CyberSecurity: An Excerpt From The Manual, "An Intelligent Next Step: Understanding Smart Grid...
Transcript of CyberSecurity: An Excerpt From The Manual, "An Intelligent Next Step: Understanding Smart Grid...
Chapter 4
Cyber Security and The Smart Grid
5.1 Introduction
Cybersecurity, also referred to as information technology security,
focuses on protecting computers, networks, programs and data from
unintended or unauthorized access, change or destruction (University
of Maryland University College, 2014). Because many aspects of our
lives revolve around the use of computers and the Internet, the
protection of the data transmitted is vital to the security and
privacy of its users. Cybersecurity, as it relates to the smart grid,
represents a critical component to its infrastructure due to its
connectivity to other networking grid devices. Additionally, its
ability to distribute resources to the masses requires that it is
functioning efficiently at all times. This chapter discusses the
importance of cybersecurity for the smart grid and is separated into
four sections:
Cybersecurity Components: This section establishes the
foundation for efficiency in data protection focusing on the
three components (confidentiality, integrity, and availability)
which are critical in creating an effective barrier against
hackers, breaches, and other attacks.
Smart Grid Vulnerability: Because of the smart grid features
such as it connectivity to other networking devices, and
communication capabilities, attackers can use this as a point of
entry to disrupt smart grid functioning. In this section, smart
grid vulnerability will be discussed in greater detail.
Types of Attacks: This section identifies the potential
attackers to the smart grid, along with possible motives. This
section also highlights the methods (technical and non-technical)
by which attackers attempt to breach the system.
Current Security Strategies: The final part of this discussion
involves the use of strategies employed in maintaining a secure
smart grid from cyber and physical attacks.
Managing utility production and distribution processes, smart grids
automatically analyze and control the functionality and temperature of
its mechanical processes. Without security measures set in place,
cyber criminals could easily hack into the network of an organization
resulting in the theft of information, tampering of automatic
controls, reporting false consumption numbers, the overbilling of
customers, or simply stealing customers’ identities and payment
information for their personal financial gain (Campbell, 2011).
5.2 Cybersecurity Components
As with any information system, cyber security for the smart grid
must not only attend to deliberate breaches from hackers or targeted
attacks from terrorists, but also unintentional compromises in its
information infrastructure, resulting from failures in equipment,
errors made by the user, and natural disasters. By implementing
security in three critical areas: Confidentiality, Integrity, and Availability, the
CIA (or CIA Triad) model for information security addresses these
issues. The goal of this model is to employ security within the
The Confidentiality, Integrity, and Availability (CIA) Model is used to secure anorganization or system’s information. Confidentiality ensures that access to informationis limited to authorized users, Integrity is defined as information which is reliable,
Cyber Security
Integrity
Confidentiality
Availability
system by protecting its information against theft, corruption, and
natural disasters while enabling the authorized users to retain
accessibility (Feruza, 2007). Due to the nature of the smart grid and
the vital role it plays in our energy infrastructure, it is imperative
that security protocols are placed into action in order to prevent
future compromises.
5.2.1 Integrity
Integrity is considered the foremost important component in Smart
Grid Systems which ensures that its systems and data functions
properly. Because it is used in network and data security, integrity
is subdivided into the following components, (Stoneburner, 2001)
1. Data Integrity. This process ensures that data is only
accessed and/or modified by authorized personnel. Steps which
are taken to maintain this are making servers strictly
available to specific personnel, such as network
administrators, creating policies and procedures for data
quality and data integrity, taking a risk management
approach to protecting data integrity, and including data
integrity protection as part of security awareness
program.
2. System Integrity. System Integrity refers to the quality in
which a system performs when free of impairments. Incidents
such as power surges, security breaches, and electromagnetism
are examples which can impede the performance of a system
(Sembhi, 2009).
5.2.2 Availability
In information security, availability is defined as the timely
and reliable access to the use of information. (Ghasah, 2012) This
component protects the system against the denial to access of data or
services, in addition to the accidental or intentional attempt to
delete data without prior authorization. Examples of disruption of
availability within a system can range from technical problems due to
signal disruption, malfunctioning hardware or software, natural
phenomena such as lightening, or unauthorized data attacks.
