Our Friends Electric: Protecting smart grids from cyberattack

January 25, 2016

Smart grids are being increasingly promoted as a means of making electrical grids more efficient and able to support renewable energy technologies such as wind and solar, in accompaniment with demand reduction and other energy efficiency measures. However, there is widespread concern that smart technology may be vulnerable to cyberattack.

details of the electronic circuit tracks on a printed circuit board[Image: Creativity103, Flickr]

How realistic is this and what can be done about it?

In order to understand the problem, the first task is to fully understand what is actually going on in the world. For example, utilities serving power grids, water management and other infrastructure have increasingly deployed SCADA systems as a means of making their operations far more efficient, thereby in turn reducing costs.

Smart grids can in theory create a lot more opportunities for malware to attack systems, the trick being to detect whether the data being transmitted is genuine or whether it is a cyberattack. The problem increases with the amount of sensors available, given that data purporting to represent customers adjusting the sensors on their thermostats could equally be a malware attack.

Supervisory Control And Data Acquisition (SCADA) systems are control systems that monitor and control infrastructure. They use special computers called programmable logic controllers (PLCs) which were originally developed by the automobile industry but subsequently became available to other sectors such as manufacturing, power grids and water management. However, PLCs can be very vulnerable to malware, something that PLC manufacturers are very aware of. The problem with smart grids is that it becomes very difficult to discern whether an event is an actual cyberattack or whether it is genuine information being passed around by sensors, for example when numerous people in a community suddenly get up to boil the kettle. As more and more sensors are deployed, so the risk increases, particularly given that the networks of most utilities serving the grid are interconnected in one way or another.

rsz_1idaho_national_laboratory_flickrTwo INL cybersecurity specialists conduct research on a commercial SCADA system [Image: Idaho National Laboratory, Flickr]

The consequent risk to industrial equipment and infrastructure was demonstrated by the Aurora experiment performed at Idaho National Lab in 2007, and subsequently for real by the Stuxnet computer worm attack against Iran in 2010. This incident involved an attack by malware on the centrifuges used by the Iranian nuclear industry to enrich uranium. The target was the Siemens SIMATIC WinCC SCADA system and the malware successfully managed to penetrate and reprogram the PLCs controlling the centrifuges. This in turn caused them to speed up, destroying several of them in the process.

Such attacks on the power grid have also occurred in other countries around the world, and not just against high-risk targets like nuclear power plants and associated research infrastructure. For example, in 2008 the CIA revealed that cyber criminals were able to hack into the US power grid, causing at least one outage which affected a number of American cities. In 2009, the Wall Street Journal published an article confirming that spies from Russia, China and a number of other countries had indeed been able to penetrate the US electricity grid.

The usual safeguard against cyber-attack involves the creation of an ‘air-gap’ between systems. In short, rather than being networked, information is transferred from one system to another by flash drives and other such mobile data storage mechanisms. This isolates the system from unsecured networks, such as the Internet or various local area networks. This approach is used particularly by the military and government, in finance, in various industrial settings and in any situation in which an attack may cause loss of life such as commercial aviation, in hospitals or in a nuclear power plant.

PLC manufacturers are very aware of the threats to their products from malware. The usual solution is to create an air-gap between systems. Another approach is to isolate a network from the internet. However, the Stuxnet worm was specifically designed to overcome these safeguards, enabling it to search for predetermined procedures such as the use of a flash drive between systems.

The risk of cyber-attack is increasing as global societies steadily develop an ‘internet of things’ (IoT) – a network in which electrical devices and many other objects are embedded into the internet. Michael McElfresh, Adjunct Professor of Electrical Engineering at Santa Clara University, writing in energypost, in June 2015, argued that this is of particular concern to utilities operating power grids. Indeed, the US Department of Energy (DoE) believes cybersecurity to be one of the main challenges facing power grids today as they develop. It is not for any idle reason that the US Department of Defence is also taking notice, particularly when it comes to potential threats from terrorists. Naturally, therefore, it is watching the situation closely.

According to the European Network and Information Security Agency (ENISA), an organisation established by the European Union to address network and information security issues, attacks on the power grid prove that software and hardware deployed in support of smart grids are high priority targets for cyber criminals and therefore have to be considered as high risk components of the power structure. ENISA believes that one way to address the problem to start reducing barriers to information sharing on cybersecurity. Unfortunately, all too often, such information is ignored because of budgetary constraints and lack of funding and expertise. What is needed is an end-to-end security strategy beginning from the very bottom where smart devices are deployed right through to upper layers of the network where the smart infrastructure is integrated into corporate systems.

