:58.319 --> 00:04:59.959 they don't even need to shut off a power plant. 106 00:05:00.480 --> 00:05:02.959 They can just force all the electricity and given region 107 00:05:03.000 --> 00:05:06.759 down a single already strain transmission line, and then the 108 00:05:06.800 --> 00:05:11.480 line absorbs too much current, physically overheats, SAgs into a tree, 109 00:05:11.680 --> 00:05:12.519 and shorts. 110 00:05:12.160 --> 00:05:15.079 Out, which triggers a cascading blackout. 111 00:05:14.600 --> 00:05:19.079 Across multiple states. And purely from a software command routing 112 00:05:19.120 --> 00:05:21.199 physical energy, that is terrifying. 113 00:05:21.720 --> 00:05:25.079 So if building a giant IoT grid creates these massive 114 00:05:25.160 --> 00:05:29.680 physical vulnerabilities, engineers naturally just reached for the cybersecurity tools 115 00:05:29.680 --> 00:05:33.319 they already had, right They tried applying military and corporate 116 00:05:33.360 --> 00:05:35.680 IT security models to the physical world. 117 00:05:35.800 --> 00:05:38.800 They did, and those models failed miserably. Why because the 118 00:05:38.839 --> 00:05:42.639 underlying priorities of the systems are fundamentally opposed. In standard 119 00:05:42.639 --> 00:05:47.759 IT security is built around the CIA triad confidentiality, integrity, 120 00:05:47.800 --> 00:05:48.680 and availability. 121 00:05:48.720 --> 00:05:49.439 Okay CIA. 122 00:05:49.680 --> 00:05:52.920 Yeah, And for a bank or a database, confidentiality is 123 00:05:53.000 --> 00:05:55.319 king you cannot let someone steal the data. But in 124 00:05:55.360 --> 00:05:58.800 a power grid availability, keeping the lights on has historically 125 00:05:58.839 --> 00:06:02.279 been the absolute top. I mean, if a control system crashes, 126 00:06:02.279 --> 00:06:03.480 people freeze in their homes. 127 00:06:03.759 --> 00:06:06.639 Right. So let's look at the first classic security model. 128 00:06:06.680 --> 00:06:10.399 Engineers tried to adapt the military's Bella Padula or BLP, 129 00:06:11.040 --> 00:06:13.560 and this model is entirely about keeping secrets. 130 00:06:13.879 --> 00:06:17.079 Yeah, the BLP model is based on strict security clearances 131 00:06:17.480 --> 00:06:22.160 top secret, secret, unclassified. The absolute rule of BLP is 132 00:06:22.279 --> 00:06:26.240 read down right up. A general can read a privates report, 133 00:06:26.560 --> 00:06:28.439 but the general can never write down to. 134 00:06:28.399 --> 00:06:32.360 The private because they might accidentally leak top secret information 135 00:06:32.480 --> 00:06:33.920 to a lower clearance level. 136 00:06:34.040 --> 00:06:36.600 Exactly, information only flows up the chain of command. 137 00:06:36.720 --> 00:06:40.279 Wait, if BLP focuses on secrecy, that doesn't help a 138 00:06:40.360 --> 00:06:43.399 power grid where keeping the lights on is the priority, 139 00:06:43.560 --> 00:06:46.399 not at all. I mean, if the highly secure system 140 00:06:46.439 --> 00:06:49.560 control center is the general and the power meters on 141 00:06:49.600 --> 00:06:52.480 our houses are the privates. The control center is strictly 142 00:06:52.560 --> 00:06:56.160 forbidden from sending commands down to the meters. The grid 143 00:06:56.319 --> 00:06:59.720 literally cannot function. If the control center can't send instructions 144 00:06:59.720 --> 00:07:00.720 to power. 145 00:07:00.680 --> 00:07:02.680 It totally breaks the system. Yeah, there has to be 146 00:07:02.680 --> 00:07:06.079 a model that focuses on data trust instead of data secrecy. 