By David Goddard, Vice President, Smart Grid Solutions, Cisco and Scott Palmquist, Senior Product Manager, Itron
Smart grid security is an increasingly important area of concern for energy producers, utilities and government regulators who want to secure and protect critical infrastructures of national importance.
Recently, Gregory Wilshusen, director of the U.S. Government Accountability Office (GAO)’s information security issues team, classified the “protection of systems supporting our nation’s critical infrastructure, which includes the electric grid, as a government-wide high risk area.”
In fact, almost all of the nation’s critical infrastructure depends on the electrical grid. An attack on the power grid would result in a potential disaster, with far reaching impacts on dependent systems necessary for meeting basic human needs like food, water and communications.
Addressing Critical Grid Concerns
The criticality of the power grid as a part of national infrastructure has been a focus for regulatory bodies. Utilities today are faced with growing demands from regulators to enforce security and reliability requirements for operations, asset management, and physical protection to achieve North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards.
Beyond this, additional pressures arise from proposed federal and state legislation, the governance of Public Utility Commissions and general consumer concerns around data privacy and the threat of malicious attacks.
The sum of these factors have created new challenges and considerations, requiring utilities to ensure complete governance of grid security from generation to delivery and improve response times to documentation and audit requests. And although the overall regulatory landscape seeks to provide a framework for understanding and addressing security concerns, implementation becomes a problem when there is an improper alignment of utilities’ IT security policies and regulatory requirements for grid security.
Security Fundamentals for Smart Grid
At the highest level, the electric grid today is operationally divided into generation, transmission and the distribution system, with various subsystems comprising each of these. Each subsystem is more or less operated in isolation and often built with its own specialized data exchange rules (i.e. proprietary communication protocols).
However, to realize the vision of an interconnected and intelligent smart grid, the various tiers in the grid must communicate via a standard or a common end-to-end protocol. Today, most enterprise and utility IT networks are standardized around Internet Protocol (IP) which enables flexible, secure and scalable communications. Similarly, IP empowers utilities to built end-to-end communications network with a converged infrastructure that can be used for multiple smart grid applications.
For the critical infrastructure to be fully secure and resilient security must be integrated as a fundamental building block of the grid network architecture — it must be “baked into” the design. Cisco and Itron believe that cyber-security challenges facing the power grid can be thoroughly addressed through four network security principles, which work together in layers to provide defense-in-depth.
· Access control, which focuses on strong identity, authentication and authorization for all grid elements including users, devices and applications
· Data integrity, confidentiality and privacy of data exchanged between grid devices like sensors, smart meters, protective relays and utility control centers
· Threat detection and mitigation, which involves the use of proactive security countermeasures such as firewalls, intrusion prevention systems and event logs correlated to identify security breaches
· Device and platform integrity, which ensures that all devices, endpoints and applications are hardened and designed to be resilient against cyber-security attacks
Security Principles in Action
Putting these security principles into action demands a significant amount of internal assessment and documentation. Utilities must begin their efforts by ensuring that the appropriate policies and assessment tools are in place to manage control, risk and vulnerability.
There also has to be a thorough audit and oversight of the existing technology infrastructure, which includes the millions of remote assets and field devices such as meters, transformers and switch gear. The same goes for modernization efforts, including the adoption of two-way communications (which improve power system operation and asset management, but also increases security risks) and the combination of legacy and new devices with long-standing expected service lives.
To illustrate the use of these principles, we can look at the use-case for advanced metering infrastructure (AMI) and see how appropriate technologies help ensure strong security and reliability in the distribution grid.
First, we have to prevent unauthorized individuals from gaining access to sensitive systems and data. Also, every meter and communication node joining the network needs to be authenticated before being allowed access to the AMI infrastructure. We accomplish this by use of standards-based protocols and digital certificates on meters, aggregation routers, network management systems and field tools. This ensures that the access control for the complete AMI network is strong, robust, scalable and operationally manageable.
Next, we need to make sure that utility systems and customer data are aggressively protected against eavesdropping and man-in-the-middle attacks. This is achieved by use of standards-based data encryption and digitally signed messages that guard against data modification by unauthorized users. This is especially important for control commands in an AMI system, such as meter connect/disconnect, network management, and firmware activation.
The entire grid communications network needs to be divided into various security zones as part of a layered design that has increasing security levels. Firewalls and intrusion prevention systems need to be deployed at strategic points to monitor and block malicious traffic.
Another important but often-overlooked aspect of threat detection and mitigation is the use of event logs from meters, routers, and head-end applications. These event logs from different parts of the grid need to be collected and correlated in real-time to identify security incidents, enabling a quicker and more coordinated response.
The impact of the power grid on our national infrastructure will continue to shine a spotlight on the importance of end-to-end grid security. As utilities work to meet the demands of various parties, they will require the proper technologies to help make this effort seamless. Solution providers need to provide critical infrastructure-grade security to control access to critical utility assets, monitor the network, mitigate threats, and protect grid facilities. These solutions must enhance overall network functionality while simultaneously making security easier and less costly to manage.
Dave Goddard leads the global Smart Grid Solutions Enablement team within Cisco Services. He is responsible for all Service aspects from Cisco’s Smart Grid strategy and solution creation to delivery and support. Dave has been involved with Cisco’s Smart Grid strategy from its infancy. In his prior role, he was responsible for Technical Service’s Security Research and Operations team and lead a team that was instrumental in designing and establishing the viability of key components of Cisco’s Smart Grid architecture and security. Dave has been with Cisco for over 16 years. He has held various roles in the European and US theaters.
Scott Palmquist is the Senior Product Manager for Smart Grid Security at Itron. He has more than 30 years of experience in networked systems starting with Systems Network Architecture in the 1980s’ with NCR to IP in the 1990s with Cisco Systems. Before Joining Itron, Scott was the Senior Vice President of Product Management of a venture backed security company specializing in Ethernet and IP communications security.