in Up Front
print the content item



There has been significant debate among security experts as to whether the power grid can be hacked. The short answer is yes - anything directly or indirectly reachable from the Internet can be hacked, whether it be a computer, smart car or even a toilet. This, of course, includes power grid control systems. The real question is: What is the risk of an attack causing a large, long-duration power outage? This is where opinions vary wildly and where the stakes for society at large are very high.

The many faces of power grid cybersecurity
Earlier this year, the Department of Homeland Security (DHS) issued an alert that hackers posed an increasing risk to electrical utilities, noting that "in at least one case, the attackers successfully obtained all the information needed to access the industrial control systems environment." DHS risk assessments are based on the presumption that an attack will happen and compare our enemies' capabilities to our defensive capabilities. In many cases, the DHS concludes that our defenses are lacking.

Power system experts respond to the criticisms of the DHS and other authorities by downplaying the threat of attack due to the very complex, diverse and redundant mechanical, electrical and digital protection systems in the power grid. After all, the biggest 100 power plants in North America make up less than 10% of the grid's total generating capacity. This would make a successful, coordinated attack seem prohibitively complex.

The problem is that while the stability of the grid has been evaluated repeatedly for threats ranging from random failures to natural disasters and massive solar storms, comparatively little work has been done to evaluate the grid's stability in the face of a concerted cyber attack. For example, large numbers of the grid's generating turbines are monitored centrally, and even controlled centrally, by a very small number of vendors and service providers. These central hubs are gateways to large numbers of uniformly configured targets. Not only that, but as shown by Stuxnet - a state-sponsored computer worm developed in 2010 to disrupt Iran's uranium enrichment facilities - sophisticated attacks on very complex systems are very much possible.

Other experts maintain that the grid is too big to attack simultaneously and information sharing will save us. If our enemies must attack sites more or less sequentially and if we are able to ensure that information about the nature of the attacks is quickly and widely disseminated, then a small number of sites may fall to the attacks, but the larger grid can take steps to neutralize the specific attack channels used by the attackers. This line of thinking assumes, however, that the initial targets have cyber-forensics technology deployed and the expertise available to quickly analyze data from successful attacks. There is also an assumption that the sites can detect the attack in the first place and not mistake it for a series of accidental failures.

Yet, most sites in the power grid do not have these capabilities. And even for those sites with sophisticated cyber-forensics capabilities, the example of Stuxnet again shows that there may be a very long delay between suspecting that an attack is under way and finding a way to conclusively identify the attack and publish a way to neutralize it.

Furthermore, power generators are not the only targets in the grid. There are over 10,000 large transmission substations in North America and countless smaller substations. Even when protected by a firewall, substations are easily breached, and substation components tend to be simple and easy to manipulate.

Power grid balancing authorities and other control centers are also targets. These sites send a constant stream of commands to other utilities in the grid, telling them what to do: produce more power or reduce it; open up more transmission lines or shut them down; trigger automatic load-shedding or give the "all clear" to start large loads up again. Compromise even one control center and a significant chunk of the power grid is in serious trouble.

So, who is correct?
All of the points these various experts make have merit, and the debate continues as to whether our enemies currently have the ability to launch a serious attack on the power grid or if they are still developing that capability. In a real sense, though, the debate is immaterial. Power grid security research is not keeping up with the rapid increase in network connectivity in the power grid and the rapid increase in the sophistication of network-based cyber attacks. If the power grid really is not yet vulnerable to a widespread attack, it soon will be.

To help improve power system security, the North American Electric Reliability Corp. (NERC) created the Critical Infrastructure Protection (CIP) plan, a set of standards and requirements that cover the security of electronic perimeters and critical cyber assets. Some have criticized these standards as having created a compliance checklist rather than a culture of security. A stated objective of the new NERC CIP Version 5 standards is to reverse this condition and encourage a culture of security rather than one of compliance. Time will tell how successful this initiative will be.

The bigger picture
What's clear is that current conventional defenses are not enough. Business networks generally lie between control networks and the rest of the Internet. This means that business networks become the conduit through which control systems are targeted, and advanced attackers have proven their ability to compromise business networks almost at will, as well as their ability to punch through industrial firewalls almost as if they did not exist.

In short, power grid security research needs to catch up with the realities of modern control system architectures and threats. New threats are rising faster than can be addressed with IT-style protections.

Where to go from here
Fortunately, technologies are emerging that provide stronger security than firewalls in protecting industrial control networks. For example, hardware-enforced unidirectional security gateways are being installed on both new and existing control systems. This is one-way communications hardware that sends business-critical information out of a protected network without any chance of an attack getting back in. One-way application integration is simplified by making real-time copies of servers and applications - copies that are located on the business network and used by business users and applications. The replicas can then be used or abused by the business network, without any impact on the protected industrial systems.

Many practitioners have the impression that firewalls could be used for precisely this purpose, but firewalls do not move industrial data while protecting industrial systems. Firewalls are fundamentally designed to expose select industrial systems to the business network so that business applications can send those industrial systems requests for data, or send attacks to those industrial systems, as the case may be. Every path through a firewall is also an attack channel. Unidirectional networks maintain real-time replicas of those industrial systems for business users to query, without exposing the original industrial systems, or the networks they are part of, to attacks from external networks.

Looking forward, the best way to remain secure is to start with a healthy paranoia - consider the business risks, safety risks, reputational risks and regulatory penalties associated with a failure of power grid components stemming from a cyber assault. Recognize that cyber-sabotage techniques are becoming rapidly more sophisticated and adopt the DHS mentality that you are, or will soon be, a target. Then ask how, not if, you will be attacked, and evaluate your defensive capabilities against the proven capabilities of persistent attacks. Control systems can be secured against current and emerging threats, but only if an organization accepts that the risk of an attack is real and that this risk is unacceptable.

Andrew Ginter is vice president of industrial security at Waterfall Security Solutions, a provider of security networks and equipment for industrial control networks and critical infrastructures.

Hybrid Energy Innovations

Hybrid Energy Innovations 2015
Latest Top Stories

USDA Invests $1.4 Billion To Boost Rural Grids Around The Country

The U.S. Department of Agriculture (USDA) has announced more loan guarantees for rural power companies and renewable energy firms in 21 states.


SPP Raises Concerns About EPA's Proposed Clean Power Plan

Stakeholders around the U.S. are mulling over the Environmental Protection Agency's blueprint to cut emissions from existing power plants. The Southwest Power Pool has released its assessment of the plan.


Comverge, Constellation To Merge Demand Response Businesses

The two companies have announced a deal to combine their DR operations serving commercial and industrial customers and establish a new, standalone entity.


Grid-Scale Energy Storage Continues Making Inroads

A new report from Navigant Research highlights the biggest markets and most popular technologies for grid-scale energy storage.


Demand Response And Renewables Help SDG&E Tackle Record-Breaking Heat Wave

San Diego Gas & Electric (SDG&E) recorded peak demand records last week and relied heavily on energy conservation, as well as imported wind and solar power, to keep the lights on.

S&C Electric_id176
edf_id180