Growing evidence points to an increase in the number of cyber attacks, particularly in the energy sector with its critical infrastructure. For example, in the United States the Department of Homeland Security estimated that more than 79% of cyber incidents in that country were targeted to the sector in the last year. Another source, the SCADAhacker, has reported a significant increase in SCADA incidents since 2010, with the number of disclosed incidents now averaging around 200 per year.
Increased digitization and inter-connected systems, along with the use of Ethernet and TCP/IP based communications, while improving interoperability, are all opening the way for increasingly sophisticated cyber attacks. For utilities, with a geographically spread network of lines, meters and sensors, there are potentially many points of vulnerability. But one of the most important, and therefore potentially vulnerable, is the substation, which has undergone significant automation in the past decade.
Substation security vulnerabilities
“Malicious hackers are the main sources of attack, but unhappy employees and even employee errors can cause a security breach,” Frank Hohlbaum, Cyber Security Product Manager, Substation Automation at ABB, told Engerati in an interview. He adds that “such breaches can occur even if the substation is not connected to a network, for example if an employee works in the substation with a virus infected computer or storage device.”
Typical vulnerabilities observed by ABB at substations include the use of outdated operating systems such as Windows XP, incorrectly configured systems and firewalls, infrequent security updates on these systems and the absence of an up to date system backup.
Implementing cyber security
When it comes to implementing cyber security measures, the onus is generally on the utility, and increasingly as a result of legislation. In the US for example, utilities have been required to be compliant with the NERC CIP measures since 2010, with compliance to the latest version due April 1, 2016. In Europe, a draft EU directive requires market operators to have adequate technical and organizational security measures in place and to report incidents.
“In our industry the maxim has been to not touch a running system but that has now changed with the need to keep the system up to date,” explains Mr Hohlbaum. Together with Øivind Askvik, Head of Service of Power Systems – Automation & Communication at ABB, he will be presenting an Engerati webinar on Cyber security care: ABB’s three phased approach to smarter system protection.
Three steps to improving cyber security
ABB, which initiated its cyber security activities over a decade ago, long before it became topical and across all its industry activities, has developed a three-step approach to substation cyber security. In this context cyber security is defined as “measures taken to protect the substation automation systems against unauthorized access or attack”.
The steps are:
• Assess – firstly a cyber security assessment is carried out to analyze the system and to identify its weaknesses. From this a detailed cyber security assessment report is produced along with a set of recommended actions to improve the security of the system.
• Implement – in this step the recommended actions are implemented by the company and/or ABB.
• Sustain – via a long term service level agreement ABB then maintains and updates the cyber security procedures.
“We take a pragmatic approach as a system has different layers and needs different measures for comprehensive protection,” says Mr Askvik. ”We also need to ensure a long term approach as the service life of the equipment can be 20 years or more.”
In depth insights into the vulnerabilities of substation automation and the cyber security solutions will be presented in the webinar.
A global player
Mr Hohlbaum emphasizes that “cyber security is as much about processes as products” and reminds that “while mitigating the risk and impact of a potential attack, it is not possible to reach 100% cyber security as one can’t second-guess hackers and it would be too costly to try to do so.”
He also adds that for utilities, “working with ABB opens up the benefits of its domain expertise across the globe, including experience of work on thousands of substation automation projects.”
“Security is an ongoing process which must be continually updated.”
To learn more about substation automation cyber security awareness register for the webinar.