Big Ideas Lab - Skyfall
Episode Date: May 5, 2026Scientists are simulating cyber attacks and system failures on real-world energy infrastructure - without ever putting the actual grid at risk. This is Skyfall at Lawrence Livermore National Laborator...y. From real-world incidents like the Ukraine power grid cyberattack 2015 to cascading failures across interconnected systems, this episode explores how cyber-physical incidents can disrupt critical infrastructure in the United States - and how scientists at Skyfall are working to understand and prepare for them. Researchers are using simulation, AI and new approaches like the immune infrastructure framework to understand those risks - and design systems that can adapt and recover when things go wrong. Guests featured (in order of appearance): Nate Gleason - Cyber and Infrastructure Resilience (CIR) Program Lead, LLNL Vaibhav Donde - Associate Program Lead, CIR, LLNL Colin Ponce - Computer Scientist, CIR, LLNL -- Big Ideas Lab is a Mission.org original series. Executive Produced by Levi Hanusch. Sound Design, Music Edit and Mix by Matthew Powell. Story Editing by Levi Hanusch. Audio Engineering and Editing by Matthew Powell. Narrated by Matthew Powell. Video Production by Levi Hanusch. Brought to you in partnership with Lawrence Livermore National Laboratory. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
Transcript
Discussion (0)
Ukraine, 2015.
Inside a grid control center, operators monitoring the flow of electricity heard something they couldn't explain.
Then they didn't just hear it.
They saw it.
The cursor was moving, clicking.
But no one was touching it.
They watched.
Frozen.
as someone else moved through their system.
Opening breakers, one section, then another, almost random, chaotic,
until a city of 200,000 completely lost power.
For the first time at this scale, a cyber attack didn't just steal data.
It reached out and turned off the infrastructure on which the nation depends.
It's the stuff you don't think about until it doesn't work, and then it's the foremost thing on your mind.
What happens when the systems we trust are taken over by malicious actors?
When bad software turns off energy or telecommunication systems.
At Lawrence Livermore National Laboratory, there's a place designed to answer that question and prevent it.
A place where scientists don't just study failure, they build it.
This is Skyfall.
Welcome to the Big Ideas Lab, your exploration inside Lawrence Livermore National Laboratory.
Hear untold stories, meet boundary-pushing pioneers, and get unparalleled access inside the gates.
From national security challenges to computing revolutions, discover the innovations that are shaping tomorrow.
Today.
When you decide to sit down in your home, there's no hesitation as you put all your
faith into that chair you've used time and time again.
One small contained system of trust.
Now imagine that trust at scale.
Traffic lights, data centers, hospital equipment.
Things made possible through essential energy systems we use every.
every day. Energy systems deemed critical by the U.S. government.
The U.S. has defined 16 critical infrastructure sectors.
Nate Gleason is the program leader for the Cyber and Infrastructure Resilience Program at Lawrence
Livermore.
Energy is a critical infrastructure sector that's your power grid, your oil and gas pipelines.
It's basically the structure that allows a society to function and do the things that we
need to do.
To meet the needs of society, these energy systems are complex,
interconnected and increasingly controlled by software.
But when that software fails, it can have devastating consequences.
Ukraine says hackers are behind a big power outage in that country.
The lights went out for hundreds of thousands of heat.
Russia appears to have figured out how to crash a power grid with a click.
One year after the 2015 Ukraine energy grid was hacked, the attackers returned.
This time they didn't need to control a mouse.
had built something else.
The Ukrainian government saying that they've come under at least 10 major cyber attacks
that forced a blackout of more than 100 cities across this country, saying that a virus
was responsible for that rather large blackout that took place.
Software.
The attacker created custom malware that infected the networks of the Ukrainian power companies,
causing them to, again, open up the breakers and cause the power out.
Not the access and chaos of the first attack.
This was control.
It was directly speaking the language of the industrial control systems
as opposed to basically just getting a password and remoting into a system.
What we saw in the first attack is people with good cybersecurity knowledge
were able to penetrate the defenses.
But once they got in, they were just clicking around randomly.
They were just causing chaos.
In the second attack, when you have a malware that's actually speaking the language of the devices,
on the system, that indicates a greater level of understanding.
In that moment, the world was exposed to a new kind of cyber attack, one intentionally directed
at physical infrastructure, forcing a new question.
