Continuous Cybersecurity Monitoring is Smart Grid Necessity
By Tony Bogovic, Vencore Labs
In today’s world, regardless of where you are or who you work for, we all require (and expect) connectivity and access. Our increasing dependence on information systems and smart devices, however, heightens the need for strong cyber security in devices that never needed it before. The modern cyber threat is real and while it’s finally getting more attention broadly, it still needs to be addressed and discussed more across the electric power industry.
Utilities are responding to the need for a more flexible, reliable and efficient energy system by introducing intelligence in the grid, most notably in distribution, through the deployment of large multi-service field networks. Many utilities are moving beyond advanced metering infrastructure (AMI) deployments and expanding to more complex smart city initiatives. Systems initially deployed for AMI are now supporting multiple services as utilities add system intelligence, improve system reliability and provide customers with more options.
Utilities are using their field network investments, besides supporting smart electric meters, to support automatic feed circuit reconfiguration, line and fault sensing, transformer health monitoring, volt/VAR optimization of feeders, load control and demand response, smart water and gas meters, and home area networks with in-home display devices. In addition, utilities are using field networks to support city services, such as intelligent streetlights and wireless parking meters.
This creates a great deal of traffic traversing smart grid field area networks (FANs) for a continuously expanding set of utility services. In fact, most traffic within these wireless networks is vendor proprietary and stays within the FAN as part of node-to-node communications that maintain these mesh networks, but it is never visible to back-end systems and is therefore invisible to utilities.
The challenge with supporting multiple tenants and multiple services on the same field network is that doing so makes security increasingly difficult and it raises the likelihood of vulnerabilities. In other words, as modern utility networks expand and become more complex, utilities must maintain a strong security posture to ensure the FAN performs at a high level. The most important step toward achieving this is to increase visibility into the operations and activities of the FAN via monitoring.
Visibility is Essential to Smart Grid Success
Robust security monitoring requires three key steps: Defend, detect and respond. Utilities in partnership with their vendors have made great efforts to implement security controls into new smart grid systems. Progress on FAN anomaly detection and response capabilities, however, are still immature and many utilities have yet to recognize the need.
The Internet of Things (IoT) movement and the emergence of smart grids are linked together. Smart grid is one of the first large scale examples of IoT, representing some of the biggest IPv6 networks in the world. Hundreds of thousands and even millions of remote intelligent devices, such as smart meters, are deployed by large utilities. Without the right tools, that sheer scale makes it extremely difficult to effectively monitor the FAN and identify anomalies and vulnerabilities quickly.
From a defense standpoint, a utility must close every hole because attackers need only find one exploitable weakness. The reality is no utility knows every weakness in its networks and some weaknesses remain undiscovered (zero-day), but deploying strong monitoring is essential to improving utility security practices.
For instance, monitoring is needed on a daily basis to validate that privacy controls are operational. Without verification, utilities can’t confirm the system is working properly-even though their management system claims everything is secure. A common fallacy among utilities is that employing encryption means everything sent across the network is encrypted. In most cases, however, only certain payloads are encrypted. A significant amount of traffic for node discovery, routing and system maintenance is not encrypted, making monitoring for anomalous behavior even more essential.
The Ukraine power grid incident is a good example of why proactive monitoring and visibility is important. Experts estimate the attackers were operating within the power network between six months to a year before actually launching the attack. With the right monitoring capabilities, the utility might have been able to detect and remove the threat before the power outage occurred. While many people point out that a high-profile attack hasn’t occurred in the U.S., that doesn’t mean U.S. utilities aren’t vulnerable. Earlier this year, a Michigan water and electric utility suffered a ransomware attack as have several co-ops. The attacks didn’t result in a power outage, but it shows that threat actors have the capability to infiltrate U.S. utility networks.
While it is impossible to prevent every attack, and weaknesses always exist, a strong cybersecurity monitoring and detection capability can greatly solidify defenses and stop attacks in their reconnaissance stage before damage is inflicted. It is no secret that utilities are increasingly experiencing cyberattacks on the operations side. These evolving, persistent threats require proactive detection through network visibility and enhanced situational awareness. This begins with a need for utilities to embrace a “defend, detect, respond” approach to smart grid security.
Utilities need better insight into their smart grid network activities. Network device management tools can get information from end devices, but they can’t provide a holistic view of network formation or real-time dashboards of key indicators. Utilities today require a more comprehensive, integrated monitoring solution to enhance cybersecurity and operations.
A holistic, continuous monitoring as a service (CMaaS) solution offers many benefits for utilities. It can eliminate silos that have restricted organizational insights and create an environment of enhanced situational awareness across the network. Real-time network health monitoring, anomaly detection, security analysis and visualization are all critical, while flexibility, scalability and ease of deployment are also characteristics that should be considered by utilities considering procuring grid monitoring applications.
Investment is Inevitable
No utility can be 100 percent secure from threats in today’s environment, but utilities can continuously improve their security posture and further solidify trust with customers. This starts with utilities recognizing what the problems are, understanding the potential implications for security and reliability and proactively taking steps to address the issues. With the right monitoring tools, processes and expertise in place, utilities can do just that.
As utility operations and security threats become increasingly frequent and complex, integrated monitoring capabilities are more critical than ever. Now is the time to make the necessary investments to ensure utilities have the visibility required to protect the grid and operate securely, efficiently and effectively.
As Vencore Labs’ vice president, Tony Bogovic is a seasoned management and technology leader, having held multiple positions within Bellcore, Telcordia, Applied Communication Sciences and Vencore Labs. Currently, as head of the Advanced Consulting & Engineering group, he directs the development and delivery of solutions and services across a wide spectrum of telecommunications operations, security and network management technologies and integrated systems. He holds a master of science degree in electrical engineering from Columbia University.