Securing the Grid: Efforts needed to prevent cyberattacks

Efforts needed to prevent cyberattacks

The power sector’s move towards smart grid practices has increased the adoption of various advanced information and operational technologies (IT and OT). On the other hand, this has led to the perpetration of cybercrime, raising security concerns, especially regarding communication networks. Although cyberthreats are associated with all smart grid domains including smart grid devices, the chief concern is related to communication technologies, which are at the heart of a smart grid.

Communication systems that are integral to the implementation of various smart grid applications include the supervisory control and data acquisition system, tele-protection, the geographic information system, the outage management system, commercial and billing software, and enterprise solutions such as SAP’s customer relationship management, bank communications management, enterprise resource planning and email. Applications like advanced metering infrastructure, automated demand response and advanced distributed management system, which are functionalities of smart grids, require information to be communicated on a real-time basis. Any error in ensuring an effective communication system can have a severe impact on its reliability and services, thus cybersecurity is vital for the survival of smart grids. Further, while the advent of internet of things, big data and analytics is allowing industries to communicate without any human intervention using standard and interoperable communication protocols, it is also exposing them to security and privacy threats.

Cloud computing

A number of utilities are now adopting cloud computing in one form or another. However, the relocation of power system utility applications to the cloud has a significant impact on the integrity and confidentiality of the system.

Most cloud services share computational resources including storage, memory, the processor and network bandwidth across multiple applications and “tenants”. The sharing of resources presents a unique challenge for power system applications running on the cloud. This is especially true for any application that needs to either produce output or receive input in real time. Also, once the information is sent to the cloud, the utility needs to be aware about how that information is being stored and, if applicable, archived. Cybersecurity challenges related to information storage mainly depend on whether the utility is using cloud infrastructure-as-a-service or cloud software-as-a-service.

Strategies for mitigating cyberattacks

While the need for cybersecurity is well established, utilities face a number of challenges in ensuring it. These include obsolete technology, limited coordination between IT and OT verticals, and the fast and constantly evolving nature of security risks. Further, there is limited awareness about cybersecurity practices among the OT team, and these tend to get neglected during the fundamental design phase. It is also a challenge to keep up with the ever-evolving standards, technologies, services and applications. Typically, grid automation systems use public networks to lower their costs, which increases the susceptibility of grids to cyberattacks. Such attacks may be classified into three categories: attack by component, attack by protocol and attack by topology. An attack by component, for example, is when field components like remote terminal units are attacked by remote access. An attack by protocol means using communication protocols available in the public domain to reverse engineer data acquisition protocols and exploit them. In an attack by topology, the network topology is exploited, for example a denial-of-service attack.

While there are several kinds of cyberthreats, there are also strategies to detect and mitigate them. For example, effective network segmentation reduces the extent to which an adversary can access the network by restricting communication between networks. A similar effect can also be achieved by following strict role-based access control, which grants or denies access to resources based on their job functions. This can be done through the Active Directory, which implements role-based user access control through group policies or application whitelisting and permits the execution of only whitelisted software while blocking the execution of anything else. These measures restrict the execution of unknown executables, including malware. It is also possible to put in place multiple layers of security, such as firewall-based security, intrusion detection systems, proxy servers for threat management, demilitarised zones for all public portals, single sign-on, and secure tunnel via two-factor authentication. To operationalise information security, there must be regular review meetings to identify new risks and ways to mitigate them, and discuss recent lapses. An annual plan for reviewing, implementing and updating the processes is crucial, alongside a focus on creating awareness about IT security across the organisation.

As in all other sectors, smart is the catchphrase in the power sector. With the growing digitalisation of all processes, it is becoming increasingly important to safeguard devices against cyberattacks. Information and devices must be protected from falling into the wrong hands and getting hijacked. Cybersecurity is clearly an area that cannot be neglected.