Continuity & Change: Assuring Proactive Security, Defense, and Resilience Among Automation & Digitization
By Massoud Amin
The US senate passed cyber-security bill in summer 2019, with bipartisan support, to learn from how cyber-attacks in Ukraine were limited in their spread -- to incorporate and bring back old technologies including analog breakers and switches in order to better protect the system and halt rapid spread of cascading failures.
In summary, the US Senate cybersecurity bill aims to decrease grid digitization, and move toward manual/analog control:
- “… replace automated systems with low-tech redundancies to protect the country's electric grid from hackers…”
- "…identify new classes of security vulnerabilities and to research and test solutions, including "analog and non-digital control systems."
- A companion bill has been introduced by bipartisan sponsors in the House of Representatives.
While at first glance this bill may seem to imply a reverse in the swing of the pendulum away from digitization and progress, it is not, if we take a holistic systems’ approach informed by dynamic probabilistic risk, and by stochastic optimization of the mix and placement of protection devices and sensors. Reminding here that dynamic optimization allows the system to continually reconfigure itself to maximize system performance and minimize or prevent disturbances. A powerful approach particularly when fused with high-confidence forecasting, foresight, and system/topology identification.
The benefits from smart grid applications such as this, go well beyond increasing the reliability and security of electricity supply, while its attributes include digitalization, flexibility, intelligence, resilience, sustainability, and customization.
While our founding vision of a smarter, more secure, resilient and self-healing infrastructure has been to judiciously incorporate digitization – with security built-in as a design criteria instead of gluing it on as an afterthought – this has not been the primary or secondary force for digitization. Digital devices have been widely installed due to cost and the rush to accelerate some aspects of modernization, lacking a more tactical yet strategic approach, which is essential and cost-effective.
The power industry should promote the application of widespread condition monitoring, integrating condition and operational data, which benefits real-time system operations in terms of asset utilization and graceful replacement of stricken assets. The alternative of “fix-on-fail” approach is clearly dangerous and costly.
Users though cannot handle large amounts of data from various sensors, due to O&M concerns. Existing advanced metering infrastructure (AMI) and intelligent electronic devices (IEDs), basic sensors plus existing IEDs (e.g., protective relays) can provide sufficient information for condition-based maintenance. In the same sense, adding centralized and distributed intelligence to our electric grid with security built-in can substantially improve its efficiency and reliability through increased situational awareness, reduced outage propagation and improved response to disturbances.
As the digitization of society continues to expand, it becomes increasingly critical to invest in R&D for electricity, following the trend that the world's electricity supply will need to triple by 2050 to keep up with demand. Efficient markets, idealized grid-pervasive demand-response, rapid real-time, end-point control, smart peripheries and fully coordinated networks of microgrids, synergistic electrified transportation, green and automated distribution systems, and efficient AC-DC transmission systems will soon be or need to be the norm. Only thus may we meet the demands of a pervasively digital society in the face of extreme events and climate change while maintaining a growing civilization.
A dynamic risk landscape requires annual updating to ensure the protection of pertinent assets. End-to-end electric power network, grid communications, and control systems are often perceived to be much more securely protected than is actually the case. Physical protection of these assets is impractical unless we consider a thorough redesign. Alternatively, an honest 360 assessment of the dynamics of complex interdependent networks in order to enable stronger, greener, more secure and resilient networks of energy and commerce, should be preferred. To this end, cybersecurity challenges and opportunities in this framework have been closely identified since 1998, and progress toward a smart end-to-end system has been vigorously sought for.
The one generalization we can make, however, is that this pursuit has some common characteristics worldwide. Additional, location-specific steps based on rational risk assessments are less critical and can be handled case by case.
Asset management as a means for operational efficiency is financially intensive. This fact underscores how a holistic approach is required, in a way that can balance investments in all grid assets (towers, switches, system controls, operational security, substations, etc.). R&D is a tool which will point to sustainable paths, but also needs to motivate the next electrical engineers’ generation who combined with experience will more spherically aim to an all-round asset management approach.
Security: In More Depth
As a practical matter, electrical systems must be structured to withstand temporary loss of physical components, just as they must operate through spontaneous local outages; but that depends on defending control and communications against cyber-attacks, be they terroristic, military, or criminal.
At the end of the 1990s, before and after 9/11 (when I became responsible for R&D on all infrastructure security and protection at EPRI), we reached out to utilities and their vendors to share relevant information and develop action plans, employing various strategies. These including new designs for recovery transformers and long lead-time equipment (which were no longer manufactured in N. America), securing the sensing and communication networks, critical asset protection, "red team" studies, insider/human and enterprise-wide security assessments, and more to identify several types of grid vulnerabilities including: Physical, cyber, human factors, social engineering, and open-source information among others.