Would that work in the United States?
If that same attack were perpetuated on California's grid, what would the impact be?
We were tasked to simulate that.
But there's a problem.
You can't just shut down a city to test the system in real condition.
and no single company can test failures at that scale.
Scientists needed to speak the language of the grid, but in a place outside the live system.
So they created skyfall.
A test bed at Lawrence Livermore that connects real-world equipment with high-performance computers.
A power grid hardware, convinced through software and voltage signals that it's the real grid.
What they call hardware in the loop.
in the loop. What Skyfall is at its core is we can take actual hardware that exists in real
critical infrastructure and then leverage the high-performance computing simulation environment of the lab
to simulate the broader system that that hardware exists in. Not in theory, in practice.
Skyfall takes data from that simulated environment, converts it into real electrical signals,
feeds it to that equipment the way it would if it were out in the field,
returns a response, that goes back into the simulation.
So it lets us take those real devices and make them think they are on the grid.
The same mechanism that makes attacks possible is also what makes defense possible.
Scientists at Skyfall take these abilities and play out worst case scenarios in a simulated environment.
We play out these scenarios.
We say, here's the stuff we think the adversary is thinking about.
here's some of the capabilities we've seen out in the wild.
What would it look like if those were on our system?
The really cool thing, though, is we can also do that in reverse.
Scientists at Skyfall don't have to begin at the same point attackers would in their simulations.
They can also start with the part of energy infrastructure they don't want shut down and work
backwards to see what critical systems they need to protect.
We can start with the consequence.
Say, San Francisco loses power for a week.
that's our consequence. Then we can run our models backwards and say, what are all of the ways
that we could have gotten to that consequence? This is what we think the adversary wants to achieve.
What are all the different tactics they might try to try to achieve that goal? It really aids the
defense in being able to understand and anticipate the whole universe of what the adversary might do.
The way this software can reach into the physical world is exactly how Skyfall ended up with its name in the first place.
From the James Bond movie, Skyfall was the first mainstream movie that prominently featured a cyber attack causing physical damage on critical infrastructure element as a major piece of the plot.
This island hacked into the environmental control system, locked out the safety protocols and turned on the gas.
Looks like obfuscated code to conceal its true purpose.
Security through obscurity.
Just the point and click.
Skyfall sounds awesome.
There were other ridiculous names.
One of my colleagues very wisely at the time said,
Nate, imagine one day, years from now, having to testify in front of Congress,
pick something that you would be okay saying in front of Congress.
Outside of Hollywood, it's not a single villain against a system.
It's weather events, equipment failure, software errors.
So what happens when they all collide?
Bad days on the grid can take a lot of different flavors.
It's not just bad guys that can cause problems.
August 2003.
On a stretch of the grid in Northern Ohio, high voltage power lines sag under a heavy load.
They brush against overgrown trees and shut down.
At just the wrong moment.
Other lines take the extra load and also begin to fail, pushing even more strain onto
the next and the next.
One by one, failure upon failure.
till 50 million people had lost power across the United States and Canada.
This is cascading failure.
It's all the history of events happening.
They will add up and something big will happen.
YPao Dande is the Associate Program Leader for Energy Infrastructure Modernization
in the Cyber and Infrastructure Resilience Program at Lawrence Livermore.
Certain threats are not obvious, what we call Incipient Falls.
A small early stage problem in a system that hasn't fully failed yet.
It's not a short circuit.
It's not anything big that happening.
So why would I care about that?
It's not damaging the system.
It's not unsafe for humans who are indeed interacting with the systems.
But if you take the long-time series of events happening, you will see a small spike, another small spike, spike, spike, and then it goes boom.
Just like the Northeast blackout of 2003.
A tree touching a power line, there is wind and the line is touching the branches and nothing happens.
There is a little spike in the measurements.
But eventually the branch will burn and there is arcing and that will cause a cascading of devices and circuit breakers and switches which are installed on the power lines.
One disconnects the line that causes other parts of the lines and system to get overloaded.
This is that domino effect?
It doesn't take a massive failure, just the right sequence of small ones.
And if someone understands that sequence, they can recreate it.
What a really bad day would be, let's say we're sitting in the middle of summer and electricity usage is really high.
Everyone's got their air conditioner on.
