Cybersecurity In Critical Infrastructure: Protecting Power Grids and Smart Grids

Infrastructure like water system, supply system, telecommunication networks, and power plants are critical assets for any country in that the destruction and incapacity of such systems poses an adverse effect on security, economy, health, and overall welfare and existence of any country. The integration of digital and cyber warfare into traditional warfare has necessitated the need to adequately secure those critical infrastructures as they become top target by state actors in case of conflict and war.

Most systems in modern society are electricity driven which makes power and smart grids very crucial as they underpin nearly all other critical infrastructure. A successful attack on this infrastructure will have a cascading effect on all other critical infrastructures. This article discusses the evolution of power grids, threat landscape and vulnerabilities in power and smart grids. It also examines real world case studies of cyber- attacks on power and smart grids analyzing the incidents and concludes with security strategies and best practices for protecting power and smart grids.

Evolution of Power and Smart Grids

Traditional power system also known as power grids are a one-way system for distribution of electricity from producers to consumers and are vital for functioning of businesses, society, and government at large. They are manually controlled with limited capacity for integration with renewable energy. Advance in technology and digital evolution led to the development of modern versions of the traditional power system that makes use of digital technologies for monitoring, management, synchronization, and transportation of energy from multiple sources to meet the varying demands of the consumers. These smart grids, unlike the power grids, are two-way communication systems with automated control and real time monitoring and allows for easy integration of renewable energy which improves the reliability and efficiency of electrical power systems.

Components of Smart Grids Communication Network

Some of the major components of the smart grid communication network include the following which allows for seamless two -way communication between utilities and consumers include the following.

Control Center: This is the central hub for monitoring and managing the entire grid. It accepts data from all other components and sends control signals for grid operation management.

Substation:  Transforms high voltage from the transmission network to lower levels suitable for distribution. Smart grids substations are equipped with sensors and devices that can send data on power quality, load condition and status of equipment to the control center.

Smart Meter: Smart meter measures and communicates consumption with both consumer and the utility in real time.

Advanced Metering Infrastructure: It facilitates communications between smart meters and utilities, and send smart meter data to the control center and other grid components

The components listed above and many more make smart grids a fully digitalized communication network improve reliability and efficiency of electrical power system. However, the integration of digital technology in smart grids also introduces new vulnerabilities and cybersecurity threats that must be addressed for robust operation. Ensuring that power and smarts grids are secured is critical to the existence of business, organization, and government as the resultant of these attacks could be catastrophic and life threatening.

Threat landscape in Power and Smart Grids

Malware: These are malicious software designed to disrupt damage and gain access to the system. This includes trojans, virus, ransomware, and many others. Malware exploits known and zero-day vulnerabilities in software, hardware and network protocols used in power systems and can disable or disrupt Supervisory control and Data Acquisition systems SCADA, DCS and other operational technologies.

Phishing: This is a form of attack whereby an attacker disguises and attempt to acquire sensitive information such as usernames and passwords by posing to be a legitimate entity.

Network Intrusion: Network communication systems of power and smart grids can be intruded through weak security configurations like default password, unsecured remote access, or unpatched systems and other vulnerabilities to gain control into the system.

Distributed Denial of Service (DDOS): This is an attempt to disrupt the availability of services provided by smart grids and make them unavailable by overwhelming the system with traffic from multiple sources. The DDOS are usually launched from malware infected hosts and could be volume-based attacks like UDP and ICMP floods, protocol attacks like SYN flood and Smurf DDOS or Application layer attack GET/POST floods.

Advanced Persistent Threats (APT): This is a prolonged and targeted cyber-attack whereby state actors or highly skilled cyber criminals gain access to a network and remain s undetected for an extended period.

Vulnerabilities in Power and Smart Grids

The attack surface has significantly expanded in smart grids due to complex network of devices which includes sensors, smart meters, smart switches, communication networks and control systems with each of these components being a target for cyber-attacks. Increased connectivity and data exchange within the control center and other components of smart grids make it more vulnerable to attack. Therefore, to maintain the resilience and security of smart grids, understanding and addressing the vulnerabilities inherent in smart grids systems is critical.

These vulnerabilities include the following:

Legacy Systems: The continuous use of Legacy systems which are outdated technologies due to certain constraints within an organization, poses significant risk to the security of such systems. This is because such systems may no longer be patched for updates and may also have limited monitoring capability.

Interconnected Networks: The vast interconnection of devices and increased connectivity of communication systems of smart grids if not properly secured, make them highly vulnerable to attack.

