Is your smart grid secured?
If it is for sure, there is very little risk a hacker reaches a single Digital-POL at board level, the risk increases exponentially as we move upward in the value chain and, in that chain, the Smart Grid is probably the highest and the most exposed to attacks. At a time when the number of renewable power sources is growing, smart meters are being deployed and many others are being connected to the Smart Grid, what is the situation in terms of security? Are we safe?
Risk escalation
From 2007, when the US government demonstrated, in the Aurora Generator Test, that with only 21 lines of codes hackers could take control of a power plant and physically destroy a generator; to April 2016 when a water and electricity authority in the State of Michigan, after being victim of a ransomware attack was forced to keep IT systems locked down for a week, the number of cases reported to security authorities is rapidly increasing.
The Florida International University estimated that, during the first six months of 2015, more than100 cyber incidents have affected infrastructure in the US and the energy sector had the largest number of attacks. Cyber-attacks toward Smart Grid is a global threat and all countries are exposed to high risk, motivating power experts and networks managers to consider a global response and methodology to prevent any damages.
February 2016, the US Department of Homeland Security (DHS) issued an alert (IR-ALERT-H-16-056-01), reporting on a case that happened on December 2015 in Ukraine, raising the information to a high level of attention to Smart Grid Operators, motivating them to accelerate protection mechanisms and to develop preventive actions policies.
The Ukrainian case combined multiple elements in the attack, including physical sabotage though the sophistication of the part related to the cyber-attack reached a new level of intrusion, motivating the Smart Grid community to strengthen cooperation and efforts to accelerate sustainable security within the Smart Grid.
Black Christmas for Ukrainians!
December 23rd 2015 at 04:00 PM, the Ukrainian’s region Ivano-Frankivsk was plunged into darkness for several hours and more than 220.000 customers lost power and, the IT and communications systems of the utility companies were severely damaged by the attackers.
In this case, the attackers combined a large number of attacking tools, spreading phishing e-mail containing a variant of the BlackEnergy 3 and KillDisk malwares, exploiting MS Office documents security holes to get into the IT network of the electricity companies and inhibiting most of the security agent in firewalls.
At the same time they managed to break credential codes to access a deeper level of the system, controlling industrial communication busses such as the ones interconnecting Uninterruptible Power Systems (UPS) and accessing the Supervisory Control and Data Acquisition (SCADA) systems.
SCADA systems are basically Process Control Systems (PCS) that are used for monitoring, gathering, and analyzing real-time environmental data. PCSs are designed to automate electronic systems based on a predetermined set of conditions, such as traffic control or power grid management. For the ones used to lower energy and board power systems, it’s a super Software Defined Power Architecture, which, considering the strategic role it plays, requires an extremely high level of security. Managing to control the SCADA systems, the hackers accessed the electricity network, with the possibility to shut down and severely damage equipment.
The Ukrainian’s case is considered as “real life example” of what could happen to larger networks and lessons to learn from that case is part of the ongoing Smart Grid security standardization projects run in the USA, Europe and Japan.
Making the Smart Grid safer!
The Smart Grid is an extremely complex architecture with a lot of areas for intrusions and attacks. Especially when operating a Smart Grid has moved from managing electricity distribution to a super Information and Communication Technology machinery. Michael McElfresh, Adjunct Professor of Electrical Engineering at Santa Clara University, very well summarized the situation, saying: “Technological advances in grid operation have made the power grid increasingly vulnerable to cyberattacks. The growth of the smart grid has created many more access points for penetrating grid computer systems – the “internet of things” will only make this worse.”
All over the world, governmental, consortiums and group of experts are engaged in an amazing race to deploy security methods and protocols to make the Smart Grid safer. In the USA, the set of Critical Infrastructure Protection (CIP) standards issued by the North American Electric Reliability Corporation (NERC) became mandatory in 2007 for owners, operators and users of the Bulk Electric System (BES). That is to ensure that certain assets on the grid critical to reliable operation are protected from both a cybersecurity and physical security standpoint. The CIP standards are going through a wave of new revisions, moving from CIP V3 to CIP V5, skipping V4, and accelerating V6! That situation reflects the situation faced by the standardization organization developing security standards in a fast evolving world of threats.
In Europe, despite a number of initiatives within the European network and information security community to establish frameworks and standard operating procedures, the EU-level response to cyber incidents lacks consistency though projects such as the EU-funded Smart Grid Protection Against Cyber Attacks (SPARKS) are showing very good signs of progresses.
Step by step, the worldwide Smart Grid is getting stronger and safer though the potential of threats remains high.
In conclusion
Because of the complexity and the variety of connected devices to the Smart Grid, power supplies manufacturers will have to consider the security aspect when their products integrated within a Smart Grid. As I introduced at APEC 2015 Software Defined Power Architecture are deploying fast in the ICT industry and some systems, already installed in data-centers, are connected to the Smart Grid and communicating through the SCADA system. To close the loop, if there is little risk a hacker would send a command to a POL blasting a local core processor, the risk for a UPS and even a frontend rectifier to receive a fatal command is not excluded. The Ukrainian case trigged the alarm ON and for all of us involved in developing power systems connected to the Smart Grid, that is a signal that we should never forget.
References:
US Department of Homeland Security alert (IR-ALERT-H-16-056-01)
https://ics-cert.us-cert.gov/alerts/IR-ALERT-H-16-056-01
E-ISAC – Analysis of the Cyber Attack on the Ukrainian Power Grid
https://www.nerc.com/pa/CI/ESISAC/Documents/E-ISAC_SANS_Ukraine_DUC_18Mar2016.pdf
The North American Electric Reliability Corporation (NERC)
Smart Grid Protection Against Cyber Attacks (SPARKS)
About the author:
Patrick Le Fèvre is Marketing & Communication Director at Powerbox – www.prbx.com
Related articles:
Powerbox to acquire Eplax for more custom power
Power supply & EMC coexistence in the medical space
Low profile DC-DC converters target IoT in automotive applications
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :
