As one of the enabling technologies, a fast, reliable and secure communication network plays a vital role in the power system management. The network is required to connect the magnitude of electric devices in distributed locations and exchange their status information and control instructions. The current communication capabilities of the existing power systems are limited to small-scale local regions that implement basic functionalities for system monitoring and control, such as power-line communications and the Supervisory control and data acquisition (SCADA) systems, which do not yet meet the demanding communication requirements for the automated and intelligent management in the next-generation electric power systems.
The Smart grid technology use increased monitoring and control of the grid. Power System Communication integrate more accurate measurements and intelligent controllers. Since several power control systems have been procured with openness requirements, cyber security threats become evident. Now the vulnerability of the power system is not mainly a matter of bulk power electric system or physical system, is every day more a matter of Cyber security. A market participant unable to see accurately the market or a SCADA unable to control properly some facilities could be as disastrous as a terrorist attack to some key power plants or transmission lines.
In this paper a review of some of the vulnerability risks that actual electric power systems face, showing some implementation issues of it are discussed leading to ensure a secure energy sourcing to the economy.
POWER SYSTEM COMMUNICATION
With the addition of renewable energy sources, bi-directional dynamic energy flows are observed in the power grid. To effectively manage this complex power system that involves an enormous number of diversely functional devices, a co-located communication infrastructure is required to coordinate the distributed functions across the entire power system.
A smart grid is an electrical grid that uses information and communications technology to gather and act on information, such as information about the behaviors of suppliers and consumers, in an automated fashion to improve the efficiency, reliability, economics, and sustainability of the production and distribution of electricity. In the smart grid, many distributed renewable energy sources will be connected into the power transmission and distribution systems as integral components.
- Motivates and includes the consumer
- Resists attack
- Increases power quality
- Accommodates all generation and storage options
- Enables electrical markets
- Optimizes assets and operates efficiently
The Smart Grid will be self-healing.
This means that it can redirect and adjust the flow of electricity in the event that an electrical transmission path is interrupted. This is done by a continuous self-assessment of the state of the power system. As a result, this can reduce the frequency and duration of major blackouts. It is estimated that the August 14, 2003 blackout in the U.S. and Canada had a societal cost of $10 billion. Reducing the number of major blackouts and their severity will reduce the economic losses our society incurs during these blackouts.
The Smart Grid will motivate and include the customers.
There is currently minimal interaction between customers and suppliers in the electrical power system. The Smart Grid provides customers with more information and options about their electrical power. In theory this will allow customers to make better decisions about their power usage that will not only save them money, but will also promote competition between power suppliers. This is done by enabling two-way communication between energy consumers and suppliers. The Smart Grid can also interact with electrical appliances in a customer's home. This interaction allows appliances to schedule their run time when electricity is at the cheapest price.
The Smart Grid will be resilient to attacks and natural disasters.
The Smart Grid will not only be resilient to physical attacks, but also cyber attacks. The electrical power grid is a complicated system that is at the root of most U.S. economic growth. This makes the electrical power grid a critical asset, and damage to it can have devastating affects to our society's welfare. Parallels are drawn between the electrical power grid and the Roman aqueduct system in. Over time the Roman aqueducts underwent design changes. As the Roman Empire grew, the level of perceived threat lowered. This lead to design changes that were less concerned with security and more with form and functionality. Then towards the end of the Roman Empire these aqueducts became easy military targets for invading forces because of the design changes. Attacks against Roman aqueducts had major social impacts because they had become a critical system that the Romans depended on. The electrical power system is a critical asset that we rely on, and it needs to be resilient to all forms of attack.
The Smart Grid will provide an increase in electrical power quality.
Electricity is not only required to be available at all times from the power grid, but it must also maintain a constant voltage. Some manufacturing processes are very sensitive to voltage variations. A dip in voltage lasting less than 100 milliseconds can have the same effect as power loss for several minutes or more on some industrial processes. These voltage fluctuations are estimated to cause productivity losses in commercial facilities ranging from thousands to millions of dollars per event. It is estimated that by 2011, 16% of the electrical load will require digital quality power.
The Smart Grid will accommodate all generation and storage options available.
The integration of renewable energy sources into the electric power grid has several complications. The current electric power grid is a broadcast model that is designed to only allow the one-way flow of electricity from a one-generation source to many consumers. Renewable energy sources are often geographically separated from traditional power sources, and when they are integrated into the power grid it is as distributed power sources. Since the electrical power grid was designed for only a single power source and not multiple distributed power sources, this causes complications. Germany has experienced issues related to problems in their electrical power grid. Customers using solar panels could overload the electrical power system when surges of power come from the solar panels .Fossil fuels are not a sustainable energy source, and as a result new alternative power sources will be explored. The Smart Grid will be able to support these new energy sources along with the traditional power sources.
The Smart Grid will enable electrical markets.
Electrical markets in the Smart Grid will encourage competition among power suppliers. This competition will promote power suppliers to develop cheaper and more efficient means of power generation. This will drive down the prices of electrical power for customers as suppliers compete for their business. The Smart Grid will also support distributed power sources. This opens the door for new electrical power suppliers and electrical service providers to enter the electrical market. The electrical market will broadcast current electricity prices based on a supply-demand model. Electricity will be more expensive when the load or demand is high, and it will be cheaper when there is surplus electricity. Customers can use this information to schedule tasks that use large amounts of electricity at a time when electricity is cheaper.
The Smart Grid will optimize assets and operate efficiently.
The features that will make the Smart Grid self-healing can also be used for asset management. The Smart Grid will be able to automatically assess equipment condition and manage equipment configuration. This management automation can be done at substantially lower costs compared to manual management. The automation of equipment management will also reduce the chance of equipment failure since the degradation of equipment can be tracked. The Smart Grid will also incorporate new technologies that will reduce energy loss during electrical transit. This reduction in energy loss will increase the electrical power grid's efficiency by eliminating excess power waste.
Smart grid reference model
In the smart grid, many distributed renewable energy sources will be connected into the power transmission and distribution systems as integral components.
Electricity is generated by using resources like oil, coal, nuclear emission, flowing water, sunlight, wind, tide, etc. This domain may also store electricity to manage the variability of renewable resources such that the surplus electricity generated at times of resource richness can be stored up for redistribution at times of resource scarcity. The bulk generation domain is connected to the transmission domain. It also communicates with the market domain through a market services interface over Internet and with the operations domain over the wide area network. It is required to communicate key parameters like generation capacity and scarcity to the other domains.
The generated electricity is transmitted to the distribution domain via multiple substations and transmission lines. The transmission is typically operated and managed by a RTO or an ISO. The RTO is responsible for maintaining the stability of regional transmission lines by balancing between the demand and supply. The transmission domain may also support small scale energy generation and storage. To achieve self-healing functions and enhance wide area situational awareness and control, a lot of information will be captured from the grid and sent to the control centers. The control centers will also send responses to the devices in remote substations.
The dispatch of electricity to end users in the customer domain is implemented by making use of the electrical and communication infrastructures that connect the transmission and customer domains. This domain includes distribution feeders and transformers to supply electricity. It interacts with much different equipment, such as DERs and sensors with communication capability.
This domain maintains efficient and optimal operations of the transmission and distribution domains using an EMS in the transmission domain and a DMS in the distribution domain. It uses held area and wide area networks in the transmission and distribution domains. An illustrative framework of next-generation power grid, where A is a wind power plant, B is a large hydro power plant, C is a coal-?re power plant, D is a geothermal power plant, E and F are houses with solar-electricity generation, G and H are houses with wind-electricity generation, I is the power transmission infrastructure, J is the communication infrastructure, and K–Q are the seven constituent domains that are bulk generation, transmission, distribution, operation, market, customer, and service provider, respectively information of the power system activities like monitoring, control, fault management, maintenance, analysis and metering.
Distributed functions across entire power system
This domain consists of retailers who supply electricity to end users, suppliers of bulk electricity, traders who buy electricity from suppliers and sell it to retailers, and aggregates who combine smaller DER resources for sale. Effective communications between the bulk producers of electricity, the DERs and the market is essential to match the production of electricity with its demand.
Customers consume, generate (using DERs), or store electricity. This domain includes home, commercial or industrial buildings. It is electrically connected to the distribution domain and communicates with the distribution, operation, service provider and market domains. The customer domain also supports the demand response process.
Service providers manage services like billing and customer account management for utility companies. It communicates with the operation domain to get the metering information and for situational awareness and system control. It must also communicate with HANs in the customer domain through the ESI interface to provide smart services like management of energy uses and home energy generation.
