Cybersecurity of Electricity Grid
Published on : Thursday 04-02-2021
Increasing penetration of power electronics based converters and a host of other factors is leading to an autonomous and self-healing Grid 4.0, says P K Agarwal.
The power grid is a critical infrastructure for any nation. Hence, the power grid’s cybersecurity is extremely important for the security and sustainability of the country. Since the information technology systems used to control the electricity grid are complicated, site-specific, and highly protected, a cyber-attack’s success is difficult for a typical hacker. But in the recent past, the nation-state's involvement in the disruption of the power grid of a nation has demonstrated the possibility. There are many incidences reported worldwide.
The European Network of Transmission System Operators for Electricity (ENTSO-E) has become the latest power sector organisation to have fallen victim to a cyber-attack. On 23 December 2015 and again in December 2016, hackers temporarily disrupted the consumers’ power supply. The investigation reveals that the attacks were nation-state sponsored with years of planning and intrusion efforts. The US Department of Energy (DoE) reported 150 successful attacks between 2010 and 2014 that targeted systems holding information regarding electricity grids. Given the above, the cyber protection of the electricity grid has become very crucial for any nation.
IT and OT
The operation of the modern power grid is tightly integrated with the automation and information system. The automation systems of any utility fall into two categories: Information Technology and Operational Technology. The usage, criticality, type of threats, and defence are very different for each category. IT technology is employed mainly in data processing and other administrative works. But operational technology is used to control and to monitor devices, which are called cyber-physical systems. These are critical infrastructure for any utility and a country. Any wrong operation intentionally or unintentionally may damage the equipment resulting in time and money expenditures. Power system SCADA is an operational technology system of the utility and critical to the grid's reliable operation and safety.
However, to reduce costs and improve performance, organisations have begun transitioning from proprietary systems to less expensive, standardised technologies. Current OT technologies use and operate under platforms that run operating systems such as Microsoft Windows, UNIX, LINUX systems, and the standard networking protocols used by the Internet. This convergence of control networks with public and enterprise networks potentially exposes the control systems to additional security vulnerabilities.
Electricity supply chain
The electricity grid covers a geographically wide area to reach the farthest consumer. An area-wide transmission network supplies large generators’ power to the consumers located in many corners of the country. The electricity grid’s complete supply chain consists of generating plants, transmission substations, transmission lines, and distribution substations. Each component employs the SCADA system to manage its equipment. The generating plant's SCADA operates and controls various equipment of the power plant. SCADA in sub-station helps in the switching of the transmission lines and transformer in and out. SCADA in the distribution system controls the feeders, manages their outage and restoration.
The entire electricity supply chain has to operate in a coordinated manner. Several grid control rooms manage the grid and have their SCADA systems. These control rooms and the electricity supply chain are connected with a network of communications links. The data from SCADA systems of generating plants, grid sub-station, and distribution substations shared on these communications links to the SCADA system of grid control rooms. The grid control rooms do the job of operating the grid reliably and safely through the SCADA system's situational awareness. Since the entire grid functions in a coordinated way, disruption of any parts is detrimental to the grid's safety. Hence, the cyber protection of each component is essential.
Security countermeasures
Any cyber-attack on IT systems or OT systems follows a set chain of actions known as the cyber kill chain. In the cyber kill chain, an attacker's first action is to gain entry into the target system like the SCADA system. After this, the hacker installs a Trojan horse malware that is a small software that enables continued access to the hacker. Further, the attacker either creates a new administrative privilege user account or captures the existing user account with administrative privilege. The administrator user account helps the attacker with unrestricted access to the system for preparing the attack. After collecting all the required information, the hacker starts the attack. The cyber-attack may be for stealing data, damaging files, encrypting files for ransom, or blocking the system's access to its legitimate users.
The SCADA system is the heart of the generating station, substation, and electricity grid at grid control centres. Science, the grid control centres, coordinates the complete supply chain for its secure operation; it may be a strategic target for the attacker. Securing a SCADA system against a modern threat requires well-planned and well-implemented strategies that will provide network defence teams a chance to quickly and effectively detect, counter, and expel an adversary. The ICS-CERT recommended seven strategies that are very efficient and easy to implement. How to apply the ICS-CERT strategies in protecting the SCADA system has been explained below:
1. Application whitelisting – Any unwanted application which is not essential for the working of a SCADA system is the most culprit in providing access to hackers. One reason is that these applications are not in the SCADA maintenance team's patch management program; hence they generally remain unpatched. Outdated and unpatched applications are vulnerable. Hackers may exploit them to gain entry into the SCADA network. Therefore, all unwanted applications, services must be removed from the SCADA network. Hence, a white list of applications and services required for the SCADA system's functioning must be prepared and implemented.
2. Proper configuration and patch management – Wrongly configured perimeter devices like routers may enable the entry of the attacker to the SCADA network. Similarly, a hacker may exploit unpatched SCADA applications to gain unauthorised access to the SCADA system. Hence, all the perimeters device should be appropriately configured and hardened to block the unknown and unwanted packet. The SCADA team should implement and follow a proper monitoring and management procedure to ensure the integrity of configurations and patching of the software and when its release by OEM.
3. Reduce attack surface – Since all the elements of an electricity grid-like generating plants, substations, and control rooms are widespread and are interconnected, the attack surface area is vast. Suppose each system is treated as a separate unit managed by a different administrator. In that case, the large attack surface reduces due to fragmentation, creating hurdles for a cyber hack's success. Further, to minimise the attack surface, isolate the SCADA network from any untrusted networks, especially the Internet. Lockdown all unused ports. Turn off all unused services. Only allow real-time connectivity to external networks if there is a defined business requirement or control function. If one-way communication can accomplish a task, use optical separation (‘data diode’). If bidirectional communication is necessary, then use a single open port over a restricted network path.
4. Build a defendable environment – To limit damage from network perimeter breaches. Segment networks into logical enclaves and restrict host-to-host communications paths. This can stop hackers from expanding their access while letting the everyday system communications continue to operate. Enclaving limits possible damage, as compromised systems cannot be used to reach and contaminate systems in other enclaves. Containment provided by enclaving also makes incident clean-up significantly less costly.
5. Manage authentication – As mentioned before, the hacker gains access to a privileged user either by creating a new user account or escalating any existing user's privilege. Hence, user management is essential for any change in a user profile; the new user must be watched and detected.
6. Monitor & respond – An attacker needs sufficient time to search for confidential information and prepare for an attack. Fast detection and response of any intrusion or breach may break the kill chain and protect from actual attack events. Hence, network operation monitoring software should be used to watch and take fast action to mitigate the attack.
7. Secure remote access – A remote access connection is used to maintain a SCADA system remotely. Any compromise of the remote connection credential may enable the hacker to take any operation that a human operator can legitimately carry out. An attacker with control of the SCADA system can also instruct the wrong operation of the SCADA system. Remote access should usually be disconnected and should only be allowed for a known purpose and duration. It should not enable system-wide access and should be limited and restricted. All remote work should be logged and audited.
In the worst case scenario, a compromised control system can issue an unsafe command that the compromised computer's hardware is electrically capable of issuing. All software safeties can be compromised. Mis-operation of industrial processes is frequently dangerous, and always costly. Hence, proper countermeasures and continuous monitoring of countermeasures is the key to defeat any cyber-attack.
Conclusion
Absolute security is not possible. In other words absolute security is a near impossible task or providing absolute security will outweigh the benefit derived from the system being secure. But following the strategy of defence-in-depth and having best practices, guidelines and standards while designing the system will create a secure system. Security is a continuous process hence in addition to secure design of SACDA network practice of vulnerability assessment and plugging of loop holes should be followed.
Praveen Kumar Agarwal, former Director & CISO, POSOCO Ltd, has 39 years of experience in diverse areas of power sector, of which 24 years in electricity market design and operations, systems automation, WAMS & SCADA system integration and cybersecurity with active involvement in project execution and management of Supervisory Control and Data Acquisition (SCADA) system, and Integrated National Control Centre’s SCADA with regional control centres and with control centres of countries like Bhutan and Bangladesh. Agarwal pioneered synchrophasors technology (WAMS) in Indian power system in the year 2009.
Among other achievements Agarwal played a key role in designing the Unified Real Time Dynamic State Measurement Scheme and setting up of Renewable Energy Management Centres in India. He has written and published over 50 technical papers and articles, and has contributed chapters in power system books published by international publishers. He has also delivered talks in many International and National conferences, chaired panel sessions, etc.
