Thinking Outside the Grid: Q&A with Anu Narayanan


Mar 5, 2020

Engineer Anu Narayanan at the RAND office in Pittsburgh, Pennsylvania, January 21, 2020, photo by Jim Mendenhall/Pro Photography Network

Engineer Anu Narayanan at the RAND office in Pittsburgh, Pennsylvania, January 21, 2020

Photo by Jim Mendenhall/Pro Photography Network

Anu Narayanan is a specialist in what-ifs. She's an engineer at RAND whose research focuses on critical infrastructure and national security. Her work has helped the military assess and build resilience to a range of risks to missions and installations, including those from adversary attacks, critical infrastructure failures, and climate change. Some of her most recent research has looked at the power grid: What if a cyberattacker tries to take it down?

She studied math as an undergrad, worked for a time as a computer programmer, then joined a program at Carnegie Mellon University that pairs technical training with public policy. At the time, the industry was buzzing about the future “smart” grid. She started looking at how to minimize risk to the power supply as the grid becomes more automated, work that continues today. “We've built our lives around this commodity,” she says. “Any risks that it faces are not going to be niche problems.”

How vulnerable is the grid today?

There's really a whole spectrum of threats and hazards. The grid is becoming more automated, with more smart technology to make it more efficient, but that also increases the attack surface for adversaries. At the same time, it's facing more climate-related effects, natural disasters, and ongoing issues that stem from human error. And a lot of the infrastructure is just old.

Your latest report looked at what the military can do to deter attacks on its power supply. What made you want to answer that question?

Over the past few years, we've been doing research for the U.S. Air Force, looking at what it can do to boost the resilience of the power supply to its bases. For the most part, the military uses the same commercial grid that we all rely on, and we had been looking at what it can do inside the fence line to improve mission resilience to power disruptions. We wanted to look outside the fence line, at what the military can do to help safeguard the grid from attack. Because this project was not funded by a research client or sponsor, we were freed up to pose those different questions and pursue different angles.

What did you find?

We explored two categories of potential response. The first is to strengthen the grid itself and boost its reliability—for example, by striking agreements with grid operators. The idea is to signal to the bad guys, “Come at us if you want, but look, we're doing all these things to strengthen our resilience to disruption, so you're not going to have the effect you desire.”

The second aspect we looked at is cost imposition: “If you attack us, there's going to be retaliation, there are going to be consequences.” One of the key problems there is attribution. It can be hard to pinpoint the bad actor in a cyberattack. But that really determines what levers you can pull under international law. We tried to constrain some of that ambiguity, to say, “Depending on who is attacking, who is being attacked, and the severity of the attack, here's a set of options.”

What made you decide to focus your research on the electric grid?

What's interesting for me always is how ubiquitous electricity is. It's not like there's some subset of the world that doesn't need electricity. It's everywhere, all the time, and we have made ourselves so inextricably linked to this asset that, if we lose it, life comes to a grinding halt. We assume the lights will work when we want them to, but what happens if they don't?

If we lose electricity, life comes to a grinding halt. We assume the lights will work when we want them to, but what happens if they don't?

Share on Twitter

I grew up in India until I was 11 years old. We lived on an island, so we were very familiar with cyclones. I lived through a couple of pretty large-duration power outages, so I know how bad it can be. What appeals to me as a researcher is looking ahead and saying, “Depending on where in the world you are, things might look pretty good now, but we've got a looming climate threat, we're seeing the intensity and frequency of disasters increase, we've got this question of cyberattacks. How might things change? And how do we respond?”

What do people misunderstand about the grid?

People sometimes think of it as this monolith. But there's not one massive entity sitting at the top of it making everything work, like an electricity god taking care of us all. It's such a complex set of systems that have to work together every single day. That's sometimes opaque to the average user. Plus, you don't worry about things breaking; you just take for granted that the power's always on. But it could very easily not be, and I think this fragility sometimes gets overlooked.

What's next for you?

I'm drawn to the boundary between national security and critical infrastructure. I do a lot of work that looks at the resilience of military installations more broadly, not just related to electric power disruptions.

I'm increasingly tilting toward national security and climate change: As we look ahead at how to harden these installations, let's not just think about missile attacks or cyberattacks; let's also think about the very real consequences of climate change. Building on the work of others at RAND and elsewhere, we're working on a tool that shows climate projections and climate effects for different installations around the globe, to help military decisionmakers account for these risks as part of their short- and long-term planning.