The key to this, according to an ENISA report published in 2012, is the construction of a standard centralized architecture with incident detection systems built into the smart grids. This would include security monitoring sensors with signature-based software. A central monitoring centre for data collection and analysis is also required in addition to monitoring centres that can conduct vital research on emerging threats.

Israel is one country that is in the forefront of attempts to develop measures against cyber-attack, with many Israeli companies, such as Waterfall Security Solutions and Cyber-Gym, already actively working to ensure that their own country’s critical infrastructure is safe, particularly with regard to electricity, water, communications and transport systems. What is really encouraging about this is that as these companies develop new solutions to potential problems, so the innovations they provide are also becoming available to other countries around the world. Some companies, Cyber-Gym included, also provide training for IT personnel, including ‘war-game simulations’ demonstrating how to respond to an attack.

rsz_christiaan_colen_flickr[Image: Christiaan Colen, Flickr]

There are some people who say that the risks to critical infrastructure are too great to justify a transition to a totally smart society, but this ignores the many benefits that smart energy can bring.

“The proliferation of sensors and actuators will continue” said JP Rangaswami, chief scientist for Salesforce.com, speaking to The Pew Research Centre. “‘Everything’ will become nodes on a network. The quality of real-time information that becomes available will take the guesswork out of much of capacity planning and decision-making. We will really understand what it means to move from ‘stocks’ to ‘flows,’ as in the Hagel-Seely Brown-Davison model. The net effect will be to reduce waste everywhere: in physical flows and logistics, in the movement of people and goods; in logical flows and logistics, in the movement of ideas and information; decisions will be made faster and better, based on more accurate information; prior errors in assumption and planning will be winkled out more effectively.”

Philippe Brami of Schneider Electric Israel believes that connected energy solutions are more than just a luxury, they are an essential component of an increasingly complex global society that are indispensable for future power generation. This is particularly true given the rate of growth of many of the world’s cities which, although they only cover just 2 percent of the Earth’s surface, contain over half the global population, consuming 75 percent of the energy generated and emitting 80 percent of human-produced carbon into the atmosphere. At the current rate of growth, urban capacity will have to double by 2055.

Emil Koifman, chairman of the SEEEI electricity conference, held in Eilat in April 2015, points out that wasted energy is already a major problem.

SEE ALSO: 6 Important Benefits of Smart Meters

“Wasting natural resources and pollution are the toughest problems of the global community” he explained, speaking to The Jerusalem Post. “The world economy and the economy of every country is based not only on what is produced but what is wasted.”

Koifman believes that smart solutions will help to tackle the problem of around 40 percent of global energy currently wasted, but he pointed out that they also present an opening for anyone wishing to bring down critical systems.

Yitzhak Balmas, of the Israel Electric Corporation, added that Israel has already warded off a number of cyber-attacks and that the solution is an integrated, holistic approach with strong coordination between governments, citizens and the private sector.

Fortunately, the world’s governments are already taking action to minimize and counter the risks. For example, in 2012, the National Academy of Sciences called for more research on grid resilience and for modernization of the grid by utilities. This is beginning to happen, so that the US Department of Energy now operates something called the Cybersecurity Risk Information Sharing Program (CRISP) while the Department of Homeland Security runs a National Cybersecurity and Communications Integration Centre (NCCIC) which coordinates the sharing of information among utilities pertaining to the strategies of potential cyberattacks on the grid.

Meanwhile, the National Institutes for Standards and Technology (NIST) and the Institute of Electrical and Electronics Engineers IEEE are developing new smart grid and technology standards, focusing particularly on security, while the Department of Defense has established a special command called the United States Cyber Command (USCYBERCOM).

rsz_uscybercom_logo[Image: US Cybercom/Wikimedia Commons]

Universities are joining in, with institutions such as Florida International University (FIU) teaming up with other universities as part of the DoE’s Center for Securing Electric Energy Delivery Systems (SEEDS) funded by a $12.2 million DoE award to conduct further research and development in this area. Meanwhile, the EU has funded the SESAME project to help protect European power grids.

So yes, the risk is there, it is very real and could be, and has been, very damaging.

But global governments are now very aware of all this and are responding appropriately. And that should now make everyone feel a lot comfortable about a future in which power systems will undergo a radical new transition, to the benefit of us all.