5.2.3 Confidentiality
Confidentiality maintains that any information which is applied
within the system remains private and inaccessible to unauthorized
users. Commonly used to ensure confidentiality is data encryption,
along with user IDs and passwords as a standard procedure. Preserving
authorized restrictions on how information accessed or disclosed,
users can take further precautions in maintaining confidentiality by
reducing the number of places where information appears, in addition
to the number of times it is transmitted. As a vital component in
preventing the use of information by anyone outside of the system,
confidentiality dictates that access to information is limited only to
users with authorization (Trujillo, 2012).
5.3 Smart Grid Vulnerability
As the traditional electrical grid evolves into the smart grid,
the massive network of interconnectedness between entities and devices
poses many vulnerabilities and security risks which need to be
Due to the nature of smart grid infrastructure and the number of systems which are dependent on itsefficient functioning, breaches in its security by unauthorized users can lead to problems
effecting millions ranging from disruptions in power, to obtaining confidential private informationof its users (Skyvision Solutions, 2012).
addressed. Moreover, through smart grid technology, improving the
capabilities of our current power networks and creating a more
elaborate means of controlling power systems makes it prone to various
cyber-attacks. As stated by Campbell (2011), three smart grid
vulnerabilities (industrial control systems, communications and
Internet access, and connections with other devices) are identified as
a possible means for intruders to penetrate the network. Compromising
the integrity and confidentiality of the data transmitted by these
structures, the disruption of the smart grid would incapacitate
millions of people and services would by creating a delay in the
services it delivers.
5.3.1 Industrial Control Systems (ICS)
Because of their communication capabilities and intelligence,
industrial control systems (such as SCADA systems) are capable of
controlling multiple devices, along with entire industrial processes
or automated system. Once isolated entities which operated on a
separate network, industrial control systems are now resembling IT
systems because they are being designed and implemented using industry
standard computers, operating systems, and network protocols which
makes it less isolated from the outside world (Stouffer, 2011). By
taking advantage of this, attackers attempting to breach into this
system can obtain confidential consumer information by accessing
meters in addition to sending misleading information to the grid
(Campbell, 2011).
5.3.2 Communications and Internet Access
The scale of the smart grid, along with its increased
communication capabilities makes it prone to cyber attacks (Skyvision
Solutions, 2012). The communication capabilities of smart grids and
grid devices, which were designed for two-way communication, can be
used as an access point for unauthorized users to enter into the
system. Although Internet connectivity provides a convenient mode of
communication, it can also present a readily accessible target for
hackers to access its data (Campbell, 2011).
5.3.3 Connections with Other Devices
As mentioned previously, the inherent two-way communication
feature (AMI infrastructure) of the smart grid and smart grid devices
makes it prone to cyber-attacks. While smart grids can have physical
and technical security on its premises, other “offsite”communication
devices, such as smart meters are less secure. A CNN report (Meserve,
2009) on smart meter attacks stated the following:
“….a hacker could gain control of thousands, even millions, of meters and shut them off simultaneously. A hacker also might be able to dramatically increase or decrease the demand for power, disrupting theload balance on the local power grid and causing a blackout. These experts said such a localized power outage would cascade to other parts of the grid, expanding the blackout. No one knows how big it could get.”
And again in the same report,
“…but cybersecurity experts said some types of meters can be hacked, as can other points in the Smart Grid's communications systems. IOActive, a professional security services firm, determined that an attacker with $500 of equipment and materials and a background in electronics and software engineering could ‘take command and control of the [advanced meter infrastructure] allowing for the en masse manipulation of service to homes and businesses.’”
While the AMI infrastructure provides communication between the smart
grid and its meters, the lack of protection and security that
communication devices outside of the premises of the smart grid can
lead to a compromise within the network affecting millions.
