Science Progress | Where science, technology, and progressive policy meet
CYBER SECURITY

Tapping the Patent System for Innovation in Cyber Security

Protecting the Electric Grid and Other Critical Infrastructure from Attack

Listen to

Podcast: Play in new window | Right click to download | Find us on iTunes

Government intelligence officials are continuing to warn that a major cyber attack on the U.S. homeland remains a distinct possibility. The nation’s enemies, they say, could target the nation’s power grid, with potentially devastating consequences.

Just the other day, President Obama wrote in a Wall Street Journal op-ed article: “It doesn’t take much to imagine the consequences of a successful cyber attack. In a future conflict, an adversary unable to match our military supremacy on the battlefield might seek to exploit our computer vulnerabilities here at home.”

This is no fantasy. In a 2007 Department of Homeland Security demonstration called Project Aurora, engineers at the Idaho National Laboratory hacked into a 5000 horsepower diesel engine. These engines are routinely used as backup generators in critical infrastructure systems used, for example, in manufacturing.  By hacking into the generator’s embedded control computer, engineers were able to repeatedly trigger circuit breakers, creating massive torque, causing the engine to “shake, smoke and tear itself into pieces.”

Using a similar technique, US intelligence officials allegedly used a computer virus, dubbed “Stuxnet,” to sabotage over 1,000 uranium enrichment centrifuges in Iran in 2010. The potential for malware, such as the Stuxnet worm, to target and exploit industrial control systems, or ICS, used in critical infrastructure facilities such as water systems and power grids is very real

As James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, said recently on the Diane Rehm radio show,

“We’re probably totally unprepared for an attack like this, and there’s been relatively little progress in thinking about how the U.S. could defend itself … People just don’t realize that behind the scenes, there’s this new kind of vulnerability that really puts a lot of things at risk.”

It’s easy to forget that something similar has already occurred in the last decade – though not as a result of enemy action. In 2003, a blackout resulting from human error covered much of the Northeastern and Midwestern states and Ontario, Canada, and caused 11 deaths and an estimated $6 billion loss in production. A large-scale, coordinated cyber-attack could cause much greater damage.

In addition to constant vigilance, the solution lies in innovation and new technologies to help enhance the grid’s resiliency – and in the creation of more incentives, including patent incentives, for companies and individuals to innovate and invest in cybersecurity.

Intellectual property needs to play a major role. And because ensuring critical infrastructure remains secured is a shared societal challenge, additional public policy incentives may be in order to help spur investment. The U.S. patent system should be enlisted to encourage grid-related R&D investments and innovations to reduce the grid’s vulnerabilities in many specific areas, including:

  • Grid protection techniques
  • Failure recognition
  • Response and recovery methods
  • Supervisory control and authentication
  • Data acquisition technologies
  • Grid decentralization

Discussions with investment firm executives and industrial control system security technology vendors suggest that while there has been an increase in cybersecurity spending, it has been targeted toward private IT cybersecurity and smart meters. While these are important, we must not neglect investment in industrial control system cybersecurity to help enhance the resiliency of our power grid and other shared infrastructure.

A simple patent incentive program is one solution that could incentivize research and development, innovation, and investment in critical industrial and grid security systems. A key step would be streamlining the examination and costs of patent applications that focus on technical innovations that decrease grid vulnerabilities—in effect, creating a “fast lane” for protecting inventions that can help secure our nation’s infrastructure. It’s a small step, but this could help improve the revenue stream for innovators by increasing the development speed of their products and technologies.

Creativity and innovation are the best way to protect the network, and intellectual property is the best way to ensure creativity and innovation. This work will require collaboration among computer science researchers, intellectual property professionals, and players in the infrastructure and energy industries to identify, protect, and develop the best intellectual property from the earliest stages of the innovation lifecycle to the latest. We have seen that increased interconnectivity and interoperability produces huge benefits in efficiencies. The smart grid that could emerge as a result of this innovation will be the next step in this interconnectivity and will increase the grid’s resilience to future threats.

Ted Wood is a partner at the law firm of Sterne, Kessler, Goldstein & Fox, where he leads the Grid Industry Group.  He is also a pro bono attorney with the Veterans Consortium Pro Bono program.  Prior to entering the law, he was a Lieutenant Colonel in the U.S. Air Force, where he was responsible for the design, testing, and analysis of many technologies, including threat signal detection algorithms for aircraft electronic combat systems. The views and opinions expressed in this article are those of the author and do not necessarily represent the views or opinions of the Center for American Progress or any of its programs. Interview host: Sean Pool, Managing Editor, Science Progress.

Comments on this article

By clicking and submitting a comment I acknowledge the Science Progress Privacy Policy and agree to the Science Progress Terms of Use. I understand that my comments are also being governed by Facebook's Terms of Use and Privacy Policy.