Open Communication Systems
Open communication systems are used extensively because
1. Hardware and software are relatively inexpensive
2. Installation relies on familiar tools and techniques
3. Existing communications infrastructure can often be used
4. Open protocols cut integration costs
5. Qualified personnel are widely available
First, open systems cut purchase costs because communications hardware and software based on Ethernet and the Internet are much less expensive than their proprietary alternatives.
Second, installation is eased because of a widespread familiarity with these types of systems among contractors.
Third, existing communications infrastructure can be used in many cases, dramatically reducing installation and other related costs.
Fourth, integration expenses for connecting different smart grid components are reduced because Ethernet is used as a common communications hardware protocol.
Fifth and last, on-going maintenance and operation costs are reduced because many in the industry are familiar with Ethernet and the Internet.
Open communication systems are a necessity because they keep costs down, but as the name implies these systems are much more vulnerable to cyber attack than their proprietary and more closed alternatives. Proprietary systems not only have fewer connections to other systems, they are also less familiar to professional hackers, creating a possible “security through obscurity” defense. On the other hand—communication systems based on Ethernet, TCP/IP protocols, the Internet and widely used operating systems such as Windows invite attack from literally millions of hackers worldwide.
Although effective attack responses will become important for the continued operation of the grid, the mitigation of grid cyber security vulnerabilities remains critical and is a responsibility of manufacturers, utilities, and the government. Achieving this task will increasingly require the electric sector to protect its IT and telecommunications infrastructure As the grid modernizes, the growing prevalence of information and communications technology in the system and the large numbers of personnel with access to it will create an ever-evolving cyber security situation, where the relative importance of specific vulnerabilities changes continuously as new types of attacks emerge. In particular, the introduction of the Internet to grid operations has introduced additional vulnerabilities to the power system, especially where corresponding security controls have not been put in place. Cyber security vulnerabilities can arise from weaknesses in personnel, processes, technology, and the physical environment. Security issues occur because of actions taken by outside hackers and attackers, and also by disgruntled employees. With their insider knowledge, these individuals may instigate significant damage.
Open System Vulnerabilities
The vulnerabilities are caused by
1. Large number of interconnections creates multiple vulnerabilities
2. Armies of professional hackers are familiar with open system protocols
3. Browser-based Internet servers and clients create entry points
4. Windows-based systems invite attack
5. Vulnerable TCP/IP software stacks are used across multiple platforms
6. Older closed protocols lack security when ported to open protocols like TCP/IP
Cyber security issues
Categories of cyber threats to power system
SCADA system and SCADA security
Application of conventional network security measures work well in IT environment, but it is not always possible to implement in industrial control systems. These systems assume that devices are competent to answer a password and identify it, but most PLCs can’t answer passwords. The problem is that PLCs and SCADA systems were designed without security in mind. Designers implicitly assumed that these systems would be isolated, no connected to other systems, and also assumed that only authorized people would have access to the system, and it is not a good assumption today. The fact is that every day more and more employees have been replaced by automated controls at substations, pipelines, etc., and now thousands of these facilities are being controlled by SCADA systems linked to networks. Nowadays, many SCADA systems carry some data through Internet in order to avoid more expensive private lines. In addition to this, almost all RTU’s (Remote Terminal Units that coordinate a facility’s automated field devices) or control systems are Web or Network enabled and often times we use these features.
Also some breakers, switch gears and pumps have its own connections and can be managed through telephone lines. Many power plants and substations have many modems, being another easy target to hackers. Hackers find these modems dialing phone numbers sequentially and once they are connected they can map the system and spy for passwords. More secure systems use dial back modems (they respond to a password by dialing a confidential phone number for confirmation) this system are hacked by trying sequentially different passwords. Nowadays many field devices, designed to do specific tasks are still based on low cost micro processor such as Intel 8088 and they can’t run encrypted authentication schemes fast.
The protocols used in the power system, such as ICCP, IEC 61850, DNP3, could be potentially exploited to launch cyber attacks if they are not secured properly. This calls for secure versions of these protocols that not only provide security guarantees, but also the required latency and reliability guarantees needed by the grid applications.
This refers to cyber attack on the routing infrastructure of the Internet. Although this attack is not directly related to the operation of the grid, a massive routing attack could have consequences on some of the power system applications, such as real- time markets, that rely on them.
