A recent Pike Research report stated that the Smart Grid security scene is in a state of “near chaos.” A massive increase in the number of data exchanges along the grid has left it vulnerable to external disruption and sabotage, with old technologies being used to address a host of new problems.
In addition, as utilities work to extract and secure consumer data, they face general apprehension and a multitude of consumer privacy issues. Across the industry, attempts to create a set of agreed-upon standards and regulations have gained minimal traction, compounded by problems surrounding recent public and private sector initiatives.
New Issues, Old Methods
The landscape has changed dramatically in terms of securing the grid. The explosion of data points, coupled with increasingly sophisticated hackers, requires a renewed approach to the security function. The tendency is to address a host of new issues with dated approaches.
Historically, security for transmission and distribution focused around several ineffective implementation methods. Private communications links were utilized, including point-to-point microwave for remote substations. Dedicated two- and four-wire links were used from control centers to substations, when possible.
The select-before-operate (SBO) command security was utilized as well, but more as a means to avoid problems with analog line noise than a cyber-security function. On top of that, a great deal of obscurity fomented from proprietary supervisory-control and data-acquisition (SCADA) protocols and dial-back modems for substations that leased phone lines instead of dedicated circuits.
When it came to actual physical security, implementation involved a fence with a gate around the substation yard and substation control houses with locked doors. The end result was that all of these individual functions point to a lack of an overarching approach, ultimately hindering the ability to effectively secure the grid.
Architecture And Security
A comprehensive architectural approach to designing smart grids helps address attendant security issues. Security on the grid needs to address physical security, cyber security, and regulatory requirements such as NERC/CIP. The Critical Infrastructure Protection (CIP) cyber-security standards were created to protect critical assets that affect the reliability of North American bulk electric systems.
Cyber-security features, including intrusion protection systems (IPS), virtual private networks (VPNs), firewalls, user and device identity, and access control capability, are important, as are IP-based physical security solutions like physical access control to premises and video surveillance. Another layer of security can be addressed at the design level, which moves security considerations to the initial planning stage.
For example, Cisco’s GridBlocks architecture features a security interlay woven through the 11 tiers via four functional groupings—as opposed to each individual tier—to help prevent overlap and inefficiencies (Fig. 1). With a comprehensive approach including architecture, physical and cyber security, and compliance, utilities can potentially reap a number of security benefits:
- Reduced system vulnerability to physical or cyber attack
- Operating resiliency against security disruptions
- Highly secure access and data privacy for smart-grid information
- Establishment of a framework for meeting regulatory compliance requirements
Four Key Principles Of End-To-End Security Infrastructure
As mentioned, utilities are undergoing significant transitions within their distribution grid. New initiatives, such as smart metering, distribution automation, remote workforce automation, and the integration of solar/wind farms, can effectively be implemented through a converged communications infrastructure that employs a shared multi-service IP network (Fig. 2).
Although Smart Grid communications may help transform the energy industry through increased reliability, performance, and manageability, it introduces a host of security challenges for utilities. Consequently, it reinforces the need for an integrated security infrastructure.
The deployment of an end-to-end security infrastructure must revolve mostly around four key security principles: access control, data integrity/confidentiality/privacy, threat detection/mitigation, and device/platform integrity. To better understand these four security principles, the following text references security applications in both the field-area network (via an advanced metering infrastructure, or AMI, example), and the substation and control center.
Access Control
Every single user, device, and application that connects to the grid requires authentication. This ensures that only authorized entities of the grid network can access the network and valid devices. Furthermore, mutual authentication of both nodes involved in a communications exchange, such as the meter attached to a house or building and control center of the Smart Grid, is necessary for it to be considered truly secure.
In our advanced metering infrastructure (AMI) example, each new smart meter added to the neighborhood-area-network (NAN) mesh is configured with a digital certificate that includes the meter’s authentication and authorization credentials. To gain access to the AMI network, which allows communication with the control center, the meter must first pass along its credentials through a field router and an authentication server. If authorization is successful, the meter is granted access and can begin communication with the control center and other devices on the connected grid.
In the substation/control center, field technicians or operations center staff must be authenticated and authorized through strong certificate-based identities and role-based access before they can view or configure devices. In addition, end-point posture assessment is necessary for devices (e.g., laptops, workstations, and servers) connected to substation and control-center local-area network (LAN) segments. This ensures detection of viruses or worms before access is granted to the network, forcing remediation procedures such as the installation of software patches or an update to the anti-virus database.
Data Integrity, Confidentiality, And Privacy
The volume of data used in utility operations requires that data privacy and integrity is ensured throughout the grid. The AMI receives large volumes of data, event messages, and commands. It’s important that all of this information remains confidential and private. Here, data encryption becomes crucial, as are mechanisms that offer the scalable generation, storage, and distribution of encryption keys.
Going back to the AMI example, data that goes between any smart meter and field-area network (FAN) must be encrypted at the link layer, which is then carried across a wide-area network (WAN) into the control center via a network-layer IPSec encryption. This assures data confidentiality and privacy, while allowing use of quality of service and other network techniques at intermediate hops. For operational and control-center data, it’s necessary to securely generate and store encryption keys on all devices, routers, IPSec head ends, and provisioning systems as network-management systems.
Threat Detection And Mitigation
The nature of a network deems it vulnerable to intrusions and attacks that threaten all devices and segments on the network. Logically separating different functional elements that should never be in communication with one another is a simple yet powerful network security technique. For both the FAN and substation/control center, there should be a segmentation and separation of traffic based on application class, as in SCADA, engineering, phasor measurement unit, physical security, and the like. Additionally, traffic from field technicians should be logically separated from AMI and distribution automation (DA) traffic.
On the AMI side, field routers utilize access lists, virtual LANs, and virtual routing and forwarding features to help manage traffic flow from different sources such as meters and field technicians. The traffic is segmented at the field-area router and delivered over the WAN backhaul to the control center or substation aggregation point. All incoming traffic is then inspected by a high-performance firewall that utilizes intrusion prevention with customized signatures to enforce security policies across multiple segments and protect critical assets.
Device And Platform Integrity
It’s vital that the myriad routers, meters, and other devices on the connected grid aren’t easily compromised and can withstand physical and cyber attacks. Field-area routers require both strong physical security features and internal mechanisms that prevent tampering. As a part of normal network operations, each router should receive remote software upgrades from the control center, while smart meters can receive firmware upgrades. These upgrades should happen only after authentication of the source and validation of the software’s data integrity.