State commissions can select from a toolkit of regulatory approaches to promote desired utility cybersecurity behavior. One approach is to allow the industry to selfregulate, and another approach...
Cyber Attack! - Smart-Grid Security
Intelligent power grids present vexing cyber security problems
the company posed a series of questions to vendors and consultants about security safeguards for smart-grid systems. “We asked for ideas about design criteria and architectural recommendations,” Stone says. “We recognize the security issues that are out there, and that’s why we’re trying to bake security into the architecture.”
That means designing new devices and systems with strong security measures. But it also means adding security patches, encryption and authentication measures to existing systems; maintaining all those systems so they are up to date with changing threats and countermeasures; and diligently applying security protocols to ensure only authorized users and valid data are admitted into the system.
“The big challenge with security is managing credentials,” said Ron Ambrosio, who manages the Internet-scale control systems project at IBM’s Thomas J. Watson Research Center, speaking at the Grid-Interop event in November. “In smart-grid application, if I need to get from a thermostat to a real-time market, I need a secure path through there, even if it’s passing through other people’s machines. We need to include security credentials in a cyber-physical business-systems architecture, so encryption is being managed from end to end.”
However, this kind of security is easier said than done.
Encrypted data can travel securely through every link in the smart-grid chain. But each link in that chain might create an opening for an adversary to corrupt the data stream—or worse, to hack into data-management systems. Adding authentication protocols to every link can prevent adversaries from accessing the network and intercepting or misusing data. But it also can create a bigger operational problem.
“The issue is in control systems, where timing is so critical,” Bucciero says. “The existing systems were designed to function in a safe environment.” Securing such systems can be difficult; it requires careful engineering to allow authentication and encryption while still maintaining the timing sequences necessary to keep equipment functioning.
Even with end-to-end encryption in place, effective security also must include intrusion-detection systems to catch hackers or malicious code that might somehow penetrate the perimeter, and block whatever they’re trying to do (see “ What Price, Security? ”).
“With surveillance and management of the network, we can observe what’s going on,” says Jake Rasweiler, vice president of engineering and network operation for Arcadian Networks. The company provides wireless networks for distribution systems, with built-in layers of security, including authentication and encryption. “If someone gets into the network and does something they shouldn’t, an effective monitoring system allows the utility to track that and take it down,” Rasweiler says.
Securing the smart grid requires a multi-level strategy, rather than one that relies on a single impenetrable wall to keep adversaries out. Such a strategy includes both physical and electronic safeguards, to repel intruders at every doorway into and throughout the system.
“You don’t want a hard, crunchy exterior and a soft, chewy interior,” says Darren Highfill, utility communications security architect with consulting firm EnerNex Corp. “You want many layers of security. The outer layers are deterrents. The next layer is prevention, and several other layers follow