By Partha Datta Ray, Albeado Inc.
The cybersecurity posture required in traditional enterprise business systems does not differ substantially from vertical market to vertical market. Why, then, does it have to be different for electric utilities in the smart grid age?
The answer to that question is already understood to be multifaceted, and additional aspects likely will reveal themselves during the next decades of smart grid deployment.
The big difference between the cybersecurity demands associated with the smart grid and those of other communication and information networks is that a smart grid security breach sometimes could lead to unsafe situations in which things could blow up and people could get hurt.
If a substation is configured wrongly as a result of erroneous information being shared, things could go wrong. The safety of utility personnel and nearby inhabitants is at stake, and the reliability and stability of the entire power grid could be jeopardized. Even when compromised, typical information technology (IT) systems do not put safety and whole economies directly at risk. Notable exceptions include health care and financial infrastructure.
In the emerging smart grid, accommodations must be made for the direct safety impact and mission-critical nature of the end devices to be connected. Residential connections powering medical life support systems need to have the same security and reliability criticality as a typical hospital utility connection.
Conventional information technology (IT) restoration measures like rebooting a component are usually not acceptable for the power system. In most cases, power operation systems cannot be easily restarted without adversely affecting power generation or delivery, thereby compromising high availability, reliability and maintainability requirements.
In the smart grid, we are overlaying a communications and information network on top of a power grid system in which intelligence is an evolving attribute. Industrial control system applications for power generation, transmission and distribution are being integrated with the utility’s IT systems for corporate and business networking. Such integration in its own right demands a different cybersecurity posture.
Interplay of Security, Reliability and Stability
In the smart grid, cybersecurity, grid reliability and grid stability can be intertwined in multiple ways—not all immediately apparent. Sometimes reliability problems like power equipment failures or severe weather can cause adverse stability events, and all stability problems can jeopardize system reliability. Some security breaches can harm the reliability and stability of the power system, and the detection of an intrusion can be delayed if it mimics a conventional reliability or stability problem. The relationship among the three attributes is circular; improving one enhances the other two.
As an example, a unified security analysis can offer opportunities to information security implementations by leveraging solutions that the power system operations have been using for decades to manage the reliability of the power grid. Existing monitoring and response methods and technologies deployed to protect against inadvertent security problems, such as equipment failures, operational errors and natural disasters can now be extended to include deliberate cyber attacks and security compromises resulting from the emerging convergence of business IT and power system operation technologies. Reliability and security analytics along with decision intelligence distributed across the grid are expected to analyze such events, predict correlated consequences and provide intelligent, systematic and coordinated responses on a real-time basis. Consequently, security of the smart grid will be best addressed as part of an integrated, end-to-end approach that also takes into account reliability and stability.
Hence, the security solution for the smart grid cannot assume a flat, static posture. Security is not an end state—it must continuously adapt to events across integrated domains.
Adaptability to Application Types
Not only are the stakes higher in securing the smart grid, the fundamentals of the job are different, too. Historically, in industrial control systems, critical information exchanges have always been through dedicated, point-to-point network infrastructure based on proprietary technologies and obscure interfaces. The system did not have touch points with other traffic in the business sphere of operations. Such isolation and obscurity provided inherent security. In the smart grid, a utility’s industrial control systems will be integrated with the rest of the corporate network and business systems, incorporating off-the-shelf components along with their vulnerabilities. The cybersecurity needs of the different pieces are only similar—not identical.
With a typical IT system, the three major security objectives that must be satisfied, in order of priority, are:
- Confidentiality: Is the user authorized to access the data?
- Integrity: Is the data in question the same data as the original, or has it been modified without authorization?
- Availability: When information is needed, will timely and authorized access be denied?
In contrast, in electric utility industrial control systems, integrity and availability are of greater urgency than risks of confidentiality. Denial of service is the paramount security risk with the power grid, where timely and authorized access to accurate information is imperative.
So, adaptability is key in the solution because it must dynamically safeguard both domains. If dealing with business domain data/applications, the priority is confidentiality; if dealing with the industrial control system data/applications, availability and integrity take precedence. And closer analysis shows that one impacts the other. The security solution must understand how an event in the business domain (such as a utility employee leaving a job under unpleasant circumstances) could impact the threat profile—and respond intelligently.
Finally, the security solutions need to be adaptive to the time latency associated with information availability in the power system control network, which can vary from milliseconds (currently less than 4 milliseconds for protective relaying) through days or even weeks for collecting long-term data such as power quality information. Business IT systems, in contrast, are more concerned about high throughput, and they can typically withstand some level of delay and jitter (delay variability).
Adaptability to Resources
The need for cybersecurity adaptability is driven by differences in resources across the smart grid, as well.
IT applications typically run on desktop computers, servers, third-party data centers or smart phones. The compute power of these devices is tremendous; most often bandwidth availability being quite high, as well. Certain security solutions—say, ones that apply a strong level of encryption between information sources so data cannot be deciphered if intercepted—are predicated on that resource availability.
Now, imagine if we have to secure all of the small information devices that are exchanging data among themselves in the smart grid. The transformers, breakers, relays, switches and other substation devices have intelligent electronic devices (IEDs) talking with one another, as well as with the substation or area control centers. The compute power of the devices and available bandwidth for interconnecting them are relatively low.
Utilities cannot afford to “over-secure” the smart grid—applying the same, most sophisticated security services blindly to every piece of data and application end-to-end across the network. The same security solution for a bandwidth-intensive environment will not work for devices with very small compute power and low-bandwidth connections. One size does not fit all. This means that the smart grid security solution must be adaptive, too, to resource availability. Similarly, differences in IT and power/process engineering practices will require adaptive security procedures.
These ideas point to an area where additional smart grid standards will be needed. Standards to address an adaptive encryption requirement, for example, will need maturity and wider adoption to address such rightsizing of security measures. While the smart grid might not demand specifically a new, purpose-built encryption capability, virus-scan software, certification procedure, etc., it certainly requires a logical plan of how to integrate security components into an adaptive system that can look at the multiple layers of data and applications end-to-end and tap capabilities appropriately.
Smart grid security will not be a static, one-off effort where a solution is designed, implemented by utilities and finished. It will be an ongoing challenge that reveals itself continuously—a dark highway illuminated by headlights on a long, twisting, turning drive. Smart grid demonstration projects in the United States and other deployments globally are likely to yield important data on aspects of the security challenge, but more and wider-scale studies, simulations and modeling would be valuable. For example, the cybersecurity industry is likely to learn from ongoing projects more about the confidentiality implications of a demand-response system, in which the utility provides information about pricing and a user’s devices respond automatically. What such projects are unlikely to provide, however, is a look into the critical availability question: How can the smart grid guard itself against a massive denial-of-service attack on such a demand-response system? How could a security breach emulate an equipment failure, and what would be its ramifications? How can the smart grid’s control structures be designed and implemented to prevent emergent instabilities that have hit other systems like the stock market flash crash?
Certainly, these and other questions warrant more research. With higher stakes and greater requirements for adaptability in risk assessment and control, the cyber-security challenge presented by the smart grid is singularly new.
In addition to leading the Information Security Work Group of the IEEE P2030 Working Group, Partha Datta Ray is president and chief technology officer at Albeado Inc.
PowerGrid International Articles Archives
View Power Generation Articles on PennEnergy.com