Chapter 4

Cyber Security and The Smart Grid

5.1 Introduction

Cybersecurity, also referred to as information technology security,

focuses on protecting computers, networks, programs and data from

unintended or unauthorized access, change or destruction (University

of Maryland University College, 2014). Because many aspects of our

lives revolve around the use of computers and the Internet, the

protection of the data transmitted is vital to the security and

privacy of its users. Cybersecurity, as it relates to the smart grid,

represents a critical component to its infrastructure due to its

connectivity to other networking grid devices. Additionally, its

ability to distribute resources to the masses requires that it is

functioning efficiently at all times. This chapter discusses the

importance of cybersecurity for the smart grid and is separated into

four sections:

Cybersecurity Components: This section establishes the

foundation for efficiency in data protection focusing on the

three components (confidentiality, integrity, and availability)

which are critical in creating an effective barrier against

hackers, breaches, and other attacks.

Smart Grid Vulnerability: Because of the smart grid features

such as it connectivity to other networking devices, and

communication capabilities, attackers can use this as a point of

entry to disrupt smart grid functioning. In this section, smart

grid vulnerability will be discussed in greater detail.

Types of Attacks: This section identifies the potential

attackers to the smart grid, along with possible motives. This

section also highlights the methods (technical and non-technical)

by which attackers attempt to breach the system.

Current Security Strategies: The final part of this discussion

involves the use of strategies employed in maintaining a secure

smart grid from cyber and physical attacks.

Managing utility production and distribution processes, smart grids

automatically analyze and control the functionality and temperature of

its mechanical processes. Without security measures set in place,

cyber criminals could easily hack into the network of an organization

resulting in the theft of information, tampering of automatic

controls, reporting false consumption numbers, the overbilling of

customers, or simply stealing customers’ identities and payment

information for their personal financial gain (Campbell, 2011). 

5.2 Cybersecurity Components

As with any information system, cyber security for the smart grid

must not only attend to deliberate breaches from hackers or targeted

attacks from terrorists, but also unintentional compromises in its

information infrastructure, resulting from failures in equipment,

errors made by the user, and natural disasters. By implementing

security in three critical areas: Confidentiality, Integrity, and Availability, the

CIA (or CIA Triad) model for information security addresses these

issues. The goal of this model is to employ security within the

The Confidentiality, Integrity, and Availability (CIA) Model is used to secure anorganization or system’s information. Confidentiality ensures that access to informationis limited to authorized users, Integrity is defined as information which is reliable,

Cyber Security

Integrity

Confidentiality

Availability

system by protecting its information against theft, corruption, and

natural disasters while enabling the authorized users to retain

accessibility (Feruza, 2007). Due to the nature of the smart grid and

the vital role it plays in our energy infrastructure, it is imperative

that security protocols are placed into action in order to prevent

future compromises.

5.2.1 Integrity

Integrity is considered the foremost important component in Smart

Grid Systems which ensures that its systems and data functions

properly. Because it is used in network and data security, integrity

is subdivided into the following components, (Stoneburner, 2001)

1. Data Integrity. This process ensures that data is only

accessed and/or modified by authorized personnel. Steps which

are taken to maintain this are making servers strictly

available to specific personnel, such as network

administrators, creating policies and procedures for data

quality and data integrity, taking a risk management

approach to protecting data integrity, and including data

integrity protection as part of security awareness

program.

2. System Integrity. System Integrity refers to the quality in

which a system performs when free of impairments. Incidents

such as power surges, security breaches, and electromagnetism

are examples which can impede the performance of a system

(Sembhi, 2009).

5.2.2 Availability

In information security, availability is defined as the timely

and reliable access to the use of information. (Ghasah, 2012) This

component protects the system against the denial to access of data or

services, in addition to the accidental or intentional attempt to

delete data without prior authorization. Examples of disruption of

availability within a system can range from technical problems due to

signal disruption, malfunctioning hardware or software, natural

phenomena such as lightening, or unauthorized data attacks.