A cybertack comes in that takes out a major transmission line, takes out a generation facility.
And suddenly we have a power outage.
that affects a large portion of a region.
If that's coupled with additional attacks,
if you imagine a sustained campaign by an adversary,
theoretically you can have a cascading power outage,
something similar to the Northeast Blackout back in 2003,
but done intentionally if you know what you're doing.
Not every threat looks like an attack.
Some of them don't announce themselves at all.
A couple of years ago,
we had discovered some of the security cameras
that were manufactured by Chinese companies.
Our examination in these devices found
that these security cameras had a lot of extra features in them.
Encrypted video sent back to Chinese servers,
quietly serving as backdoors into the network.
One of the things we do in Skyfall is find those vulnerabilities,
mitigate them or make sure that people know not to put those devices in their system.
So how do you defend a system where failure can come from anywhere?
and everything is connected.
How do we harden our systems?
How do you understand the systems?
Harden them in such a way that we minimize the possibility of bad things happening.
And if they do happen, then how do we make sure that these systems, critical systems, get back to life as quickly as possible and as nicely as possible?
The answer isn't bigger systems.
It's smarter ones.
Systems that feel a little bit like magic.
I always kind of wanted to be a wizard.
Who hasn't?
Colin Ponce is a computer scientist at Lawrence Livermore.
And I decided that given that fantasy magic isn't real,
I wasn't going to be able to probably achieve that particular career goal.
But through Skyfall, Colin gets close.
Being able to teach computers to do things for me
was the closest that I could get.
Specifically through AI at Skyfall.
The AI is consistently,
learning from the data it's given.
And over time, those patterns explain threats and predict them.
It feels like magic sometimes, but they're not.
What they do is they learn patterns.
They learn the patterns in the data that you give them.
While scientists at Lawrence Livermore are using AI, so are potential adversaries.
If there's an AI tool that is designed to, say, attack the grid, how scary is that?
If there's something that keeps me up at night, it's that we are in an automation race.
Our adversaries are leveraging this technology to automate their attack workflows.
They're doing the same kinds of stuff that they would have been doing before, but faster and at bigger scale.
And we're trying to leverage this technology to automate our defense workflows.
I don't know right now who's going to win that race.
That's exactly why Skyfall is needed.
How do we design and architect our system?
So even if the adversary wins, we're still okay.
That's a really exciting area of research that leverages a lot of the,
innovations in artificial intelligence.
At Lawrence Livermore, this approach has a name, immune infrastructure.
The idea that you can build big, strong fence around your system and keep the adversaries out
just isn't realistic.
So instead, what immune infrastructure is, it's a layered approach designed to make it
as difficult as possible at every step for the adversary to achieve their objectives.
The analogy I compare this to is the Terminator movies.
You have the original Terminator.
You shoot them is very robust, but eventually,
he breaks.
Come with me if you want to live.
Then you have the next generation Terminator that's that liquid metal.
A T-1000.
Advanced prototype.
Mimending polyalloy.
Liquid metal.
So you shoot him, there's a hole that appears.
It just fills right in.
And he keeps going.
That's what we're trying to do.
Rather than make a system that can take a beating,
it's take the system that can dynamically adapt to the different threats.
Whatever you care about the most, you can still protect.
The tools are evolving on both.
sides. AI isn't just shaping how we're attacked. It's shaping how we defend. The systems that
power our world can be turned against us. But they can also be understood, tested, and protected.
Work that could not happen without the team at Skyfall. When you think about cybersecurity of
critical infrastructure systems, in order to either effectively attack one of those systems or
effectively defend a system, you've got to have a complex set of knowledge, all to
together in one team.
Because understanding the live system is the first step to keeping it running.
That's sort of the theme that runs through the program.
These are not just academic scenarios.
These are real world scenarios and the kind of things that we see happening in the world.
The kind of work that depends on every detail, every perspective, every discipline, even down
to the name.
The funny thing was, I did have the opportunity to testify in front of Congress and had
used the name Skyfall. I'd like we picked a name that wasn't silly. Thank you for tuning in to
Big Ideas Lab. If you loved what you heard, please let us know by leaving a rating and review. And if you
haven't already, don't forget to hit the follow or subscribe button in your podcast app to keep up with our
latest episode. Thanks for listening.