147 00:07:06.240 --> 00:07:07.639 Okay, so what did they try next? 148 00:07:08.120 --> 00:07:11.319 That brings us to the Biba model. It's a commercial 149 00:07:11.360 --> 00:07:15.040 approach focused entirely on integrity. Can we trust the data? 150 00:07:15.160 --> 00:07:19.759 The rule for Biba flips BLP upside down, write down readout. 151 00:07:20.079 --> 00:07:23.680 High integrity systems can send data down to low integrity systems, 152 00:07:23.800 --> 00:07:25.399 but they can never accept data. 153 00:07:25.199 --> 00:07:26.560 From them write down read out. 154 00:07:26.720 --> 00:07:30.399 Yeah, Biba uses a low watermark policy. If a high 155 00:07:30.399 --> 00:07:34.399 integrity system reads data from a low integrity source, its 156 00:07:34.399 --> 00:07:37.720 own integrity is instantly downgraded to match that lower level. 157 00:07:37.800 --> 00:07:39.800 I love the analogy the book uses for this, the 158 00:07:39.839 --> 00:07:42.639 reality television analogy. It's perfect for understanding this. 159 00:07:42.720 --> 00:07:44.040 Oh yeah, the reality TV one. 160 00:07:44.199 --> 00:07:48.160 Yeah, like watching a poorly produced reality show lowers your 161 00:07:48.160 --> 00:07:49.800 intelligence to match the show. 162 00:07:50.000 --> 00:07:50.879 It's so true. 163 00:07:51.000 --> 00:07:53.959 In the utility wheel, if a highly secure, high integrity 164 00:07:54.000 --> 00:07:57.120 physical control center accepts a message from a less secure 165 00:07:57.160 --> 00:08:01.240 corporate business network, the control center is mathematic compromised, it 166 00:08:01.439 --> 00:08:02.680 washed reality TV. 167 00:08:02.879 --> 00:08:06.160 And that logic dictates why utilities build these incredibly rigid 168 00:08:06.199 --> 00:08:09.120 firewalls that only let data flow out to the business 169 00:08:09.120 --> 00:08:12.240 side for billing, but never into the control room. The 170 00:08:12.279 --> 00:08:14.920 control room must maintain its high integrity to keep the 171 00:08:14.920 --> 00:08:16.000 physical grid stable. 172 00:08:16.199 --> 00:08:19.240 But here's where it gets really interesting. That firewall works 173 00:08:19.240 --> 00:08:22.319 perfectly for separating the control room from the corporate accountants. 174 00:08:22.879 --> 00:08:25.399 But what about the customer, right the consumer? 175 00:08:25.560 --> 00:08:28.800 If the utility needs to control my smart thermostat for 176 00:08:28.920 --> 00:08:31.920 that demand side management we talked about earlier, my home 177 00:08:31.959 --> 00:08:36.840 network is inherently low integrity. It is full of hackable 178 00:08:37.120 --> 00:08:39.399 smart TVs, tablets, light bulbs. 179 00:08:39.519 --> 00:08:40.159 It's a mess. 180 00:08:40.279 --> 00:08:44.360 Yeah. So how does the high integrity control room accept 181 00:08:44.480 --> 00:08:48.120 data from my low integrity smart meter without instantly breaking 182 00:08:48.159 --> 00:08:49.559 the beta security model? 183 00:08:49.720 --> 00:08:54.480 Well it can't. The mathematical model shatters traditional firewalls, and 184 00:08:54.519 --> 00:08:58.240 it models cannot cleanly separate the utility from the customer 185 00:08:58.600 --> 00:09:01.559 without severing the very two two way functionality that makes 186 00:09:01.559 --> 00:09:03.440 the smart grids smart in the first place. 187 00:09:03.639 --> 00:09:06.399 Wow. So if the security models fundamentally clash with the 188 00:09:06.399 --> 00:09:10.759 grid's architecture. Attackers are just handed this terrifying loophole. They 189 00:09:10.799 --> 00:09:13.399 realize they don't have to brute force a massive firewall, 190 00:09:13.840 --> 00:09:15.960 They just have to spoof the physical reality. 