Combating Smart Grid Vulnerabilities

March 18, 2011
Cyber Security, FedCyber Wire
No Comment

via Ensec

In 2009 the Journal of Energy Security published an article, The Security Vulnerabilities of the Smart Grid, which described how many characteristics of the emerging Smart Grid were likely going to make it more susceptible to cyber attack. This article attempts to describe vulnerabilities, their sources, the conditions that have lead to them, and some of the ways utilities are combating them even as they deploy new Smart Grid components.

The following factors have accelerated to move toward a Smart Grid:

  • There has been a well documented increase in recent years in the number and cost of outages.
  • Much of the current grid infrastructure is reaching the end of its expected life cycle. Some of the grid infrastructure is being replaced, but Smart Grid-derived efficiencies may help extend the life of some of this equipment as well.
  • Nearly 50% the people who run the grid are within a few years of retirement. Increased automation of many tasks may help ease the burden on the smaller utility workforce in the next few years.
  • While states are mandating greater use of renewable energy sources, the old grid is unable to handle intermittent generation, both grid-scale and distributed.
  • The arrival in 2011 of what’s anticipated to eventually be a significant new source of load, all electric vehicles (EVs) and plug-in hybrid electric vehicles (PHEVs), will put additional stresses on systems already functioning close to their design capacity.
  • The desire to exploit new efficiency gains made possible by increasing use of smart meters, distribution automation, myriad new sensor and measurement devices, etc.

As the last bullet suggests, the Smart Grid revolution is being driven by information and lots of it. In order to capture, transmit, analyze and use this information to the fullest extent, we’re basically connecting everything to everything … and therein we find the security-rub.

In the past, while enterprise-class cyber security controls on utility systems were not widely implemented, the fact that important systems were largely isolated and disconnected from external networks made it difficult if not impossible for cyber attackers to reach them. Now we’re purposefully constructing pathways that make it easier for those intent on navigating networks, probing for vulnerabilities, and exploiting them to steal sensitive data or disrupt operations. On top of that, while there are islands of security excellence among electric utilities, the overall reputation of the industry is that it’s lagging on cyber security awareness and preparations when compared to other sectors. But there’s more to this story than is at first apparent.

Story here.