Furthermore, currently more than 90% of successful cyber-attacks take advantage of known vulnerabilities and misconfigured assets.
In part, the problem stems from originally stand-alone communications networks, later connected to the Internet without security protocols, which also require handling all different and diverse solutions and assets. Furthermore, a wide assortment of communications media is used to access the control equipment, thus, adding more vulnerabilities.
Federal Energy Regulatory Commission and the U.S. DOE have stated that the ability to resist attack – by identifying and responding to disruptions caused by sabotage – is one of Smart Grid’s seven crucial functions and policies and standards need to be put in place.
Pathways forward: Smart Grid Security Needs -- Layered Security
In order to protect electric infrastructure from the threats outlined above several layers of security are needed to minimize disruptions to system operations. It exponentially increases the cost and difficulty for an attacker to compromise a system by creating a much stronger defense than the use of any individual component alone, thus, reducing the likelihood of an attack.
Layered security (aka “Defense in Depth’) need also be considered when accounting for the threats per se. One security feature alone, such as encryption, will not be able to cover all possible security threats. Physical and multiple standard IT and OT security features will be needed. Similarly, smart meters must be able to detect even the most subtle unauthorized actions.
Additional consideration must also be given to both the cost and impact that the security features will have on AMI system operations, while making them also sufficiently robust. Due to the increasingly sophisticated nature and speed of malicious code, intrusions, and denial-of-service attacks, a human response may be inadequate, and an automated response may be required. Of course, employees must be screened and trained, and emergency procedures must be rehearsed and drilled.
Physical assets need to be evaluated in terms of criticality and vulnerability to intrusion. IT security must include protection of wired and wireless networks and assessment of firewalls and process control systems, among other things. Very high-level mathematical modeling is required to guard against false data injection, detection of stealth attacks, risk estimation, and impact analysis.
In summary, the key recommendations for public policy stakeholder and readers of this article are:
- Support holistic, integrated approach in simultaneously managing a fleet of assets to best achieve optimal cost-effective solutions addressing the following: Aging infrastructure, Grid hardening (including weather-related events, physical vulnerability, and cyber security) and System reliability.
- Urgently address managing new Smart Grid assets such as advanced metering infrastructure (AMI), digital relays, power-electronic inverters, and intelligent electronic devices.
Security, Privacy, and Resilience
- Facilitate, encourage, or mandate that secure sensing, “defense in depth,” fast reconfiguration and self-healing be built into the infrastructure.
- Mandate consumer data privacy and security for AMI systems to provide protection against personal profiling, real-time remote surveillance, identity theft and home invasions, activity censorship and decisions based on inaccurate data.
- Utilities should reduce or eliminate the use of wireless telecom networks and the public Internet as such uses increase grid vulnerabilities.
- Improve sharing of intelligence and threat information and analysis to develop proactive protection strategies, including development of coordinated hierarchical threat coordination centers – at local, regional and national levels. This may require either more security clearances issued to electric sector individuals or treatment of some intelligence and threat information and analysis as sensitive business information, rather than as classified information. National Electric Sector Cybersecurity Organization Resource (NESCOR) clearing house for grid vulnerabilities is an example of intelligence sharing.
- Speed up the development and enforcement of cyber security standards, compliance requirements and their adoption. Facilitate and encourage design of security from the start and include it in standards.
- Increase investment in the grid and in R&D areas that assure the security of the cyber infrastructure (algorithms, protocols, chip-level and application-level security).
Summarizing this article by using old proverbs:
- “Don't throw the baby (read old analog/manual control) out with the bathwater (modernization/digitization with newer technologies)" it is an avoidable error: Use methods noted herein
- “Measure twice (dynamically and on-going) with look-ahead high-confidence foresight/simulations and cut once (protection kicking in)” use improved sensors and better analytics to double-check measurements for accuracy, gather better proactive situational awareness and actionable intelligence!
For more information/resources: Please visit the IEEE resource center for pertinent and more detailed information, including the U.S. President’s Quadrennial Energy Review (QER) report (pages 50-66 on asset management and security, which this author led and authored), along with non-sensitive distilled, please contact the author.
Dr. Massoud Amin, IEEE and ASME Fellow, is a professor of electrical & computer engineering (ECE), and a University Distinguished Teaching Professor at the University of Minnesota. He is widely credited as being the father of the smart electric power grid (https://tli.umn.edu/tli-blog/inspiration-behind-smart-grid-series-defining-moments), and a cyber-physical security leader, who directed all security-related R&D for North American utilities after the 9/11 tragedies.