As the convergence of physical and cyber threats continues to grow, companies in the energy sector need to work together to strengthen resilience and bolster response for the next generation smart grid.
Cyber attacks have dominated the headlines and devastated a slew of companies over the past few years – from Equifax to Yahoo, Deloitte to Merck – compromising millions of people’s information and costing billions of dollars in losses to those businesses.
But, of particular concern is the risk of attack on the electric grid, with one report showing that the US grid was being attacked as much as every four days by a cyber or physical attack – that’s nearly 100 times a year. What’s more, every year, the energy sector is among the top three most attacked critical infrastructure sectors in the US.
These repeated security breaches have raised concerns in the industry around the impact of a broader outage. Imagine how onewidespread outage lasting even just a few days could disable everything in our increasingly connected, digital landscape – from traffic lights to cellphones. It could even threaten lives, for example, of patients in hospitals or other healthcare facilities that may have exhausted their backup power supply.
Those risks to the grid are increasinglytop of mind for utility executives around the world. In fact, according to a recent report from Accenture, almost two-thirds (63 per cent) of utility executives believe their country faces at least a moderate risk of electricity supply interruption from a cyber attack on electric distribution grids in the next five years. This figure rises to 76 per cent for North American utility executives alone.
And whether it’s interruptions to the power supply from cyberattacks, or a physical threat to the distribution grid, only 6 per cent of utility executives feel extremely well-prepared when it comes to restoring normal grid operations following a cyberattack.
So, how can utilities boost their confidence and ensure their security measures are meeting the needs of the next generation smart grid?
The opportunities and challenges
Advances in information technology and communications, coupled with the explosive growth of the Internet of Things, have come together to give rise to new opportunities for our smarter and more efficient lives. In fact, by 2020 the number of connected devices is expected to reach 24 billion, with the total number of mobile connected devices alonedoubling to 12 billion.
In particular, this convergence is shaping the functionality and promising future of the next generation smart grid. Utilities are benefiting significantly – empowered with real-time data and analytics on the operation of their systems. Customers have realized the opportunities as well, seeing greater visibility into their energy usage, which can help them make more informed choices that will save them money.
Increased connectivity enabled by the smart grid is clearly driving significant benefits for utilities, customers and communities as a whole in the form of improved quality of service and operational efficiencies. But,with these benefits also come increased risks – both from the proliferation of devices and increasingly sophisticated intrusion capabilities.
The size of the smart grid and its increased communication capabilities can make it more prone to cyber attacks. At the same time, utilities requiretechnologies that support an increasing variety of these electrical services and applications.
Yet, many of those technologies – such as 802.15.4g, Zigbee (6LoWPAN), and broadband over Power Line (BPL) – have latency issues, limited scalability, and in some cases low bandwidth and other limitations, making them difficult to monitor and maintain.BPL, for example, has no transformer monitoring capabilities, thus making it difficult for a utility to act upon any real-time diagnostics that might indicate current or near-term failures.
Securing the next generation smart grid
More than four in 10 utility executives claim that cybersecurity risks are not or are only partially integrated into their broader risk management processes.And with the impact of a major energy grid cyber incident on the US economy estimated to be between $243 billion and $1 trillion dollars – the cost of 40–50 major hurricanes – utilities’ focus on grid cybersecurity is of paramount importance.
In fact, just recently, the Department of Homeland Security and the Federal Bureau of Investigation notified energy and industrial firms of sophisticated hackers that were attempting to penetrate industrial control systems used by the electrical and nuclear power industry, and other sectors. To maximize the full capability of the grid, utilities must invest in effective response and recovery capabilities, as well as the overall resilience of the grid – and do so now.
A critical piece of this is not only in constructing a stable and reliable communications network, one which providesa wireless, scalable, secure and mesh-enabled environment – but one that also has extensive cybersecurity measures in place that guarantee continuous operations and real-time performance.
In particular, this mesh network must enable us to seamlessly integrate Wi-Fi enabled products and mobile devices – and do so securely through multiple-level security measures. The key to maintaining security and the effectiveness of this approach is ensuring that every new device that connects to the grid is protected – whether it is big or small.
One measure, for example, is to drop the older Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA)security protocolsin favor of the more modern, secure Wi-Fi Protected Access II (WPA2) password protection, updated to address recent published vulnerabilities such as KRACK and augmented with other security measures such as MAC ID authentication. Another critical security measure is encrypted cloud storage with SSL certificate service access, which effectively secures data and information stored or shared through encryption. This provides both utilities – and customers – with the peace of mind that their data is secure from hacking.
In addition, a Wi-Fi-centric network can help to provide utilities with real-time, actionable data and visibility into their systems and how those systems are operatingthrough the use of cloud-based “big data” analytics platforms. This infrastructure will enable utilities tovisualize overall network health to more quickly identifyproblems for immediate action – whether those problems are from cyber attack, natural disaster or other issues.
For example, if there is a physical attack on a transformer or a reported outage, a utility can see the exact location of the problem in real-time – formerly a manual and time-consumingendeavor. And in doing so, utilitiesmay be empowered withthe insights needed to be more vigilant in specific locations, and prevent those issues from happening again.
Considering these security protocols and others is critical if we are to collectively strengthen the resilience of the smart grid against near future attacks.
Recently, we heard the news of the hacking of a dozen power plants, including the Wolf Creek Nuclear Operating Corporation – and it’s only a matter of time before there are attempts at more widespread attacks on the grid around the world.
As the convergence of physical and cyber threats continues to grow, we need to work together to strengthen resilience and bolster response for the next generation smart grid.
Scott Foster is Chief Executive of Delta Energy & Communications
OTHER IN-DEPTH CYBERSECURITY CONTENT:
The anatomy of ICS cybersecurity
The cybersecurity skills chasm