191 00:09:16.120 --> 00:09:19.279 Exactly. Because the modern grid is far too vast and 192 00:09:19.320 --> 00:09:23.399 complex to monitor manually, utilities have relied on state estimation 193 00:09:23.480 --> 00:09:25.080 algorithms since the nineteen sixties. 194 00:09:25.519 --> 00:09:27.320 State estimation, Yeah, they. 195 00:09:27.240 --> 00:09:30.600 Use bad data detection to automatically filter out sensors that 196 00:09:30.639 --> 00:09:34.320 physically break or drift out of calibration or just glitch. Okay, 197 00:09:34.519 --> 00:09:38.799 makes sense, But intelligent attackers bypass this entirely by feeding 198 00:09:38.799 --> 00:09:42.320 the system lies that perfectly obey the laws of physics. 199 00:09:42.600 --> 00:09:44.919 Wait, how do you lie to a physics algorithm? 200 00:09:45.080 --> 00:09:49.080 By calculating the grid's exact physical topology. If an attacker 201 00:09:49.159 --> 00:09:54.120 compromises the substation sensors, they don't send random chaotic numbers. 202 00:09:54.000 --> 00:09:57.080 Because the bad data algorithm would catch that immediately as 203 00:09:57.240 --> 00:09:58.720 physically impossible. 204 00:09:59.000 --> 00:10:02.240 Exactly INSTEA, the attackers run the same Newton rafts and 205 00:10:02.320 --> 00:10:04.559 powerflow equations that the utility uses. 206 00:10:04.720 --> 00:10:06.840 Newton rafts and equations, yeah. 207 00:10:06.440 --> 00:10:09.759 They calculate exactly what a normal alternating current state should 208 00:10:09.799 --> 00:10:13.279 look like. Across that specific web of copper wires and 209 00:10:13.320 --> 00:10:16.960 they inject those mathematically flawless false numbers. Oh wow, the 210 00:10:17.000 --> 00:10:19.960 bad data detection algorithm runs the math, sees that the 211 00:10:20.000 --> 00:10:23.399 simulated physics check out perfectly, and just accepts the lie 212 00:10:23.559 --> 00:10:24.519 as objective truth. 213 00:10:24.759 --> 00:10:27.919 Wait. If the bad data detection algorithm just rubber stamps 214 00:10:27.960 --> 00:10:32.759 mathematically perfect lies, then the human operators are essentially. 215 00:10:32.440 --> 00:10:34.200 Flying blind, completely blind. 216 00:10:34.480 --> 00:10:37.679 It's like when the stuck snet malware hit those nuclear centrifuges. 217 00:10:37.960 --> 00:10:40.120 It didn't just alter the physical speed of the rotors 218 00:10:40.159 --> 00:10:43.960 to tear them apart. It actively fed flawlessly faked normal 219 00:10:44.000 --> 00:10:46.279 speed readings back to the operators screens. 220 00:10:46.559 --> 00:10:49.720 Yeah, the operators saw green lights and perfect data while 221 00:10:49.759 --> 00:10:52.759 the physical machines destroyed themselves right in the next room. 222 00:10:53.159 --> 00:10:56.679 That is wild, and that phenomenon is formally known as 223 00:10:56.759 --> 00:11:01.440 non deducibility. It is a cornerstone concept information flowed disruption. 224 00:11:02.159 --> 00:11:05.000 If an attack produces the exact same cyber readings as 225 00:11:05.039 --> 00:11:09.399 a normal, healthy operation, the observer can never logically deduce 226 00:11:09.440 --> 00:11:12.720 what actually happened. The attack is mathematically secure. 227 00:11:12.399 --> 00:11:15.879 From detection, unbelievable, and the problem scales up dangerously When 228 00:11:15.919 --> 00:11:19.960 we hit multiple security domain non deducibility or msdnd. 229 00:11:19.480 --> 00:11:20.000 H mis needy. 