Wireless systems are especially vulnerable to attacks. Some people use these systems in their networks and feel secure because they think firewall would protect them from unauthorized access, and therefore some people don’t use security features of the wireless equipment. In fact, if you are close to a wireless system and you have a directional antenna such as Pringles Antenna (look at Google to know how to build an antenna with a can of Pringles), you can go into the network without need to overcome the firewall. Wireless security standards are easily defeated, wireless transmitters use IEEE 802.11b and it has serious security flaws. Simply using free software, such as AirSnort and NetStumbler, a hacker can have enough tools to crack wireless codes within 15 minutes. After they get the wireless encryption key, they can use a freebie protocol analyzer like Ethereal or Sniffit to spy on the network. At this point, they can see people login into different equipment's (for example Programmable Logic Controllers PLC), and since people tend to repeat passwords, they probably could log into other PLCs and network.
This refers to malicious software that exploits vulnerabilities in system software, programmable logic controllers, or protocols. The malware generally scans the network for potential victim machines, exploits specific vulnerabilities in those machines, replicates the malware payload to the victims, and then self-propagation. In recent years, malware attacks are growing in numbers and sophistication, and this has been a source of major concern for critical infrastructure systems (e.g., Stuxnet) including the power grid.
Denial of service attacks
Any attack that denies normal services to legitimate users is often called denial of service. This could also mean denial of control in the power grid context. These attacks are typically created through massive resource exhaustion attacks that flood the communication network or the server with huge volumes of traffic or spurious workloads, thus denying service to legitimate users.
An insider abuses their current system privileges to perform a malicious action. This form of threat is perceived as a source of concern in recent years as identified in many federal documents.
Cyber security must address deliberate attacks such as internal breaches, industrial espionage and terrorist strikes—as well as inadvertent compromises of the information infrastructure due to user errors, equipment failures and natural disasters.
Availability. Availability is the most important security objective. The availability of the electrical power grid is its most important factor. The critical real-time systems in the Smart Grid have an estimated maximum latency of 4 milliseconds. These systems continuously monitor the state of the electrical power grid, and a disruption in communications can cause a loss of power.
Integrity. Integrity is the next important security objective in the Smart Grid. The Smart Grid uses data collected by various sensors and agents. This data is used to monitor the current state of the electrical power system. The integrity of this data is very important. Unauthorized modification of the data, or insertion of data from unknown sources can cause failures or damage in the electrical power system. The electricity in the power grid not only needs to always be available, but it also has to have quality. The quality of the electrical power will be dependent on the quality of the current state estimation in the power system. The quality of the state estimation will rely on many factors, but integrity of input data is very important.
Confidentiality. The final security objective is confidentiality. The loss of data confidentiality in the Smart Grid has a lower risk than loss of availability or integrity. There are certain areas in the Smart Grid where confidentiality is more important. The privacy of customer information, general corporation information, and electric market information are some examples
Steps to Cyber Security
1. Understand existing regulatory requirements
2. Understand the nature of cyber threats
3. Identify non-compliance areas and vulnerabilities
4. Create and enforce company-wide security procedures
5. Install hardware and software to ensure compliance and protect vulnerabilities
6. Continuously monitor as technology and regulations evolve
Cyber security must address deliberate attacks such as internal breaches, industrial espionage and terrorist strikes—as well as inadvertent compromises of the information infrastructure due to user errors, equipment failures and natural disasters.
As outlined, there are six steps to protect utility T&D systems from cyber threats. The first is understanding regulatory requirements. Industry seminars can help, as can good consultants and the right suppliers. Discussions with peers at industry events are also a good way to glean information about the most relevant aspects of regulation.
Much of the same information gathering path can be taken towards the second step: understanding the nature of cyber threats. As outlined in the sidebar, SCADA Systems and Cyber Attacks, threats are now expanding from attacks on general purpose computer systems to attacks on hardware and software platforms commonly used to perform real-time control and monitoring of power systems.
The third step is to identify areas of non-compliance and vulnerabilities. This is most often accomplished by a system audit, typically by engaging a technical services firm specializing in this area of SCADA security.
The fourth step is to create and enforce company-wide security procedures. A large percentage of security breaches are caused by simple mistakes such as poor password selection or use of unauthorized storage media. Eliminating these types of elementary errors will go a long way towards improving cyber security.
