Cybersecurity: A Key Smart Grid Priority
- Written by Himanshu Khurana
While smart grid systems hold the promise of an electric grid with increased reliability and efficiency, they also increase the risk to the control systems from cyber attacks. Mitigating the risks from such attacks requires substantial changes to design and development processes so that security is built in from the ground up rather than addressed in a limited way as an afterthought.
Critical infrastructure systems—such as the North American electric power grid—are undergoing significant modernization involving increased use of computer and communication systems. Radical changes in processes and procedures require the identification and common understanding of the role cybersecurity plays as a smart grid priority in the context of the other major power systems priorities: namely, reliability, economics, safety and equipment protection.
Electric grid reliability focuses on ensuring continuous delivery of power to customers in the presence of contingencies and failures. For example, the Western Electric Coordinating Council's minimum operating reliability criteria state that "the interconnected power system shall be operated at all times so that general system instability, uncontrolled separation, cascading outages, or voltage collapse will not occur as a result of any single contingency or multiple contingencies of sufficiently high likelihood." Commonly, such criteria are referred to as "N-1" criteria, which address the probability of failure by requiring the system to deal with the failure of "1-out-of-N" components applicable to a particular system or subsystem. For example, in a system of N generators, the expected output should address the possibility of one of those generators failing. A significant amount of resources are dedicated to monitoring, analysis and control of interconnected grid systems to ensure such reliability. On occasion, however, these systems do fail, resulting in blackouts and significant economic and other losses.
Cybersecurity risks come into play in two ways. First, they introduce a new failure mode for the components, in that malicious actions may lead to the compromise or unavailability of a critical component, thereby impacting reliability.
Further, cyber risks also call into question the assumptions of what constitutes a "high likelihood" contingency. History provides evidence that multiple simultaneous, non-malicious failures are very rare. But a study of cyber attacks against Internet and other systems indicates that malicious, coordinated attacks focus precisely on this notion of simultaneously exploiting and replicating multiple failure modes to cause maximum damage against targeted systems. Consider an adversary that is able to open relays in multiple substations leading to a cascading failure. This argues for the need to carefully analyze how cyber security requirements impact reliability criteria and considerations.
The economic issues of the electric grid span planning, design and operations of power systems, pricing of services and design and monitoring of electricity markets. The priorities here are to ensure the continuous and available operation of fair and competitive markets, electricity delivery systems and services, all the while focusing on the cost-effective delivery of electricity to consumers on a long-term basis. Cyber risks affect this priority in a significant manner. Market operations are conducted over computer and communication networks that are potentially vulnerable to denial-of-service attacks. More subtly, unauthentic market transactions can lead to unexpected market behavior, as was observed in the Flash Crash of the United States stock market on May 6, 2010, when a single, large, unplanned trade led to a 900-point loss in the Dow Jones Industrial Average.
The safety of personnel and equipment involved in the operation and use of electric grid systems and customers is of prime importance to the grid. To ensure safety, grid systems employ measures ranging from special purpose equipment to appropriate training and procedures. Cybersecurity concerns here are potential cyber attacks that can lead to equipment damage and possibly impact human life as a consequence. In 2007, the staged Aurora attacks demonstrated how a generator could be manipulated to self-destruct using computer and communication systems connected to that generator. Last year, the Stuxnet attack provided another vivid example of the vulnerability of power system controls to intrusion and manipulation. To address such concerns, equipment protection needs to include protection from cyber attacks; especially when the equipment is critical to grid operations and personnel safety.
What is more, cybersecurity issues intersect these economic, reliability and safety aspects. Today, for example, cybersecurity regulation of the bulk electric system is limited to the transmission system, keeping both reliability and economic aspects in mind. As smart grid systems get deployed, the aggregate amounts of energy managed by demand response and similar applications could be as great as the amount of generated energy traditionally fed into bulk transmission electric systems. So there is a need to consider such controls&mdashand possibly rules&mdashin terms of cybersecurity.
As another example, consider a cyber attack that leads to a transformer failure. Given the lead times required to replace transformers and their critical role in electricity delivery, such an attack would impact multiple aspects of the grid and, therefore, needs to be considered from
Addressing cyber risks involves the use of appropriate cybersecurity tools and techniques that are aimed at achieving three primary properties: namely, confidentiality, integrity and availability. Confidentiality is the property that ensures only authorized entities get access to sensitive information. Integrity is the property that ensures any unauthorized modifications to data and information are detected. Availability is the property that ensures critical systems and information are available when needed.
For critical infrastructure such as the modern electric grid, availability and integrity are typically considered to be more important than confidentiality. A common approach to satisfying these properties is to design, develop and deploy cybersecurity technologies for protection, detection and response. Protection systems instrument security components, such as key management, authentication and authorization, and perimeter defense helps ensure the three properties against a range of attacks. Secure software and hardware development techniques are also an essential form of protection but, given the complexity of today’s systems, vulnerabilities are likely to remain that can be exploited by adversaries, despite the use of advanced protection systems. To deal with this, detection tools are employed that observe network and system behavior to identify malicious activities and attacks. Lastly, response tools are employed to enable administrators to deal with detected attacks and activities.
Collectively, these protection, detection and response systems create an ecosystem wherein secure and trustworthy operations can be executed. Technical systems such as these typically are deployed in conjunction with appropriate training and development of well-defined processes to provide a comprehensive solution.