Remote Access: The management and monitoring of grids system are usually done through remote access. Vulnerabilities in remote access connection may be exploited by attackers to gain access into the system.

Supply Chain Risk: Smart grids heavily rely on complex supply chain of hardware and software components which are majorly contracted out to manufacturers and suppliers. The security practices of such 3^rd party vendors, if not robust, may pose significant risk when integrated into the power and smart grids. Attackers can also target the software development lifecycle by compromising legitimate software and software updates which in turn makes the system in which they are deployed vulnerable to attack. An example of such supply chain vulnerabilities is the SolarWinds attack (2020) where malware is injected into routine software update.

Human Factor: Human factor is one of the most common vulnerabilities in cybersecurity framework. Error and negligence or malicious intent by staff despite the solid technological defenses have led to system compromise. This compromise comes because of inadequate training and awareness, poor password practices and insider threats.

Real World Examples of Cyber-Attacks on Power and Smart Grids            

Due to the digital evolution of electrical power systems, power and smart grids are increasingly becoming ground zero for cyberwarfare. Over the past two decades, several attacks have been launched against smart grids resulting in outages and financial loss resulting from payment of huge ransom. Example of such is the attack on Ukraine Power Grid in 2015 in which BlackEnergy malware was used to compromise three Ukrainian distribution system using spear-phishing email. The attacker gained access to the Supervisory Control and Data Acquisition (SCADA) systems and compromised the circuit breaker remotely and disabled the UPS and Backup. Also, in 2016, Ukrainian transmission station was targeted by a custom-built malware named Industroyer which compromised the Industrial Control System and disrupt power distribution for about an hour. In the United States, Florida Municipal Power agencies were also targeted in June 2021 using phishing and remote vulnerabilities as attack vectors. While the attackers gained some level of access, the attack was mitigated before it could cause catastrophic effect. These cases underscore the importance of security strategies and best practices in power and smart grids management.

Security Strategies and Best Practices for Managing Power and Smart Grids

Cyberattacks on power grids and smart grids have become more frequent and sophisticated in recent years and can have devastating consequences which include blackouts, economic losses, disruptions to vital infrastructure, and theft of sensitive data. Therefore, there is a need to put in place sound security strategies and best practices to safeguard this critical infrastructure from attack. Some security strategies and best practices for power and smart grids are discussed below.

Risk assessment and management: Risk assessment and management plays a vital role in the security of power and smart grids as they help to detect and mitigate vulnerabilities and help in incidence response. Implementing Risk assessment and management using the NIST Interagency Report (IR) 7628 Revision 1 which provides a comprehensive framework for securing smart grid systems will go a long way in securing this critical infrastructure.

Defense-in-Depth: Implementing a layered security approach using various security controls and protocols (firewalls, encryption, IDS, IPS, SIEM, access controls) will enhance the security posture of smart grid systems.

Vulnerability Assessment and Penetration Testing: Detecting inherent weakness in smart grid systems before an attacker does through comprehensive vulnerability assessment and simulation of real attack to discover vulnerabilities that are hidden and remain undiscovered by automated scanning will allow those security lapses in the system to be tightened before they are exploited on by attackers.

Patch Management: Apart from ensuring system reliability, effective patch management also reduces attack surface. It is more cost-effective to proactively address vulnerabilities in smart grid through effective patch management than to reactively mitigate the resultant effect of security breaches.

Network Segmentation: Segmentation of communications network system of a smart grid system inhibits lateral movement preventing attacker from gaining access to the entire system in case of breach thereby minimizing the impact of the attack. It also helps remediation as focus can be only on the compromised segment.

Data Backup and Recovery (BCP and DRP) Plan: Having a Business Continuity Plan and Disaster Recovery Plan in place will help to facilitate recovery from cyber-attacks, reducing time and mitigate the impact on services.

Employee Training and Awareness Programs: The importance of employee training and awareness could not be overemphasized as research has shown that humans are the missing link in the cybersecurity chain as they are highly susceptible to social engineering, phishing, insider threats and prone to commit errors. Training and awareness will help employees to have good cyber hygiene and cultivate strong cybersecurity structure.

Conclusion

In conclusion, power and smart grids security requires a multidimensional approach that combines implementation of security controls which are administrative, physical, and technological, and proactive risk assessment and management, and continuous training and retraining of human elements. Making cybersecurity a top priority and fostering cybersecurity culture will safeguard this critical infrastructure from attacks.

About the Author

Kehinde Ayano Ph. D. is an assistant professor of Computer and Information Science at Indiana Wesleyan University Indiana. He is also a Certified Information System Security Specialist. Kenny can be reached on [email protected] .