The fifth step is to install hardware and software that will protect against cyber attacks. For existing systems, retrofits and replacement of components on a selective basis is the common path. For new substations and other facilities, systems can be designed from the ground up with cyber security in mind.
All the information availability attacks interfere with the normal information exchanges by injecting false or useless packets into the communication networks. The false information confuses the packet recipients in recognizing the correct information. The useless packets consume a significant share of network bandwidth such that the legitimate traffic is knocked out in the network. Both types of attacks deny the information availability in the communication networks. Solutions to defend against the denial-of-service attacks rely on a careful discretion of the legitimate traffic from the attack traffic. An effective solution must be able to filter out the attack traffic to protect the legitimate information exchanges.
To prevent messages from unauthorized changes during transmission, mechanisms are needed for the message recipients to verify the originality of the received messages. The integrity protection solutions rely on the established agreements between message senders and receivers on the use of message encryption keys. The message senders use the encryption keys to compute a message digest for each message and the message receivers use the corresponding decryption keys to verify the correctness of the received message digest. The encryption and decryption keys can be either identical or asymmetric. Usually identical keys have lower computational over- head than asymmetric keys. In order to establish the encryption and decryption key pairs, key exchange protocols must be completed before the message integrity can be protected.
Message origins must be verified in the power system communication networks to prevent sophisticated attackers from impersonating legitimate power devices to transmit forged messages. The solutions to guarantee message authenticity are built on top of the mechanisms that require message senders prove their identities. The identity proofs are usually presented in the form of demonstrating the knowledge of certain secrets that are known by the message senders. The secrets used for identification are usually the same message encryption keys used for integrity, protection and therefore the authenticity enforcement schemes employ either the symmetric or the asymmetric encryption and decryption key pairs. Key exchange protocols are necessary in order to establish the key pairs.
- Password policy
- Periodic changing of passwords,
- Replacement of default passwords on newly installed equipment.
- Identification and Authentication of Users
- Periodic review of computer accounts and access rights.
- Disabling of unauthorized accounts.
- Secure E--mail protocols.
- Intrusion detection.
- Disabling of unused network services and ports.
- Secure modem connections.
- Firewall software.
- Install updated anti-virus software's.
- System Backup and Recovery plan.
Operator logs, application logs, and intrusion detection logs shall be maintained as appropriate for the purpose of checking system anomalies and for evidence of suspected unauthorized activity.
The first issue with the implementation of these standards is the higher cost. To increase the security standards in the system brings higher operational costs and also requires important investments. To start a new program of considerable investment in a company that operates in the market requires many months, semesters or a year, in order to include this program in the investment budget of the next year (more equipment, software, personnel, etc., usually require share holder approval).
The second issue is the implementation of a transition period, where companies that are currently not accomplishing the standards are allowed to keep operating in the market without penalty in order to give them a reasonable time to improve their security standards. Once this period is finished the companies that are not accomplishing the standards should not be allowed to keep working in the electric market because they represent a risk for the whole power system.
Other issue emerges when different market participants merge in one, and they have very different cyber security systems and procedures and they may not be easily merged with the ones of the preexisting company. The lack of transparency or a small delay in process a requirement of data can produce a problem of asymmetric information, since information is valuable not only for market participants but also for the whole market. Every day the automated systems are moving toward more open architecture, potentially increasing security vulnerabilities.
The development of an attack resilient electric grid is necessary to address increasing concerns to the security of the nation’s critical infrastructure. As cyber attacks become more prevalent, attackers are expanding their focus to address industrial control system environments, such as the electric grid. Additionally, the deployment of smart grid technologies expand the grid becomes increasingly dependent on ICT for control and monitoring functions which introduces greater exposure to cyber attack. The development of an attack resilient electric requires substantial research efforts, which explore methods to create a secure supporting infrastructure along with robust power applications. The developing of a secure cyber infrastructure will limit an attacker’s ability to gain unauthorized access to critical grid resources. Infrastructure security enhancements require the expansion and tailoring of current cyber protection mechanisms such as authentication, encryption, access control, and intrusion detection systems. Unfortunately infrastructure level protection mechanisms may not prevent all cyber attacks. The development of more robust control applications will ensure the grid can still operate reliably during an attack by leveraging information about expected system states and operating conditions.