Mariana Hentea - Building an Effective Security Program for Distributed Energy Resources and Systems

A cyber attack on devices that protect and control the power grid could result in power disruption or damaged equipment. Similarly, physical attacks on power equipment or cyber infrastructure may impact the information, energy system, and energy services. Security is a system condition that results from the establishment and maintenance of measures to protect the system [RFC 4949]. Therefore, the installation of security controls should avoid interfering with critical energy delivery functions.

Although safety is defined as freedom from risk that is not tolerable [ISO/IEC 51] and safety issues are being the objective of dedicated departments within an organization, we need to discuss it in the context of cybersecurity. Safety is the condition of the system operating without causing unacceptable risk of physical injury or damage to the health of people, either directly or indirectly as a result of damage to property or to the environment [IIC 2015]. For example, inappropriate security controls (e.g. electronic locks to computer facilities without capabilities to open doors or windows) may harm people (working in these facilities) that need to escape when there is a natural disaster, a power down, or a fire.

Smart Grid cybersecurity must address not only deliberate attacks, such as from disgruntled employees, industrial espionage, and terrorists, but also inadvertent compromises of the information infrastructure due to user errors, equipment failures, and natural disasters.

Security problems for Smart Grid and DER systems require solutions and developments that go beyond all practices (e.g. focused on vulnerability management, reactive strategies, obfuscation, depth of defense, perimeter security, etc.) that proved unsuccessful in the face of new threats. Therefore, it is imperative to focus on more advanced methods and more research to find solutions to unsolved problems [Wulf 2001].

The availability and reliability of computing and information systems for business and power grid applications are dependent on the secure operations of industrial control systems (ICSs) and other infrastructures.

Recently, industry experts and researchers have participated more often in international forums and standards organizations that promote security techniques, security technologies, and standards. One need is a new security model for IT [Wang 2011]. Therefore, securing the Smart Grid and its applications requires the development of more comprehensive definitions and cybersecurity models.

As more technologies penetrate the power grid and help integrate more variable renewable sources of electricity and facilitate the greater use of electric vehicles and energy storage, there are challenges to implementing cybersecurity to ensure the safety and reliability of the Smart Grid.

Although standards and guidelines have been identified to support the implementation of minimum security measures that set a baseline for cybersecurity across the energy sector, many security challenges require solutions such as:

Advancing cybersecurity and privacy design.

Understanding interdependencies.

Open systems view.

Progress in cybersecurity for DER applications depends on achieved more quantitative and more visually understanding of the performance of the DER communications and control components, data and information characteristics, cyber infrastructure, business objectives, application requirements, security architecture design principles, data traffic patterns, vulnerabilities, and threats. Therefore, it is necessary to build cybersecurity and privacy by design into all DER systems and processes from the beginning. This saves on system life cycle development costs and protects organizations from expensive system modifications to meet the evolving threats.

Security by design and privacy by design are not new buzzwords; they are old principles to be applied by developers during development cycle. Security cannot be added to any system or application associated with power grid as an afterthought. There is a need to start from scratch, at the very beginning of any system development or technology integration, and consider privacy and security requirements in all design, test, and implementation criteria. Strategic consideration of these issues can make a huge difference in the confidence and protection that the overall system provides. This is necessary whether the design effort is focusing on DER applications, silicon chips, DER components, network components, end‐user devices, architecture, or the system as whole.

Information technologies contribute to raising the interdependency between the operation of the power grid (including generation, transmission, and distribution) and the operation of the wholesale electricity market. The electric market and the power system become more closely tight every day. The operation of one depends on the continuous and reliable operation of the other. In addition, the vulnerability of the power system is not mainly a matter of electric system or physical system, but is more a matter of cybersecurity. Attacks (such as attacks upon the power system, attacks by the power system, and attacks through power system) to the Smart Grid infrastructures could bring huge damages on the economy and public safety.

Control systems such as SCADA are highly interconnected with IT systems within electric industry and with external infrastructures and economic sectors. Historically, control system security meant locating and identifying problems in a closed‐loop system; now unauthorized intrusion or attacks are evolving issues that have to be addressed.

The interdependencies are manifested at different levels. Security dependencies can occur and have all sorts of side effects. Risk assessment and management in large‐scale systems such as smart power grid requires an understanding of how and to what degree the systems are interdependent. Instances of interdependencies with other infrastructures are reported in [Amin 2003].

The smart power grid infrastructure is characterized by interdependencies (physical, cyber, geographical, and logical) and complexity (collections of interacting components). Cyber interdependencies are a result of the pervasive computerization and automation of infrastructures. There is a need for developing tools and techniques that allow a critical infrastructure such as the power grid to self‐heal in response to threats, failures, natural disasters, or other perturbations. Also, other scenarios have to be considered. For example, there is a cascading effect due to interdependencies of electric infrastructure with other infrastructures such as gas, telecommunications, transportation, financial, etc.

The SCADA obscurity approach used in SCADA systems is debatable; it has proven that it does not work anymore. Even to this day, many SCADA systems are perceived as either invulnerable to cyber attacks or uninteresting to potential hackers (security by obscurity principle). The obscurity principle implies use of concealment for a design, implementation, etc. to provide security. A system relying on the security through obscurity principle may have theoretical or actual security vulnerabilities, but its owners or designers believe that the flaws are not known and that attackers are unlikely to find them. If the strength of the program's security depends on the ignorance of the user, a knowledgeable user can defeat that security mechanism.

The principle of open design states that the security of a mechanism should not depend on the secrecy of its design or implementation [Bishop 2005]. Designers and implementers of security must not depend on secrecy of the details of their design and implementation to ensure security. A methodology based on economic analysis of the obscurity principle and open systems paradigm for determining when obscurity does not help security (there is no security through obscurity) and when the open paradigm affects security (loose lips sink ships) is described in [Swire 2004]. The proposed model provides a systematic way to identify the costs and benefits of disclosure for security.