PART 2: POWER GRIDS CYBERSECURITY Why smart power grids are creating a bigger cyber security risk
This is the second in a two-part miniseries discussing the cyber security threat to power electronics in different applications. The first article looked at electric vehicles as one critical area of susceptibility; this article discusses how electric power grids present another significant risk factor.
According to French think-tank Institut Français des Relations Internationals (IFRI), the power sector has become a prime target for cyber-criminals in the last decade, with cyberattacks surging by 380 % between 2014 and 2015. Motives include geopolitics, sabotage, and financial reasons. And the trend continues: In June 2021, the US DoE Secretary Jennifer Granholm told CNN that enemies of the United States have the capability to shut down the U.S. power grid, and “there are very malign actors trying, even as we speak.”
Granholm was discussing President Joe Biden’s push to better secure the utility sector, which faces a growing threat from ransomware and attacks on operational technology. There are mandatory security requirements and high levels of redundancy built into the U.S. bulk power system, but when asked if a sophisticated hacker has the capability to crash the grid she replied soberly, “Yeah, they do.”
Not all attacks are about sabotaging a power grid’s operational capability. Lila Kee, general manager for GlobalSign’s North and South American operations comments “Attackers are getting smarter and as we move OT online the threat surface will be wider, but what these hackers are doing is espionage. They’re going after data, they’re going after intellectual property”. Nevertheless, operational threats do exist, and their effect if successful can be catastrophic.
Cyber-physical systems and vulnerabilities
An IEEE document titled ‘A Survey on Power Grid Cyber Security: From Component-Wise Vulnerability Assessment to System-Wide Impact Analysis’ considers smart grids to contain the largest cyber-physical systems (CPSs) in the world. A CPS can be viewed as the integration of two component types: cyber and physical. The physical components are the parts of the system that directly connect to the physical world. The remaining parts that interact with the physical world via communication media are cyber components. A field device or sensor with an analog output is one example of a physical component, while a remote terminal unit (RTU) that connects with such sensors and provides onwards communications is generally considered as a cyber component.
As physical components - power components and other devices - are now being integrated into CPSs, they are becoming visible and controllable, with many implications for improved efficiency and predictive maintenance. However, the communications aspect also opens up vulnerability to cyber-attack. The explosive growth in communications equipment supporting power grid infrastructures, together with the number of various stakeholders in the electricity markets, are the main reasons for this growing cyber security challenge. Specifically, this challenge affects four key areas:
Operations: Grid operations infrastructures, which maintain complicated networks of communications devices, pose the greatest risk. The SCADA systems they use communicate with all other domains, so attacks on them can cause severe consequences. By invading SCADA systems, attackers are able to alter the distribution of power flow and affect system state estimation. In addition, attackers may even seize control of SCADA networks, causing devastating failures throughout the power grid. The well-documented Ukrainian blackout in 2015 is one example of this type of attack.
Generation systems: Attackers invade generation systems to create chaos during equipment operation. This type of attack can cause a device to act at the wrong time or simply not at all. Such attacks can also target and destroy the power balance between supply-side and demand-side. This situation is becoming more frequent due to the rising number of renewable power plants. Unlike traditional power stations, renewable power plants rely on energy sources at very distributed locations.
For example, solar collectors are generally located around buildings or on rooftops, while bioenergy depends on specific environments such as farms. The rise of distributed renewable power generation increases the amount of communication equipment, making such generation systems inherently more vulnerable to cyber-attacks.
Electricity market: In the traditional monopoly market model, generation and transmission networks were mostly owned by the same company, therefore their communications were conducted through a relatively secure intranet. In many current electricity markets, however, the growing number of players such as generation companies and distribution companies increase the difficulty of intranet communications, and the number of vulnerable communication links. These give attackers more opportunities to influence energy bidding and distributed energy resource aggregation.
Distribution, customer, and service provider domains are the primary targets for privacy attacks. Customer information systems, third-party providers, smart meters, and advanced monitoring infrastructures (AMIs) are novel supporting infrastructures with two-way communication capabilities, while electric vehicles and smart houses are new products that collect huge volumes of private customer data. Attacks against any of these systems can lead to the leakage of customer information and result in inaccurate billing.
Within these various domains, it is possible to identify specific components which are susceptible to cyber-attacks:
Protective relays are secondary protection devices that switch circuits on or off by detecting changes in electrical current and voltage signals. They use the IEC61850/Modbus communications protocol to receive real-time commands that determine their actions.
Remote terminal units (RTUs) and power line communication (PLC) devices are common in power plants and the transmission and distribution networks, and are installed at remote sites to monitor, measure, and control field devices. These components depend on Modbus and DNP3 protocols to interact with other devices.
The phasor measurement unit (PMU) performs synchronous phasor measurements and outputs, along with dynamic recording based on a standard clock signal in the transmission system. The communication standard IEEE 37.118 is implied in the PMU synchronization data exchange process.
The smart meter is a modern client-side information collection device with two-way communication capabilities. Modbus is one of the most widely used smart meter communication protocols.
Servers in each domain interact with SCADA in operations and the market through numerous communication channels, including WANs, Internet, LAN, FAN, and others. This wide assortment of communication paths contains many complex protocols.
Smart grids are increasingly becoming the norm because they allow the integration and balancing of multiple, small, geographically-distributed power generators, including renewable energy types. This contrasts strongly with traditional systems that were based on large, centralized power stations.
But managing and balancing this ‘power generation diversity’ depends on the smart grids’ intelligence and communications capabilities – the same came capabilities that open up cyber-attack vulnerabilities.
As well as discussing these vulnerabilities, the ‘A Survey on Power Grid Cyber Security: From Component-Wise Vulnerability Assessment to System-Wide Impact Analysis’ paper suggests some countermeasures and opportunities for further research.
The paper establishes the causal chain from component-wise vulnerabilities to system-wide impacts on power grid cyber security. It surveys current state-of-the-art literature, enabling existing research to play a more powerful role in developing the prevention against cyber-attacks on power grids. It also summarizes known countermeasures for cyber-attacks.