Security Implications of the Electric Smart Grid
As the nation transitions to the smart grid, the electrical power industry will likely find the most efficient security solutions to be those that supplement already existing standards, controls, and best practices. Following are different categories of technologies that can be modified to better mitigate the risks associated with the smart grid: (NIST, 2010a):
1) Power System Configurations and Engineering Strategies
Today’s power system has carefully planned and thoroughly evaluated responses to n-1 contingencies, such as the loss of a generator or transmission component, so that the power grid remains resilient and continues to operate when the function of a physical component has been compromised (ESCSWG, 2011). The existing power grid has extensive component, system, and network redundancies. Redundant power system equipment (e.g., power supplies, generators, transmission lines, transformers, and switching devices) exist for power system generation, control, and communication. There are redundant communication networks, including fiber optic networks and power line carriers between substations, as well as communication head-ends – control devices required by some networks to provide certain centralized functions, such as remodulation, retiming, message accountability, contention control, diagnostic control, and access to a gateway (NIST, 2010a). There also are redundant automation systems (e.g., additional substation protective relays) and redundant power system configurations (e.g., networked grids and multiple feeds to customer sites from different substations).
As the electrical power delivery system evolves, similar response processes and supporting advanced technologies must be in place so that the power infrastructure remains resilient and continues to operate when IT components have been compromised (ESCSWG, 2011). Each critical component must have a redundant counterpart. Additionally, if a component fails, it should fail in a manner that does not generate unnecessary network traffic or cause another problem elsewhere, such as a cascading failure (NIST, 2011). Redundant information sources (e.g., redundant sensors and voltage measurements from different substation equipment or from different substations), must be fully automated for true smart grid interconnectivity. Many of our current grid system pathways have been closely paralleled with additional lines to provide additional capacity; however, these are not true alternate pathways. Obstacles pertaining to property law have been encountered, and must be resolved, to develop the multiple pathways necessary for the smart grid.
2) Power System Analysis and Control
The existing power system operates with an EMS-enabled transmission grid, which can provide real-time information on the grid’s status and allow various grid functions to be automated remotely. Power flow models of the transmission system, generators, and loads can simulate real-time or future power system scenarios; redundant measurements from the field are used to estimate real measurements from missing or inaccurate sensor data; and contingency analysis capabilities use electrical sign wave analyses to assess the power flow models for single points of failure (n-1), as well as any linked types of failures, and can flag possible problems (NIST, 2010a).
Existing distribution management systems can simulate real-time and possible future power system scenarios, as well as three-phase unbalanced distribution power flow analysis, contingency analysis, switch order management, short-circuit analysis, volt/ampere reactive (VAR)/watt optimization, and loss analysis (NIST, 2010a). These systems, however, do not yet have smart grid automation technology that provides real-time information about the distribution network or allows switches in the grid to be controlled remotely (General Electric Company, 2013, An Energy Internet).
To achieve real-time situational awareness and establish appropriate responses in the smart grid, advanced technologies are needed that identify, acquire, correlate, analyze, and display IT and physical security-related data from all levels of the power system architecture (device, system, and network) and across all domains. These capabilities can lead to techniques that show the impact of IT and communication failures on electricity delivery, the potential effects of electricity disruptions on digital communications, and how a simultaneous combination of failures in each of the systems might impact the smart grid as a whole (ESCSWG, 2011).
3) Monitoring and Control
Current SCADA systems continuously monitor generators, substations, and feeder equipment, can perform remote control actions in response to operator or software application commands, and operate with approximately 99.99% availability. Other control systems, such as Under-Frequency Load Shedding (UFLS) and Under-Voltage Load Shedding (UVLS), are common industry practices to maintain power system availability. UFLS and UVLS commands can drop large loads rapidly in case of emergencies, and are used to protect systems from prolonged low frequency or low voltage operations (North American Electric Reliability Corporation/NERC, 2010, Reliability Considerations from the Integration of Smart Grid).
Stronger network security technologies are needed that can implement rules to enforce the behavior of power delivery system traffic, examine the details of system packets at the application level, and/or offer proxy services for these protocols, in order to protect sensitive communications between devices across all domains and at all levels of the electrical power system (ESCSWG, 2011). Encryption and cryptographic hashes also must be used, but more efficient algorithms are needed to address the challenge of securely exchanging tens of millions of keys used to protect data transmitted between millions of remote field devices, substations, and smart meters, using devices that have limited computational power (ESCSWG, 2011). In addition, stronger access controls, including those for remote field devices, are necessary to prevent unauthorized users from accessing and controlling equipment in the power delivery environment. A viable approach could use role-based access control, configuring each role on the principle of least privilege.
Testing is extremely important for human safety as well as for the safety and reliability of the equipment. The power industry routinely conducts lab and field tests of all power system equipment to minimize failure rates. It also conducts relay coordination testing and network testing for near power system faults, as well as rollback capabilities for database updates.
As changes are made to the power grid, security patches must be tested under field conditions and deployed as quickly as possible to prevent and detect the introduction and propagation of malware. Security tools, procedures, and patches for fixing known security flaws and retrofitting security technologies must be introduced in such a way that they do not diminish power system performance. Hardening legacy systems will require the implementation of a patch management program to mitigate the risk of known vulnerabilities (ESCSWG, 2011), and hot patching techniques that do not impact reliability must be deployed throughout the smart grid.
The size and complexity of the smart grid make security a cross-cutting challenge. Increased reliance on IT introduces greater threats and additional vulnerabilities that could lead to a degradation of power system reliability and safety. Existing standards, controls, and best practices within the electrical power industry form a convenient framework upon which security enhancements and improvements can be based.