230 00:11:20.080 --> 00:11:23.240 Yeah. Imagine a neighborhood that shares a public leaderboard screen 231 00:11:23.279 --> 00:11:25.960 showing the total energy usage of the block. If an 232 00:11:26.000 --> 00:11:30.399 attacker disrupts the power to one specific house, someone looking 233 00:11:30.440 --> 00:11:33.360 at the total neighborhood usage on the leaderboard might see 234 00:11:33.360 --> 00:11:36.720 a slight dip, but they can't deduce which house was targeted. 235 00:11:36.879 --> 00:11:40.600 Right. The overlapping security domains, like the individual house's private 236 00:11:40.639 --> 00:11:44.559 meter versus the shared neighborhood infrastructure, create these dense layers 237 00:11:44.600 --> 00:11:45.679 of non deducibility. 238 00:11:45.840 --> 00:11:48.480 It provides a level of privacy for the homeowner. 239 00:11:48.080 --> 00:11:51.840 Sure yeah, but it creates an absolute nightmare for detecting 240 00:11:51.960 --> 00:11:56.399 coordinated surgical attacks on specific nodes in the grid. 241 00:11:56.519 --> 00:11:58.559 So if the control center is looking at a screen 242 00:11:58.600 --> 00:12:02.240 that says everything is perfectly and the math perfectly checks out, 243 00:12:02.440 --> 00:12:05.000 how do they ever know they are under attack? 244 00:12:05.559 --> 00:12:08.679 Well, this raises an important question, and answering it required 245 00:12:08.679 --> 00:12:12.919 a massive paradigm shift in cyber defense. Defenders realized they 246 00:12:12.960 --> 00:12:16.639 had to stop relying purely on software firewalls. They needed 247 00:12:16.639 --> 00:12:19.480 a lie detector for the smart grid, something an attacker 248 00:12:19.519 --> 00:12:21.240 couldn't forge with clever code. 249 00:12:21.279 --> 00:12:23.159 So they looked at physics exactly. 250 00:12:23.240 --> 00:12:25.559 They had to look outside the software entirely to the 251 00:12:25.600 --> 00:12:27.039 physical laws of nature. 252 00:12:27.320 --> 00:12:30.120 So if the software is constantly lying to the operators, 253 00:12:30.519 --> 00:12:34.399 they use the physical infrastructure itself as a high integrity 254 00:12:34.399 --> 00:12:39.039 message channel. Yes, physical attestation. You verify a cyber process 255 00:12:39.080 --> 00:12:42.600 by measuring its actual tangible effect on the real world. 256 00:12:42.559 --> 00:12:45.320 Right, and one of the primary tools for achieving this 257 00:12:45.720 --> 00:12:47.120 is the phaser measurement unit. 258 00:12:47.080 --> 00:12:48.240 Or PMU TMU. 259 00:12:48.360 --> 00:12:51.360 These devices are installed all across the transmission grid and 260 00:12:51.399 --> 00:12:55.120 they rely on GPS synchronized clocks. Because they are tied 261 00:12:55.159 --> 00:12:59.960 to Global positioning satellites. Pmus provide incredibly high fidelity micro 262 00:13:00.000 --> 00:13:02.879 grow second level measurements of the alternating current sine waves. 263 00:13:02.960 --> 00:13:05.200 Okay, let's break down the mechanism there. How does a 264 00:13:05.240 --> 00:13:06.840 GPS clock catch a hacker? 265 00:13:07.159 --> 00:13:10.159 Well, electricity travels it near the speed of light. If 266 00:13:10.159 --> 00:13:13.759 a hacker injects false data into a substation's computer, telling 267 00:13:13.759 --> 00:13:17.279 the control center that powerflow is normal, the PMU physically 268 00:13:17.279 --> 00:13:20.919 measures the actual power waves hitting that specific location at 269 00:13:20.960 --> 00:13:24.840 an exact microsecond. Ah I see, the GPS timestamp is 270 00:13:24.879 --> 00:13:27.679 so precise that if the physical wave arrives even a 271 00:13:27.720 --> 00:13:30.519 fraction of a millisecond differently than the software claims it should. 272 00:13:30.879 --> 00:13:33.120 The PMU flags the mismatch. 