Research Article
a
August
2017
Computer Science and Software Engineering
ISSN: 2277-128X (Volume-7, Issue-8)
Cyber Security in Smart Grid System
Anoop Jaysawal
Guest Faculty, Department of Electronics (CS Branch) University of Allahabad, Allahabad, Uttar Pradesh, India
DOI: 10.23956/ijarcsse/V7I8/0156
Abstract: The smart grid is an evolution of the electrical grid to respond to these challenges. A smart grid is an energy transmission and distribution network enhanced through digital control, monitoring, and telecommunications capabilities. It provides a real-time, two-way flow of energy and information to all stakeholders in the electricity chain, from the generation plant to the commercial, industrial, and residential end user. This evolution is crucial for integrating both renewable and distributed energy resources and to improve the efficiency and sustainability of the electrical grid and associated services. It will also help in other ways, such as enabling:
• Smart and positive energy infrastructures
• Increased energy density management during peaks • Real-time pricing to customers
• Integrated mobility services • New virtual power plants • Micro grid
Key word: Grid Security, smart grid security, cyber security in grid
I. INTRODUCTION
The smart grid phenomenon is something like the Internet phenomenon. It is like an ―Internet of watts‖ that can come from renewable energy sources, energy storage, electrical vehicles, or smart home appliances. Beyond these connected smart assets, a smart grid is also about ecocitizens, efficiency, green practices, mobility, national welfare, and reliability. In a smart grid environment, electric power infrastructure is modernized by incorporating the current and future requirements and advanced functionalities to its consumers. To make the smart grid happen, cyber system is integrated with the physical power system. Although adoption of cyber system has made the grid more energy efficient and modernized, it has introduced cyber-attack issues which are critical for national infrastructure security and customer satisfaction. Due to the cyber-attack, power grid may face operational failures and loss of synchronization. This operational failure may damage critical power system components which may interrupt the power supply and make the system unstable resulting high financial penalties. In this chapter, some recent cyber attack related incidents into a smart grid environment are discussed. The requirements and the state of the art of cyber security issues of a critical power system infrastructure are illustrated elaborately.
ISSN(E): 2277-128X, ISSN(P): 2277-6451, DOI: 10.23956/ijarcsse/V7I8/0156, pp. 341-346
II. LAYERED ARCHITECTURES
Energy utilities worldwide see the need for new smart grid systems, laying down a new layer of digital equipment on their existing infra-structures to interconnect all assets—from ultra-high-voltage super-grids to ultra-low-voltage micro- and Pico-grids—with buildings and homes.
Smart grid technologies bring the opportunity to enhance existing power grid infrastructures (i.e., power lines, electrical substations, network control rooms) by improving real-time assessment of system conditions. New digital equipment and devices can be strategically deployed to complement existing equipment. Using a combination of centralized IT and distributed intelligence within critical system control nodes—ranging from thermal and renewable plant controls to grid and distribution utility servers to cities, commercial and industrial infrastructures, and homes—a smart grid can bring unprecedented efficiency and stability to the energy system.
Information and communication infrastructures will play an important role in connecting and optimizing the available grid layers.
Fig 2- Smart Grid Layered Architecture
Cyber Attacks on Smart Grid
In recent years, power system has faced several cyber related attacks which have raised the question regarding the security vulnerabilities and its large scale impact on the critical power system infrastructure. Some significant issues related to cyber-attack on the power grid are discussed in the following section.
1. In the middle of 2010, a computer worm ‗Stuxnet‘ was discovered which spreads using ‗Windows‘ operating
system and targets Siemens industrial software and equipment to unstable power system operation [1]. This type of cyber-attack based on the intrusion of computer virus targeting industrial power plant introduces new threads to both cyber and physical systems [2].
2. On August 14, 2003, large portions of the Midwest and Northeast United States and Ontario, Canada, experienced an electric power blackout which remained for up to 4 days in some parts by affecting around 50 million people and 61,800 megawatts (MW) of electric load in some parts of the United States [3]. Although this historical large scale blackout is not directly related to malicious activity of the cyber terrorists, it is caused by a failure in the software program of the cyber system [3].
