Securing the modern grid

Australia’s electricity grid is undergoing its greatest transformation. Ageing infrastructure, environmental concerns, advancements in technology and changing consumer preferences are driving grid modernisation as utilities work to meet changing and growing demands.

As connectivity increases across critical infrastructure, cybersecurity has emerged as a concern for both the public and private sector. In Australia, an attack on the electricity grid could have far-reaching implications, with one of the world’s longest interconnected power systems running between Port Douglas in Far North Queensland to Tasmania.

According to Accenture, Australia’s critical infrastructure remains a significant target for malicious actors and foreign powers seeking to disrupt everyday life and the national economy.

The number of attacked infrastructure systems in Australia has grown to about 30% in 2019, with 730 incidents reported to the federal government’s Australian Cyber Security Centre.

Renewable sources of energy are also creating diversification across the grid. While Australia’s investment in renewable energy continues to grow, this growth must be matched with measures to protect the grid from the threat of cybersecurity attacks.

Evolution of the grid

By 2020, the number of connected devices is expected to grow to 31 billion, all of which will require power.

Climate change, rising energy prices and finite fossil fuel resources mean more people are opting for renewable sources of energy, which can be controlled and monitored by connected devices to increase efficiency.

This has resulted in diverse power sources fuelling Australia’s energy demands, empowered by many different technologies and software. With connected devices rapidly increasing, a multitude of stakeholders need to take responsibility for cybersecurity.

IoT growth and emerging distributed renewable energy technologies working in tandem means that all kinds of power-generating systems can talk to each other, send and receive electricity, cover the power limitations of each other, and efficiently manage supply and demand everywhere. These trends can also have huge potential impacts on the electrical industry.

The fundamental connection risk

Control systems such as SCADA (supervisory control and data acquisition) are used by transmission and distribution network service providers (TNSP and DNSP) to deliver reliable and safe energy within technical limits, such as voltage and frequency on electricity networks.

The security of these control systems and the interfaces between them is crucial. While control systems and other related systems are designed and configured to reduce the number of potential entry points into a substation, utilisation of the most up-to-date software is essential for security.

Recent trends show that utilities are improving their SCADA systems and their ability to connect to devices to get more data.

When connecting to these devices in the past, serial communication was used. Serial communication is a point-to-point system that sends electrical signals through the wires. To hack this system, wires would need to be physically broken into.

Nowadays, IP (Internet Protocol) is the dominant form of communication between control systems and interfaces, which presents the most serious security challenges. IP has the advantage of speed and flexibility, but also presents a security risk because communication can be routed through multiple devices. Cybersecurity becomes a big issue as it may be routed to undesirable places.

For example, in the past if a SCADA system was sending communication to a relay, it was done through a serial connection with a single point-to-point cable that would have to be broken into to cause harm. With IP, the information being sent can be tapped into via a network switch, allowing the relay to be tapped into directly and power to be turned on and off. Adequate security systems, such as firewalls and routers, must be in place to avoid widespread disruption.

In some areas, the focus from the industry to date has been on delivering the equipment and getting renewable sources of energy working, and there has been less focus on dealing with the cybersecurity risks.

Legacy equipment

The significant installed base of legacy infrastructure throughout the grid poses a cybersecurity challenge. There are minimal security measures in place for older equipment and, because it is ageing, it cannot be easily added to existing equipment. This forces utilities to invest in modernised equipment that has cybersecurity features.

For example, a contemporary control system has built-in firewalls, whitelisting of files and very detailed logs to verify and help protect the equipment. The problem is that these kinds of security features cannot be retrofitted into older equipment.

The more modern equipment has this protection built in with security features that allow multilevel defence from cybersecurity incursion.

Sensors

Another trend is the adoption of IoT sensors which can collect data in real time and monitor utility assets. Data flows constantly between the grid and a SCADA, allowing the smart grid to be managed in real time. The same applies to the running of power stations, where IoT sensors can be used to manage operations. As renewable energy plants continue to evolve, data collected from IoT sensors will allow real-time decisions to be made to improve operations, reduce wastage and maximise power efficiency.

A downside of this is that sensor technologies can create vulnerabilities in the way that communications are sent.

Generally, sensors in a substation have an advantage as the communication from the substation to the SCADA is owned by the utility so they have control over it. However, a sensor on an overhead wire on the street is much more vulnerable to cyber attacks. This is especially the case with solar technology, where voltages and currents are fluctuating and therefore need to be monitored and managed. In the absence of a private communication network to get that information back in to a SCADA, public infrastructure is used.

Public infrastructure magnifies the threat because if the service provider doesn’t have appropriate security measures in place, the infrastructure is more vulnerable to being hacked.

The sheer scale of sensors and number of IoT devices currently being deployed provides a much larger attack surface, with many more potentially vulnerable devices for attackers to target.

These risks have manifested in a series of serious incidents abroad. These include the ‘Industroyer’ or ‘Crash Override’ malware used to crash the Ukrainian electric grid in 2015, and the massive Mirai botnet of compromised IoT security cameras and routers that was used to launch several distributed denial-of-service attacks in 2016. While these attacks are larger and more damaging than many pre-IoT cyber attacks due to scale and physical system consequences, they have also proven much harder to mitigate.

The future needs harmonised regulations and skills

Harmonised standards and regulations have a significant role to play in ensuring security standards keep up with the pace in which the grid is modernising — covering the transmission and distribution network, right through to distributed energy resources and even electric vehicle charging stations.

Solar installations across Australia have resulted in an increase in demand for qualified solar installers and technicians. In order to continue to meet this demand and ensure that renewables that are added to the grid are secure, there is a need for qualified technicians with IoT experience to manage complex IoT systems.

Solutions to this market challenge include forging partnerships between companies and academic institutions to develop a strong pipeline of professionals in this area, as well as internal training programs to ensure installers and electrical contractors are equipped with knowledge and skills to keep up with advancements in technology.

Image credit: ©lollo/Dollar Photo Club