273 00:13:32.639 --> 00:13:36.000 Because the attacker can fake the software data, but they 274 00:13:36.080 --> 00:13:38.960 cannot fake the physical speed of light across the copper 275 00:13:38.960 --> 00:13:39.919 wire exactly. 276 00:13:40.279 --> 00:13:43.879 It is an incorruptible auditor constantly chicking the math against 277 00:13:43.919 --> 00:13:44.799 physical reality. 278 00:13:44.879 --> 00:13:47.720 That is so clever. And we also see this concept 279 00:13:47.720 --> 00:13:52.159 applied to hardware itself, right with physically unclonable functions or 280 00:13:52.200 --> 00:13:56.480 pus BUS. Yeah, they look at the unique microscopic manufacturing 281 00:13:56.559 --> 00:14:01.919 quirks in a microchip's silicon like affections so incredibly small 282 00:14:02.080 --> 00:14:04.639 they occur randomly during fabrication to. 283 00:14:04.679 --> 00:14:07.559 Ensure a device isn't a counterfeit replacement. You can't forge 284 00:14:07.759 --> 00:14:10.120 random atomic level manufacturing errors. 285 00:14:10.200 --> 00:14:14.320 It is an elegant use of physical imperfection to guarantee security. 286 00:14:14.919 --> 00:14:19.000 And this philosophy extends beyond hardware checks into algorithmic behavior too, 287 00:14:19.159 --> 00:14:21.080 using reputation based security. 288 00:14:21.240 --> 00:14:24.440 Oh absolutely yeah. As the smart grid becomes fully distributed 289 00:14:24.480 --> 00:14:27.360 like that peer to peer freedom system where smart transformers 290 00:14:27.399 --> 00:14:31.039 constantly negotiate with each other, the network starts judging devices 291 00:14:31.039 --> 00:14:32.000 on their past. 292 00:14:31.720 --> 00:14:35.320 Behavior, and there are even sociological methods for building this reputation, 293 00:14:35.360 --> 00:14:36.440 which blew my mind. 294 00:14:36.559 --> 00:14:38.919 Oh yeah, using demographic data. 295 00:14:38.559 --> 00:14:43.080 Right, like household income, square footage, neighborhood averages. Using all 296 00:14:43.159 --> 00:14:47.080 that to predict an expected power usage baseline. If a 297 00:14:47.120 --> 00:14:50.960 house's behavior suddenly and wildly deviates from what is socially 298 00:14:51.039 --> 00:14:54.840 and physically expected, its reputation drops. Yeah. 299 00:14:54.919 --> 00:15:00.480 Algorithmic reputation functions similarly to Byzantine agreement protocols in distributing computing. 300 00:15:00.519 --> 00:15:01.639 Byzantine agreement. 301 00:15:01.759 --> 00:15:04.879 Yeah. In a Byzantine system, a network of nodes has 302 00:15:04.919 --> 00:15:07.840 to reach a consensus, even if some nodes are secretly 303 00:15:07.840 --> 00:15:10.120 compromised and sending conflicting information. 304 00:15:10.559 --> 00:15:13.399 Oh like a group of generals trying to coordinate an 305 00:15:13.399 --> 00:15:15.840 attack on a city, but they know some of their 306 00:15:15.879 --> 00:15:19.519 messengers are secretly enemy spies trying to scramble the orders. 307 00:15:19.679 --> 00:15:22.120 That's the exact concept. So if a solar panel or 308 00:15:22.120 --> 00:15:25.360 a smart transformer gets hacked and starts sending erratic data 309 00:15:25.399 --> 00:15:29.200 that threatens to destabilize the voltage, its reputation score drops 310 00:15:29.240 --> 00:15:31.759 below a certain threshold, and then what the rest of 311 00:15:31.799 --> 00:15:34.480 the peer to peer network effectively votes it off the 312 00:15:34.480 --> 00:15:37.759 island They refuse to trust its inputs. Or share power 313 00:15:37.759 --> 00:15:40.519 with it until its physical state can be verified by 314 00:15:40.519 --> 00:15:41.480 a human technician. 