5.2.3 Confidentiality

Confidentiality maintains that any information which is applied

within the system remains private and inaccessible to unauthorized

users. Commonly used to ensure confidentiality is data encryption,

along with user IDs and passwords as a standard procedure. Preserving

authorized restrictions on how information accessed or disclosed,

users can take further precautions in maintaining confidentiality by

reducing the number of places where information appears, in addition

to the number of times it is transmitted. As a vital component in

preventing the use of information by anyone outside of the system,

confidentiality dictates that access to information is limited only to

users with authorization (Trujillo, 2012).

5.3 Smart Grid Vulnerability

As the traditional electrical grid evolves into the smart grid,

the massive network of interconnectedness between entities and devices

poses many vulnerabilities and security risks which need to be

Due to the nature of smart grid infrastructure and the number of systems which are dependent on itsefficient functioning, breaches in its security by unauthorized users can lead to problems

effecting millions ranging from disruptions in power, to obtaining confidential private informationof its users (Skyvision Solutions, 2012).

addressed. Moreover, through smart grid technology, improving the

capabilities of our current power networks and creating a more

elaborate means of controlling power systems makes it prone to various

cyber-attacks. As stated by Campbell (2011), three smart grid

vulnerabilities (industrial control systems, communications and

Internet access, and connections with other devices) are identified as

a possible means for intruders to penetrate the network. Compromising

the integrity and confidentiality of the data transmitted by these

structures, the disruption of the smart grid would incapacitate

millions of people and services would by creating a delay in the

services it delivers.

5.3.1 Industrial Control Systems (ICS)

Because of their communication capabilities and intelligence,

industrial control systems (such as SCADA systems) are capable of

controlling multiple devices, along with entire industrial processes

or automated system. Once isolated entities which operated on a

separate network, industrial control systems are now resembling IT

systems because they are being designed and implemented using industry

standard computers, operating systems, and network protocols which

makes it less isolated from the outside world (Stouffer, 2011). By

taking advantage of this, attackers attempting to breach into this

system can obtain confidential consumer information by accessing

meters in addition to sending misleading information to the grid

(Campbell, 2011).

5.3.2 Communications and Internet Access

The scale of the smart grid, along with its increased

communication capabilities makes it prone to cyber attacks (Skyvision

Solutions, 2012). The communication capabilities of smart grids and

grid devices, which were designed for two-way communication, can be

used as an access point for unauthorized users to enter into the

system. Although Internet connectivity provides a convenient mode of

communication, it can also present a readily accessible target for

hackers to access its data (Campbell, 2011).

5.3.3 Connections with Other Devices

As mentioned previously, the inherent two-way communication

feature (AMI infrastructure) of the smart grid and smart grid devices

makes it prone to cyber-attacks. While smart grids can have physical

and technical security on its premises, other “offsite”communication

devices, such as smart meters are less secure. A CNN report (Meserve,

2009) on smart meter attacks stated the following:

“….a hacker could gain control of thousands, even millions, of meters and shut them off simultaneously. A hacker also might be able to dramatically increase or decrease the demand for power, disrupting theload balance on the local power grid and causing a blackout. These experts said such a localized power outage would cascade to other parts of the grid, expanding the blackout. No one knows how big it could get.”

And again in the same report,

“…but cybersecurity experts said some types of meters can be hacked, as can other points in the Smart Grid's communications systems. IOActive, a professional security services firm, determined that an attacker with $500 of equipment and materials and a background in electronics and software engineering could ‘take command and control of the [advanced meter infrastructure] allowing for the en masse manipulation of service to homes and businesses.’”

While the AMI infrastructure provides communication between the smart

grid and its meters, the lack of protection and security that

communication devices outside of the premises of the smart grid can

lead to a compromise within the network affecting millions.

