An end to end security solution needs to secure the communications, operations and head end systems.
If there is one thing that is rising as a priority for utility executives, it is the risk of their infrastructure or business falling victim to a cyber attack.
And hostile attacks are happening. The recently identified Crash Override malware, which was deployed against a Ukrainian electric transmission station in 2016, was the first to target the electric grid.
And the energy sector is seeing evidence of the threat problem “migrating towards SCADA and other systems that control physical processes,” Paul Smith, Senior Scientist at the Austrian Institute of Technology (AIT), told Engerati in a recent interview.
“In the Ukraine cyberattack case [which blacked out a portion of the capital Kiev], there was no financial incentive for the threat actor, but it is easy to imagine a future ransomware capability focused on physical processes.”
According to the World Energy Issues Monitor 2017, leaders in Europe, North America, MENA and Asia view cyber threats as offering a moderate risk to business continuity.
The question is: given this risk, how prepared is your utility to combat cyber threats or in the worst case if it were to happen, to mitigate the impact of a cyberattack?
In the typical modern day utility, there are three systems that are most vulnerable to a cyberattack and must be secured to prevent a security related catastrophe, according to Rick Enns, Technical Architecture Director at Trilliant, provider of a smart communication platform for utilities and other Internet of Things applications.
These are the communications, operational and head end systems, he says, adding: “The head end is the most important asset to protect in a utility/IoT network because an attack against it can affect the entire system.”
Communications security must protect the messages and processes between field devices and the head-end system, data privacy and data integrity and the authentication of devices on the network, says Enns, who has developed a number of system level network designs and security lifecycle best practices.
Operational security ensures that the system and its components are secure in all stages of their lifetime, from manufacturing through to installation, operations, maintenance and decommissioning.
Head-end system security is aimed at limiting access and control of the utility’s field devices.
Traditionally head end systems have been protected by firewalls and user access control. For more security behind these protections, the head end systems need to be hardened.
Considering the three phases of a typical cyber attack - design/penetration, exploration and exploitation - the earlier an activity can be detected and contained, the less damage will accrue to the utility’s systems or business processes.
A study by New York University researchers has found that the internet alone can be a significant source of information for potential attackers to exploit, particularly in the first phase.
These range from the availability of older grid devices with possible security vulnerabilities on eBay to strategic power system data in databases and other web sources.
“What this work has highlighted is the need for constant awareness of the security of the grid,” says Mihalis Maniatakos, Assistant Professor of ECE at NYU Abu Dhabi, who led the study.
Given the increasing complexity of a modern utility’s systems and to achieve security across communications, operations and head end, an end-to-end security solution is required, says Enns.
He offers some specific recommendations. For example, in the typical utility’s communications network there are three different sectors: smart grids, smart metering and smart city systems. In all three, the common communication system must be able to separate the security credentials used from the network resources needed to supply the services.
“One service cannot be allowed to compromise the other,” he states.
The most important point is that security protocols should be based on standard protocols and methods, rather than proprietary technologies that may not have been vetted by security experts and may contain flaws that are easily exploited.
However, not all standards-based security systems are equal, he adds. How a utility uses the security standards can affect how well the security architecture scales to manage millions of devices.
“The system should use the standards-based protocols carefully so that the security can be easily managed.”
As an example, he cites the need for cyber-security certificates to be revocable in case of compromise. If a manufacturing site is compromised, potentially thousands of device certificates would need to be revoked.
“Issuing thousands of certificate revocations may not be practical, so the architecture must be designed to deal with this in an efficient manner through certificate chains where only revoking a manufacturing batch certificate gets the job done.”
In conclusion, Enns states the characteristics for a utility cyber security system.
“Privacy, confidentiality, integrity, availability, authentication, authorisation and accountability are all essential in securing today’s utility against the latest cyber threats.”