315 00:15:41.879 --> 00:15:45.600 Wow, so what does this all mean? The power grid 316 00:15:45.759 --> 00:15:48.960 is essentially building a credit score for my home appliances 317 00:15:49.080 --> 00:15:51.919 based on how reliably they follow the laws of physics. 318 00:15:52.159 --> 00:15:52.840 Pretty much. 319 00:15:52.960 --> 00:15:56.600 It is an incredibly robust defense mechanism against those Stuxnet 320 00:15:56.639 --> 00:16:00.279 style non deducible attacks. But to use physic as a 321 00:16:00.360 --> 00:16:03.399 light detector to build that behavioral credit score, there is 322 00:16:03.440 --> 00:16:04.960 a massive catch. 323 00:16:04.799 --> 00:16:07.919 A huge catch. The grid has to monitor the physical 324 00:16:07.960 --> 00:16:12.200 flow of power into your home with microscopic precision, and 325 00:16:12.240 --> 00:16:15.759 that level of precision fundamentally destroys personal privacy. 326 00:16:15.919 --> 00:16:18.120 Yeah, because in the past, to know what you were 327 00:16:18.159 --> 00:16:20.799 doing inside your house, someone would have to physically bug 328 00:16:20.879 --> 00:16:24.879 your oven, your fridge, your television. That is obviously intrusive, right, 329 00:16:25.159 --> 00:16:28.120 But the modern grid relies on non intrusive load monitoring 330 00:16:28.360 --> 00:16:29.399 or NIM. 331 00:16:29.799 --> 00:16:33.200 Right. With NILM, nobody needs to install individual bugs in 332 00:16:33.240 --> 00:16:36.720 your house. The smart meter simply analyzes the raw combined 333 00:16:36.759 --> 00:16:39.240 power line entering your home, just the one wire, just 334 00:16:39.320 --> 00:16:43.480 the one Using advanced mathematics, specifically hidden Markov models, the 335 00:16:43.519 --> 00:16:46.720 system disaggregates that single, messy stream of data. 336 00:16:46.799 --> 00:16:49.879 Okay, But how does a hidden Markov model actually separate 337 00:16:50.320 --> 00:16:53.559 my toaster from my error conditioner when they are all 338 00:16:53.639 --> 00:16:55.320 drawing power from the same exact line. 339 00:16:55.360 --> 00:16:58.600 Well, it's a statistical model that looks at sequences of 340 00:16:58.720 --> 00:17:04.240 observable events to guess hidden states based on probability. Every 341 00:17:04.319 --> 00:17:09.079 single appliance has a completely unique power signature, like a fingerprint. Exactly, 342 00:17:09.480 --> 00:17:12.599 the initial massive spike when a refrigerator compressor kicks on 343 00:17:13.039 --> 00:17:16.440 looks entirely different from the steady, continuous draw of a 344 00:17:16.480 --> 00:17:17.759 heating element in an oven. 345 00:17:17.839 --> 00:17:18.359 Oh I see. 346 00:17:18.519 --> 00:17:21.880 The Markov model analyzes the total power draw over time, 347 00:17:22.279 --> 00:17:26.599 identifies the probabilities of those distinct spikes, steady states, and decays, 348 00:17:27.119 --> 00:17:30.680 and mathematically untangles them. It acts like an audio engineer 349 00:17:30.720 --> 00:17:33.319 isolating the sound of a single violin from a dense 350 00:17:33.359 --> 00:17:35.240 recording of an entire symphony. 351 00:17:34.839 --> 00:17:38.000 That is wild. Imagine sitting alone in your house. The 352 00:17:38.039 --> 00:17:40.880 blinds are drawn, the doors are locked, but your smart 353 00:17:40.920 --> 00:17:43.720 meter knows you're making toast at two am. It knows 354 00:17:43.720 --> 00:17:45.880 exactly what time you woke up based on the coffee 355 00:17:45.880 --> 00:17:48.559 maker's power signature. It knows if you left the house 356 00:17:48.599 --> 00:17:51.160 empty or if you're up late watching a plasma TV. 357 00:17:51.960 --> 00:17:55.000 It maps your intimate personal habits minute by minute, just 358 00:17:55.000 --> 00:17:56.920 by watching the physics of your electricity. 