5.4 Types of Attacks

Becoming a target for attacks, the smart grid and grid devices

can be used by attackers to carry out real time surveillance,

determine personal behavior patterns, and possibly assist in acts of

industrial espionage, or terrorism (Trujillo, 2012). Arranging the

attacks by their method of entry into the network, Aloul (2012)

identifies three categories: 1) component-wise,2) protocol-wise, and 3) topology-

wise. In component-wise attacks, the field components that include

Remote Terminal Unit (RTU) are considered the target of attack. These

units are typically used by engineers to remotely design and

troubleshoot the smart grid devices. Due to the feature of remote

accessibility, RTU’s can allow an attacker to seize control and take

over an RTU thereby causing it to shut down. By focusing on the

communication protocol, Protocol-wise attacks use methods such as

false data injections (false measurement reports that are designed to

disrupt smart grid operations via compromised meters and sensors) and

reverse engineering. Finally, Topology-wise attacks target the

physical and logical layout of the systems network by launching a

Denial-of Service (DoS) attack, thereby preventing operations from

having a full view of the power system and causing inappropriate

decision making (Aloul, 2012).

5.4.1 Technical Attacks

Technical attacks are defined as a breach in the network by

exploiting the design or flaws within the network. Examples of

technical attacks are:

Compromises in communication equipment- Attackers can compromise some

of the communication equipment such as multiplexers by either causing

a direct damage to it, or using the compromise as a backdoor for

future attacks.

Eavesdropping and traffic analysis- Attackers can gain access to

sensitive information by monitoring network traffic. Examples of

monitored information include future price information, control

structure of the grid, and power usage.

Access through database links- Since control systems record their

activities in a database on the control system network then mirror the

logs into the business network, an attacker can infiltrate the

business network database to exploit the control system network.

Network Availability- An IP protocol and TCP/IP stack, which is used

in smart grids, can become subject to DoS attacks. DoS attacks can

potentially delay, block, or corrupt information transmission in order

to create a lack of availability of smart grid resources.

Modbus security issue- SCADA, which refers to computer systems and

protocols that monitor and control industrial, infrastructure, and

smart grid processes, can be attacked through the Modbus protocol of

the SCADA system which exchanges SCADA information needed to control

industrial processes. Attacks can take on the form of sending fake

broadcast messages to slave devices (Broadcast message spoofing),

locking out a master and controlling one or more field devices (Direct

slave control), or sending benign messages to all possible addresses

to collect information from a device (Modbus network scanning), to

name a few (Aloul, 2012).

5.4.2 Non Technical Attacks

Non Technical attacks are defined as a breach in the network by

exploiting human weakness, negligence of the authorized users, or poor

physical security. Examples of non technical attacks are:

Insider- An insider can be defined as an individual with legitimate

access to the network such as a current employee. Because of insider

accessibility, data from network systems can be easily stolen, copied,

or deleted. Due to the how much information is within reach to the

insider, these types of non technical threats have the potential to

be the most damaging.

Physical Security- Essential to preventing unauthorized access to

network data and protecting an organization’s personnel and resources,

physical security is one of the most important components of a

security program (Privacy Technical Assistance Center, 2011).

5.5 Current Security Strategies

Designed to provide confidentiality, integrity, and availability

inherent in all information technology security, the following

technical and non technical strategies are currently being employed to

increase the protection of the smart grid,

1. Using IPS and IDS technologies. Network Intrusion Prevention

System (IPS) and Network Intrusion Detection System (IDS)

technologies can be used to amplify the defenses of the host

system to protect it from attacks (Aloul, 2012).

2. Utilizing third party communication companies. By using third

party companies, communication devices and the security issues

involved in the transfer of data can be more effectively managed.

3. Implementing patch management programs. Patch management

programs can reduce an attacker’s ability to destroy or

compromise a security system. A patch management program which

can identify the vulnerability within a software application,

along with software updates can ensure the system’s protection

from cyber threats (Privacy Technical Assistance Center, 2011).

4. Using Transport Layer Security (TLS) or Internet Protocol

Security (IPSec). Designed to provide secure communications over

the Internet, TLS and IPSec supports network-level peer

authentication, data origin authentication, data integrity, data

confidentiality (encryption), and replay protection (Microsoft,

2014). Through mutual authentication techniques such as TLS or

IPSec, devices can know the source and destinations of their

communications.