3. On September 28, 2003, Italy and some parts of Switzerland faced its largest power supply disruption affecting
56 million people in total [3]. This blackout is restored after 18 hours in Italy resulting huge financial loss. The blackout happened because of the technical difficulties caused by the human error and Ineffective communication within the power grid operators.
4. Another large blackout occurred in the south west Europe due to the human error on November 04, 2006 [3].
Insufficient communication was also an important issue behind the blackout.
5. According to the 2011 annual report of the Repository for Industrial Security Incidents (RISI), around 35% of
ISSN(E): 2277-128X, ISSN(P): 2277-6451, DOI: 10.23956/ijarcsse/V7I8/0156, pp. 341-346 system [4,5]. Power and utility sector faced around 12 cyber security incidents between 2004 to 2008 which is around 20% increase of this type of cyber incidents compared with the previous 4 years [4]. As ICS and SCADA is playing a vital role in a smart grid infrastructure, the cyber security concern in increasing rapidly.
Smart Grid Security Landscape
A smart grid environment relies heavily on standards, mainly to guarantee interoperability among systems. Standards also play a key role in smart grid cyber security.
Standards to develop smart grid cyber security are available today, although some enhancements and new materials will be required to reflect the evolution of the smart grid, its technologies, and threats. Some will also need to be specifically pro-filed for the smart grid environment.
The challenge is to maintain these standards over time at an appropriate pace. This will require substantial effort, but the benefit of supporting the deployment of smart grid infra-structures that are secure by design will make it worthwhile.
These security level definitions help create a bridge between electrical grid operations and cyber security. They provide guidance in helping to identify critical areas where security matters most from a global electrical grid stability point of view, starting from pan-European supergrids down to micro grids in city neighbourhoods.
Table 1- Smart Grid Security Levels
Security Grid Stability Scenario
Level Security Level Examples
• Assets whose disruption could lead to a power loss above
5 - Highly Critical 10 GW
• Pan-European incident
• Assets whose disruption could lead to a power loss from
4 - Critical above 1 GW to 10 GW
• European/country incident
• Assets whose disruption could lead to a power loss from
3 - High above 100 MW to 1 GW
• Country/regional incident
• Assets whose disruption could lead to a power loss from
2 - Medium 1 MW to 100 MW
• Regional/town incident
• Assets whose disruption could lead to a power loss under
1 - Low
1 MW
• Town/neighbourhood incident
Functionalities of a Smart Grid
Smart grid is the modernization of the traditional power grid which should ideally have some advanced functionalities [6]:
· Self-healing
· Motivates and includes the consumer
· Resists attack
· Increases power quality
· Accommodates all generation and storage options
· Enables electrical markets
· Optimizes assets and operates efficiently
Security issues of Cyber- smart grid
ISSN(E): 2277-128X, ISSN(P): 2277-6451, DOI: 10.23956/ijarcsse/V7I8/0156, pp. 341-346 A smart grid can be treated as the combination of physical power system components and cyber system infrastructure including software, hardware and communication requirements [8]. A typical smart grid architecture is shown where power will flow from bulk generation plant to end users. On the other hand, information flow will occur in both directions, i.e., in the device level for coordination and among the operators and service provider level for efficient and advanced control. Therefore, in a smart grid, both cyber and physical system securities are crucial and consideration of security issues in cyber domain and physical power system in isolation cannot capture the whole picture. According to [8], the security issues of a cyber-physical smart grid comprise of the following issues:
The physical components of the smart grid Control centres and control applications
The cyber infrastructures for smart grid stable, reliable, and efficient operation and planning The correlation between cyber-attacks and the resulting physical system impacts
The protection measures to mitigate risks from cyber threats
Fig 3- Smart Grid Architecture
III. SECURITY BY DESIGN
Since threats are constantly evolving, protection demands advanced cyber security technologies.