359 00:17:57.279 --> 00:17:59.319 Yeah, and if we connect this to the bigger picture, 360 00:17:59.599 --> 00:18:03.880 it becomes clear why standards bodies are deeply concerned. Guidelines 361 00:18:03.920 --> 00:18:07.799 like Nister seven six twenty eight highlight that the primary 362 00:18:07.839 --> 00:18:11.519 threat isn't just foreign hackers shutting down the grid. It's 363 00:18:11.559 --> 00:18:15.160 the fact that utilities are legally collecting this intimate lifestyle 364 00:18:15.240 --> 00:18:17.960 data to make the physics lie detector work. In the 365 00:18:18.000 --> 00:18:21.799 first place. There's a massive risk of utilities selling these 366 00:18:21.799 --> 00:18:26.160 behavioral profiles to third party marketers or law enforcement using 367 00:18:26.200 --> 00:18:29.400 the grid data to deduce activity inside a home without 368 00:18:29.440 --> 00:18:31.160 needing traditional surveillance warrants. 369 00:18:31.240 --> 00:18:34.240 And the only physical defense offered against this privacy leak 370 00:18:34.319 --> 00:18:35.440 is something called load masking. 371 00:18:35.519 --> 00:18:36.920 Load masking which. 372 00:18:36.720 --> 00:18:40.079 Means you install a massive home battery, the house runs 373 00:18:40.400 --> 00:18:43.359 entirely off the battery, and the battery charges from the 374 00:18:43.359 --> 00:18:45.279 grid at a constant, steady reate. 375 00:18:45.680 --> 00:18:48.480 Right Because to the outside world, the smart meter just 376 00:18:48.519 --> 00:18:52.039 sees a flat, boring line of a battery charging, It 377 00:18:52.079 --> 00:18:55.920 completely obscures the distinct readable spikes of your toaster or 378 00:18:55.920 --> 00:18:56.720 your washing machine. 379 00:18:56.759 --> 00:18:59.599 It hides the fingerprint exactly, but. 380 00:18:59.759 --> 00:19:04.240 You utility scale home batteries are incredibly expensive, making privacy 381 00:19:04.319 --> 00:19:07.400 a premium luxury rather than a default right. 382 00:19:08.359 --> 00:19:10.200 So to wrap up here, we started by looking at 383 00:19:10.200 --> 00:19:14.079 a grid that evolved from a massive physical megaphone into 384 00:19:14.160 --> 00:19:17.319 a highly vulnerable peer to peer group chat where every 385 00:19:17.359 --> 00:19:18.440 house has a microphone. 386 00:19:18.480 --> 00:19:18.839 We did. 387 00:19:19.200 --> 00:19:22.599 We saw how traditional military and corporate IT security like 388 00:19:22.599 --> 00:19:26.079 the BLPN BIBA models crumbled because you just cannot build 389 00:19:26.079 --> 00:19:29.279 a firewall between a utility and its customers without breaking 390 00:19:29.279 --> 00:19:30.319 the flow of power that. 391 00:19:30.319 --> 00:19:33.200 You need that two way communication. We also examine non 392 00:19:33.240 --> 00:19:37.200 deducible attacks where hackers perfectly spoofed the physics of the grid, 393 00:19:37.519 --> 00:19:39.839 flying under the radar and blinding human. 394 00:19:39.599 --> 00:19:42.920 Operators, and we saw defenders counterattack by turning the physical 395 00:19:42.960 --> 00:19:47.440 infrastructure into a massive polygraph test using GPS, synchronized PMUS, 396 00:19:47.480 --> 00:19:50.279 and hidden markof models to catch mathematical lies at the 397 00:19:50.279 --> 00:19:50.920 speed of light. 398 00:19:51.240 --> 00:19:54.720 But the exact physical precision required to secure the grid 399 00:19:54.759 --> 00:19:59.119 from nation state hackers requires our own appliances to basically 400 00:19:59.160 --> 00:20:00.559 snitch on our deal habits. 401 00:20:00.759 --> 00:20:04.200