5.4 Types of Attacks
Becoming a target for attacks, the smart grid and grid devices
can be used by attackers to carry out real time surveillance,
determine personal behavior patterns, and possibly assist in acts of
industrial espionage, or terrorism (Trujillo, 2012). Arranging the
attacks by their method of entry into the network, Aloul (2012)
identifies three categories: 1) component-wise,2) protocol-wise, and 3) topology-
wise. In component-wise attacks, the field components that include
Remote Terminal Unit (RTU) are considered the target of attack. These
units are typically used by engineers to remotely design and
troubleshoot the smart grid devices. Due to the feature of remote
accessibility, RTU’s can allow an attacker to seize control and take
over an RTU thereby causing it to shut down. By focusing on the
communication protocol, Protocol-wise attacks use methods such as
false data injections (false measurement reports that are designed to
disrupt smart grid operations via compromised meters and sensors) and
reverse engineering. Finally, Topology-wise attacks target the
physical and logical layout of the systems network by launching a
Denial-of Service (DoS) attack, thereby preventing operations from
having a full view of the power system and causing inappropriate
decision making (Aloul, 2012).
5.4.1 Technical Attacks
Technical attacks are defined as a breach in the network by
exploiting the design or flaws within the network. Examples of
technical attacks are:
Compromises in communication equipment- Attackers can compromise some
of the communication equipment such as multiplexers by either causing
a direct damage to it, or using the compromise as a backdoor for
future attacks.
Eavesdropping and traffic analysis- Attackers can gain access to
sensitive information by monitoring network traffic. Examples of
monitored information include future price information, control
structure of the grid, and power usage.
Access through database links- Since control systems record their
activities in a database on the control system network then mirror the
logs into the business network, an attacker can infiltrate the
business network database to exploit the control system network.
Network Availability- An IP protocol and TCP/IP stack, which is used
in smart grids, can become subject to DoS attacks. DoS attacks can
potentially delay, block, or corrupt information transmission in order
to create a lack of availability of smart grid resources.
Modbus security issue- SCADA, which refers to computer systems and
protocols that monitor and control industrial, infrastructure, and
smart grid processes, can be attacked through the Modbus protocol of
the SCADA system which exchanges SCADA information needed to control
industrial processes. Attacks can take on the form of sending fake
broadcast messages to slave devices (Broadcast message spoofing),
locking out a master and controlling one or more field devices (Direct
slave control), or sending benign messages to all possible addresses
to collect information from a device (Modbus network scanning), to
name a few (Aloul, 2012).
5.4.2 Non Technical Attacks
Non Technical attacks are defined as a breach in the network by
exploiting human weakness, negligence of the authorized users, or poor
physical security. Examples of non technical attacks are:
Insider- An insider can be defined as an individual with legitimate
access to the network such as a current employee. Because of insider
accessibility, data from network systems can be easily stolen, copied,
or deleted. Due to the how much information is within reach to the
insider, these types of non technical threats have the potential to
be the most damaging.
Physical Security- Essential to preventing unauthorized access to
network data and protecting an organization’s personnel and resources,
physical security is one of the most important components of a
security program (Privacy Technical Assistance Center, 2011).
5.5 Current Security Strategies
Designed to provide confidentiality, integrity, and availability
inherent in all information technology security, the following
technical and non technical strategies are currently being employed to
increase the protection of the smart grid,
1. Using IPS and IDS technologies. Network Intrusion Prevention
System (IPS) and Network Intrusion Detection System (IDS)
technologies can be used to amplify the defenses of the host
system to protect it from attacks (Aloul, 2012).
2. Utilizing third party communication companies. By using third
party companies, communication devices and the security issues
involved in the transfer of data can be more effectively managed.
3. Implementing patch management programs. Patch management
programs can reduce an attacker’s ability to destroy or
compromise a security system. A patch management program which
can identify the vulnerability within a software application,
along with software updates can ensure the system’s protection
from cyber threats (Privacy Technical Assistance Center, 2011).
4. Using Transport Layer Security (TLS) or Internet Protocol
Security (IPSec). Designed to provide secure communications over
the Internet, TLS and IPSec supports network-level peer
authentication, data origin authentication, data integrity, data
confidentiality (encryption), and replay protection (Microsoft,
2014). Through mutual authentication techniques such as TLS or
IPSec, devices can know the source and destinations of their
communications.