By providing comprehensive, real-time threat intelligence, cyber security solutions can protect systems against cyber threats across multiple vectors. Intended to collect information from devices, networks and applications, security information and event management (SIEM) systems are often focused on security events to identify risks and threats based on analysis of both internal and external data. Such systems are deployed within secure and isolated facilities, or in broadly distributed zones, which is critical for obtaining situational awareness across zones. SIEM systems collect and aggregate information from cyber systems and then provide information about risks and threats through an automated process supporting decision-making.
Application white listing can complement traditional malware protection technologies like anti-virus and is a valuable alternative when such traditional technologies cannot be deployed. Application white listing through a list of authorized files ensures that only allowed files are executed. Non-authorized software (e.g., malware) cannot be executed on systems that have this technology deployed. White listing technologies are particularly suited for environment where systems used are quite stable.
ISSN(E): 2277-128X, ISSN(P): 2277-6451, DOI: 10.23956/ijarcsse/V7I8/0156, pp. 341-346 Specific secure chipsets allow secure system remote control and maintenance (operating system, BIOS, application patches) over extra-secure networks. Such platforms can also detect if the system has been physically manipulated by logging any important action that has been performed on it and by detecting any change in the hardware components.
Hardware enforced virtualization can isolate execution environments and separate memory access, effectively containing an attack to the limit of a virtual machine. Virtual machines can easily be reloaded from their latest known stable snapshot.
An embedded trusted and secure boot process verifies the platform integrity before mounting the hypervisor and the virtual machines.
Cryptographic chips provide robust and fast encryption features (such as Advanced Encryption Standard [AES]) and random generators that can be used for communication and storage encryption. Cryptographic chips also provide a secure storage for crypto-graphic keys.
To be truly efficient, all these advanced technologies need to be adapted to smart-grid-specific models. These are necessary steps to build inherently secure-by-design smart grid end-to-end architectures.
Fig 4-Hardware Enhancement Security
IV. CONCLUSION
First experiences on smart grid demonstrations reveal that new architectures develop as combinations of new use cases and actors, to be expanded on the top of existing grid infra-structures. This requires interconnecting existing subsystems with new ones.
This inherently implies an enlargement of the grid attack surface, and so requires taking new risk mitigation measures. This must be done by taking into consideration the potential impact of an attack to the end-to-end electrical system stability for each use case considered. This requires new approaches to manage cyber contingencies in a consistent way with other traditional grid contingencies and expand grid operators‘ situational awareness through cyber attacks.
Only by understanding the smart grid, its strengths and weaknesses, and the threats it has to face will it is possible to build secure-by-design smart grid end-to-end architectures.
REFERENCES
[1] R. McMillan, ―Siemens: Stuxnet worm hit industrial systems,‖ COMPUTERWorld, Sept.14, 2010.
[2] Steven Cherry, with Ralph Langner (13 October 2010). "How Stuxnet Is Rewriting the Cyberterrorism Playbook". IEEE Spectrum.
[3] U.S.-Canada Power System Outage Task Force, ―Final Report on the August 14, 2003 Blackout in the United
States and Canada: Causes and Recommendations‖, April 2004. online:
https://reports.energy.gov/BlackoutFinal-Web.pdf
[4] Annual report 2011, The Repository for Industrial Security Incidents (RISI), Online:
ISSN(E): 2277-128X, ISSN(P): 2277-6451, DOI: 10.23956/ijarcsse/V7I8/0156, pp. 341-346
[5] 2011 REPORT ON CONTROL SYSTEM CYBER SECURITY INCIDENTS, online:
http://community.controlglobal.com/content/risi-cyber-incident-report-2011-calendar-year-out-risi-cybersecurity-pauto-automation-mfg-ma
[6] NETL, The NETL Modern Grid Initiative Powering our 21st-Century Economy: MODERN GRID BENEFITS.
Department of Energy, 2007
[7] Yilin Mo; Kim, T.H.-H.; Brancik, K.; Dickinson, D.; Heejo Lee; Perrig, A.; Sinopoli, B., "Cyber– Physical Security of a Smart Grid Infrastructure," Proceedings of the IEEE , vol.100, no.1, pp.195- 209, Jan. 2012 [8] Sridhar, S.; Hahn, A.; Govindarasu, M., "Cyber–Physical System Security for the Electric Power Grid,"
