NERC’s new standards require utilities to lock down network ports and services. Compliance calls for a systematic approach to cataloging and tracking.
Securing Tomorrow's Grid (Part I)
Protecting smart systems against cyber threats.
The electric sector has steadily expanded the use of electronic controls and automation technologies during recent decades. But the widespread implementation of smart grid technologies will mark a notable shift in the U.S. electric grid, changing the way it operates, communicates, and ultimately delivers power. Millions of digital devices interconnected through complex public and private communication networks will collect a large amount of data to better understand the behavior of the power grid, enable greater automation to reduce system outages, improve system efficiency and resilience, and provide information for customers to better manage their electricity use. But these benefits will also be accompanied by a host of new cyber security challenges. Of the seven smart grid domains—as defined by the National Institute of Standards & Technology (NIST) 1 (See Figure 1) —the transmission, distribution, and customer realms will see the greatest changes.
Smart grid technologies enable utilities to operate complex systems that collect data from hundreds of advanced sensors throughout the transmission system and from thousands more sensors throughout the distribution system. Utilities will gather and distribute data across jurisdictional and organizational boundaries to communicate with third-party service providers, other energy providers, distributed renewable energy devices, and customer systems. The smart grid will change power T&D system operations by making operational data available in greater quantities with higher quality, and by using this data to improve and further automate grid operations. These changes will give operators more visibility into the real-time behavior of the electric grid, but they will also increase the importance of protecting the availability and integrity of system data, since access to this detailed operational data can be valuable to hackers interested in monitoring the grid or spoofing system data to induce instability. More frequent and detailed information will allow operators to operate the grid more efficiently and closer to limits, but also creates a corresponding reduction in margin for error, and therefore an increased dependence on data security.
Historically, distribution systems passed limited information from the utility to the customer—high-level pricing and usage data in each monthly bill—and little to no information was passed in the other direction, from the customer back to the utility. The smart grid will use two-way communications systems to provide more extensive and detailed information in both directions.