5. Establishing effective physical security. By establishing an

effective physical security system on the premises, attackers can

be prevented from unauthorized entry into a facility. Physical

security can include access control policies and procedures,

physical barriers in the form of fences, doors, locks, and safes,

and surveillance and alarm systems.

5.6 Concluding Remarks

As more traditional power systems move towards digitally enabled

smart grids, efficiency, communications, and cost reduction of

electricity services will be greatly enhanced. Moreover, the smart

grid will introduce new data collection, communication, and

information sharing capabilities regarding its energy usage, which in

turn, will present issues regarding the privacy of its users. As a

significant infrastructure within our society, the smart grid must

continuously adapt as new vulnerabilities, privacy threats, as other

risks emerge. In addition to the role cybersecurity provides for its

users, entrepreneurs using the smart grid as a business entity must be

aware of the financial repercussions of data breaches resulting in

monetary losses, making cybersecurity a cost-saving necessity for

retaining company profits. As new solutions and strategies regarding

smart grid security are being created, users must constantly remain

watchful of attackers who attempt to compromise the network.

ReferencesAloul, F. (2012). Smart Grid Security: Threats, Vulnerabilities and

Solutions. International Journal of Smart Grid and Clean Energy.

Campbell, R. J. (2011). The Smart Grid and Cybersecurity- Regulatory Policies And Issues. Washington D.C.: Congressional Research Service.

Feruza, S. (2007). IT Security Review: Privacy, Protection, Access Control, Assurance and System Security. International Journal of Multimedia and Ubiquitous Engineering, 17-32.

Ghasah, I. (2012). Smart Grid Cyber Security, Potential Threats, Vulnerabilites and Risks.Sacremento: California Energy Commission.

Meserve, J. (2009, March 21). CNN. Retrieved October 1, 2014, from CNN.com: http://www.cnn.com/2009/TECH/03/20/smartgrid.vulnerability/

Privacy Technical Assistance Center. (2011). Data Security: Top Threats To DataProtection. Retrieved September 17, 2014, from United States Department of Education: http://nces.ed.gov/ptac

Secretariat, N. C. Smart grid connectivity diagram. Smart Grid Technology Primer: A Summary. National Research Foundation, Singapore.

Sembhi, S. (2009, February Thursday). How to Defend Against Data Integrity Attacks. Retrieved September 25, 2014, from ComputerWeekly.com: http://www.computerweekly.com/opinion/How-to-defend-against-data-integrity-attacks

Skyvision Solutions. (2012, April). Retrieved October 1, 2014, from SkyVision Solutions … Raising Public Awareness and Finding Solutions to Smart Grid, Smart Meter, and Radiofrequency (RF) Radiation Concerns: http://smartgridawareness.org/privacy-and-

data-security/smart-grid-vulnerabilities-a-more-detailed-review/smart-grid-security-threats-vulnerabilities-and-solutions/

Skyvision Solutions. (2013, April 12). Smart Grid Vulnerabilities – A More Detailed Review. Retrieved Oct 1, 2014, from SkyVision Solutions … Raising Public Awareness and Finding Solutions to Smart Grid, Smart Meter, and Radiofrequency (RF) Radiation Concerns: http://smartgridawareness.org/privacy-and-data-security/smart-grid-vulnerabilities-a-more-detailed-review/

Stoneburner, G. (2001). Underlying Technical Models for Information Technology Security. Gaithersburg: United States Department of Commerce.

Stouffer, K. (2011). Guide to Industrial Control . Washington D.C.: U. S. Department of Commerce.

Trujillo, E. (2012). Smart Grid Security: Threats, Vulnerabilities. San Diego: Sempra Energy Utility.

University of Maryland University College. (2014). Cybersecurity Primer. Retrieved October 7, 2014, from University of Maryland UniversityCollege: http://www.umuc.edu/cybersecurity/about/cybersecurity-basics.cfm