lima headshot

Abedalsalam Bani-Ahmed He received his PhD degree in Electrical Engineering (2017) from the University of Wisconsin - Milwaukee, specializing in the cyber-physical integration in decentralized smart microgrid control systems. Currently, Dr. Bani-Ahmed is a Lead Engineer of Power Systems Cyber-Security at Eaton Corporation, Corporate Research and Technology. His research interests include Smart Grids, Microgrids and DERMS, IIoT communications infrastructure, protocols, cyber-security, and standards, and has published numerous technical journal and conference papers, and white papers on related topics. In addition, he is the chair of the IEEE Smart Grid education committee. He also serves as a reviewer to multiple IEEE PES and IAS transactions, and various international Smart Grid related journals.

In this interview, Salam answers questions from his webinar, Cyber Resiliency & Incident Management for Critical Energy Infrastructure, originally presented on Nov 21, 2019. For more details regarding these questions, please view this webinar on-demand on the IEEE SG Resource Center.

 

Do you have any resilience metric to quantify?

Since we’re dealing with a power system application, the resilience metrics for cyber resiliency can be inherently associated to the security system and the designated emergency response. However, more metrics are yet to be defined in order to quantify our goals, starting with the engineering complexity of the solution, and ending with the response time and a successful mitigation of a system disruption. The slides include a timeline describing the stages of a cyber attack from intrusion to recovery. The time associated to each stage are to be minimized, and they can be used our metrics for the overall resilience against cyber attacks.

 

What does it look like for a system to distinguish between an actual fault and a cyber attack?

SG applications vary in design and physical configuration, this variance dictates application-specific behavior anomalies and potential fault detection. For an actual fault, the root of cause is relevant to physics and unintended operation that can be detected using system meters and status checks. In a cyber attack, same root if cause applies while some anomalies appear on the cyber layer, or within a firmware of a control device (with a significant impact in case of faulty system). For both faults, the result is the same, the only chance to distinguish between the two is the intelligence of the detection mechanism and its capability to convolute detection algorithms for both cyber and physical behavior.

How do you know which system is most resilient or least resilient?

Resilience is mainly identified by design. This question takes us back to the resilience quantified metrics and how can they be projected on our targets. A quick answer to this question would relate to the system downtime and the ability to withstand a cyber attack. A highly resilient system is a system with a response plan that starts from the DERs and going up the ladder to an operator to ensure the availability of the generation components to support the critical system loads, at least. Some system designers may move towards improving resiliency of subsystems with a higher impact and focus on the cyber isolation of a lower impact subsystem.

Do most organizations have IT personnel that are trained well enough to design a capable cyber attack prevention design, or does this typically need to be outsourced to companies that specialize in cyber attacks?

Recently, organizations started to improve their security posture through including more operational engineers into the IT field. I’ve noticed some pushbacks on this approach and train the operational employees on IT security practices in order to focus on their application, instead of broadening their attention to the organizational level. Some organizations may lean towards outsourcing their resiliency efforts, which can be economically unfeasible. Cybersecurity is always driven by cost, and the possibility of overlapping duties of the design and development team, while cyber resiliency is driven by savings.

Give an example on cyber resiliency functions, and who should design it?

Cyber resiliency functions may be included under three main categories. IT related, system-wide incident response, and recovery plans. The three categories may be the responsibility of the same team of engineers, while influencing the system design and improvements. The main function I would start with is the incident response, which includes cyber isolation, physical isolation. These functions can never be fully applied solely by an electrical engineer, or an IT security engineer. A multidisciplinary team is needed to achieve the goals of cyber resiliency.

What are the required skills that could help with the incident response management?

An excellent understanding of the SG application is needed. Electrical engineers must have these skills as they have a better understanding of the system operation and its components, especially those who were part of the design phase. On the cyber side, Industrial communications professionals must have the capability to understand the nervous system of the application, data traffic, and communication protocols as examples. A person who has the capability to understand these two worlds should be a great candidate to build a resilient system, with close collaboration with OT security professionals and field engineers. The main skill would be the ability to speak both languages of cyber and physical engineers.


To view past interviews, please visit the IEEE Smart Grid Resource Center.