Securing the Grid: Multi-layered safety measures could check cyberattacks

Multi-layered safety measures could check cyberattacks

Cyberattacks on smart grids can disrupt the entire power sector. The risk of cyberthreats extends to all interconnected components across the generation, transmission and distribution channels. Being constantly connected to the internet, a smart grid can be exploited by hackers. Cyberattacks such as sniffing, eavesdropping, spoofing and injecting malicious data into the grid can cause damages ranging from minor power cuts to a major grid collapse. Smart grid security is crucial to providing uninterrupted power supply and minimising losses due to power cuts. To maintain a secure smart grid, utilities the world over are taking initiatives such as implementing a multilayered security mechanism, running awareness and training programmes, and conducting cyberrisk assessment studies. Apart from this, they are exploring emerging technologies such as blockchain for enhancing grid security.

Types of cyberattacks

Among the most common cyberattacks on smart grids are sniffing and eavesdropping. This is done by hackers to steal information or acquire the technical specifications of a network. Such information could be used to craft further attacks, or achieve any other objective. Denial of service (DoS) is another smart grid cyberattack, which penetrates into the underlying communication and computational infrastructure, and renders the resources temporarily unavailable. In yet another type of cyberattack, malicious data is injected into the grid. In the process, attackers may leverage the vulnerabilities in the configuration of a smart grid infrastructure and inject malicious data that will misrepresent the state estimation process. Through this, attackers can not only change the results of state estimation, but also modify the results in a predicted way. In spoofing, a malicious party impersonates another device or user on a network. Successful spoofing attacks may result in incorrect calculation of clock offsets, leading to erroneous estimates of the actual power load. Meanwhile, high-level application attacks on any component in the system will cause unexpected physical damages. These applications provide an interface for communicating with the physical infrastructure such as management consoles and end-user web portals. The attacks impact power flow measurement, state estimation, energy management, etc. in smart grids.

Cyberattacks on the distribution system

Consumer meters are most vulnerable to cyberattacks. An adversary can penetrate into smart metering infrastructure connected at consumers’ end and send fake energy usage signals to the control centre. Besides this, in the absence of robust authentication and encryption at the head-end system (HES), an attacker can tamper with the meter data management system (MDMS) and send unauthorised signals to the meters. On the net metering front, end-consumers can tinker with the net energy usage data sent to the utility’s control centre by hacking into the communication network. Further, by way of a cyberattack, the consumers can reduce these electricity bills or even earn credits even without selling electricity to the grid.

On the communication network front, technologies such as wireless local area network (WLAN), ZigBee, radio frequency (RF) mesh, WiMax, WiFi and PLC, used in AMI are vulnerable to cyberattacks that could lead to eavesdropping and session hijacking attacks. Besides, even mobile communications are generally unprotected mediums and could reveal energy consumption data and prove susceptible to privacy invasion. Apart from this, an adversary can hijack the virtual private network (VPN) of utilities. Such an attack manages to infect the control centre LAN, and supervisory control and data acquisition.

Maintaining a secure smart grid

One of the key objectives of undertaking cybersecurity in a smart grid is to maintain data and system confidentiality. Data privacy and consumer protection remain the top concerns for distribution utilities as well as consumers. Utilities and third-party service providers aggregate energy usage data of different consumers for better demand forecast and peak load management. Smart meters installed at consumers’ end exchange information with the home area network (HAN) or building area network (BAN) regarding the data usage of consumers and send control signals to the smart appliances installed on the consumers’ premises. These networks, however, may be vulnerable to data leakage or eavesdropping that could reveal the activities of consumers and other sensitive information. Cybersecurity measures are required to prevent unauthorised access to secured information such as power usage, price and control commands. With access to such information customers’ privacy can be invaded. Meanwhile, for industrial and commercial consumers, such data leakages can reveal highly sensitive information, for example the technologies used, the manufacturing output, sales events, etc. Besides this, cybersecurity measures are required to prevent any modification of critical information pertaining to sensory devices, electronic equipment, software and control command that might disrupt the decision-making capability and corrupt the data exchange of the smart grid. Further, robust cybersecurity measures could help in resuming services in case of DoS attacks and distributed DoS attacks.

One of the emerging solutions for maintaining grid safety is developing a smart energy management system based on blockchain. Blockchain is a distributed data processing technology that enables all users participating in the network to distribute and store data. Applying blockchain technology to smart grid will ensure secure management of energy data, and contribute to the development of the future smart energy industry. The primary initiatives to protect smart grids against cyberattacks include enhancing defence capabilities to mitigate the possibility of an attack. The traditionally proven defence-in-depth principle can be adopted, in which multiple layers of security controls are put in place. Under this, the risk is distributed across various layers so that if one layer of defence is penetrated, the other layer prevents further damage. Another security measure against cyberattacks is cybersecurity risk assessment. This involves evaluating various information assets to identify the underlying vulnerabilities and threats. In addition, there is a need to create awareness and undertake training programmes to maintain grid safety. Effective training programmes need to be designed based on individual roles and responsibilities. Incident response is another vital aspect of protecting smart grids from cyberattacks. In the absence of an effective incident management plan, an incident can completely disrupt vital business functions.

To conclude, a smart grid cybersecurity strategy needs to be designed to manage the prevention, detection, response and recovery processes, and counter any existing and potential threats.

CEA’s guidelines for the mitigation of cyberthreats

In October 2018, the Central Electricity Authority (CEA) issued the following guidelines for the mitigation of cybersecurity threats in the power sector:

  • Deploy only those software applications that have verifiable technical support and version control.
  • Deploy products, firmware and technical support solutions that are not available in the public domain.
  • Evolve procedural controls such as security-level agreements that make original equipment manufacturers/system integrators liable to provide security patches and firmware updates for longer durations.
  • Avoid internet connectivity, direct or indirect (over firewall), to operational technology/ supervisory control and data acquisition networks.
  • Update all operating systems, applications and firmware as a basic cyberhygiene practice.
  • Nominate a chief information security officer and information security officer to establish an information security department for implementing and managing information security at different locations of the organisation.
  • Accelerate the process of identification of critical information infrastructure and its notification as a protected system, steered by a computer emergency response team.