5. Establishing effective physical security. By establishing an
effective physical security system on the premises, attackers can
be prevented from unauthorized entry into a facility. Physical
security can include access control policies and procedures,
physical barriers in the form of fences, doors, locks, and safes,
and surveillance and alarm systems.
5.6 Concluding Remarks
As more traditional power systems move towards digitally enabled
smart grids, efficiency, communications, and cost reduction of
electricity services will be greatly enhanced. Moreover, the smart
grid will introduce new data collection, communication, and
information sharing capabilities regarding its energy usage, which in
turn, will present issues regarding the privacy of its users. As a
significant infrastructure within our society, the smart grid must
continuously adapt as new vulnerabilities, privacy threats, as other
risks emerge. In addition to the role cybersecurity provides for its
users, entrepreneurs using the smart grid as a business entity must be
aware of the financial repercussions of data breaches resulting in
monetary losses, making cybersecurity a cost-saving necessity for
retaining company profits. As new solutions and strategies regarding
smart grid security are being created, users must constantly remain
watchful of attackers who attempt to compromise the network.
ReferencesAloul, F. (2012). Smart Grid Security: Threats, Vulnerabilities and
Solutions. International Journal of Smart Grid and Clean Energy.
Campbell, R. J. (2011). The Smart Grid and Cybersecurity- Regulatory Policies And Issues. Washington D.C.: Congressional Research Service.
Feruza, S. (2007). IT Security Review: Privacy, Protection, Access Control, Assurance and System Security. International Journal of Multimedia and Ubiquitous Engineering, 17-32.
Ghasah, I. (2012). Smart Grid Cyber Security, Potential Threats, Vulnerabilites and Risks.Sacremento: California Energy Commission.
Meserve, J. (2009, March 21). CNN. Retrieved October 1, 2014, from CNN.com: http://www.cnn.com/2009/TECH/03/20/smartgrid.vulnerability/
Privacy Technical Assistance Center. (2011). Data Security: Top Threats To DataProtection. Retrieved September 17, 2014, from United States Department of Education: http://nces.ed.gov/ptac
Secretariat, N. C. Smart grid connectivity diagram. Smart Grid Technology Primer: A Summary. National Research Foundation, Singapore.
Sembhi, S. (2009, February Thursday). How to Defend Against Data Integrity Attacks. Retrieved September 25, 2014, from ComputerWeekly.com: http://www.computerweekly.com/opinion/How-to-defend-against-data-integrity-attacks
Skyvision Solutions. (2012, April). Retrieved October 1, 2014, from SkyVision Solutions … Raising Public Awareness and Finding Solutions to Smart Grid, Smart Meter, and Radiofrequency (RF) Radiation Concerns: http://smartgridawareness.org/privacy-and-
data-security/smart-grid-vulnerabilities-a-more-detailed-review/smart-grid-security-threats-vulnerabilities-and-solutions/
Skyvision Solutions. (2013, April 12). Smart Grid Vulnerabilities – A More Detailed Review. Retrieved Oct 1, 2014, from SkyVision Solutions … Raising Public Awareness and Finding Solutions to Smart Grid, Smart Meter, and Radiofrequency (RF) Radiation Concerns: http://smartgridawareness.org/privacy-and-data-security/smart-grid-vulnerabilities-a-more-detailed-review/
Stoneburner, G. (2001). Underlying Technical Models for Information Technology Security. Gaithersburg: United States Department of Commerce.
Stouffer, K. (2011). Guide to Industrial Control . Washington D.C.: U. S. Department of Commerce.
Trujillo, E. (2012). Smart Grid Security: Threats, Vulnerabilities. San Diego: Sempra Energy Utility.
University of Maryland University College. (2014). Cybersecurity Primer. Retrieved October 7, 2014, from University of Maryland UniversityCollege: http://www.umuc.edu/cybersecurity/about/cybersecurity-basics.cfm