
Cyber Security in Smart Grid Substations Thijs Baars Lucas van den Bemd Michail Theuns Robin van den Akker Machiel Schönbeck Sjaak Brinkkemper Technical Report UU-CS-2012-017 September 2012 Department of Information and Computing Sciences Utrecht University, Utrecht, The Netherlands www.cs.uu.nl ISSN: 0924-3275 Department of Information and Computing Sciences Utrecht University P.O. Box 80.089 3508 TB Utrecht The Netherlands CYBER SECURITY IN SMART GRID SUBSTATIONS Thijs Baars [email protected] Lucas van den Bemd [email protected] Michail Theuns [email protected] Robin van den Akker [email protected] Machiel Schönbeck [email protected] Sjaak Brinkkemper [email protected] Abstract. This report describes the state of smart grid security in Europe, specifically the Netherlands, and the cyber security of substations in particular. The focus of this study is the perception of risks and threats in smart grid cyber security and the international standards implemented in smart grids. The created overview is based on semi-structured interviews with 13 experts originating from eight different European countries. These participants are employed at electricity producers, grid operators, technology consultants and technology providers in the utilities sector. Their expertise ranges from information security to electricity grids, specifically smart grid security. Some of them are members of smart grid security related standard committees. The key results of the state of practice are the following: 1. The interconnectivity of the smart grid with multiple stakeholders and European colleagues is indicated as the biggest threat to the security of the smart grid. 2. Another often mentioned threat is awareness. The experts generally indicate that awareness within top management is high. However, personnel on lower levels are reluctant to incorporate security in their processes. 3. All organizations are in a certain stage of implementing standards, the ISO27000 series most often. However, the experts indicate that they are waiting what standard is becoming the de facto before implementing it. From the interviews it can be concluded that the current state of cyber security is fragile. As the smart grid cyber security relies on an interconnected chain of organizations, it is as strong as its weakest link. Efforts are currently undertaken to prevent security threats and tackle risks, but these efforts are disparate; nearly none of the organizations in this research have fully implemented a relevant standard, a single is already certified. There is still a long way ahead before the European and specifically the Dutch smart grid is fully secured. See chapter 5 for a detailed overview. Besides these results, a Smart Grid Substation (SGS) Security Benchmark is presented in this report. This tool can be used to benchmark the level of cyber security of the smart grid within a utility organization. An organization can create a maturity profile by stating which of the 68 capabilities are implemented. Based on the results of the benchmark, the organization can identify areas of improvement and assist in creating a plan to improve its cyber security practices, thereby reaching a higher maturity level. The SGS Security Benchmark is based on capabilities described in international and North-American standards, and evaluated based on two rounds of semi- structured interviews with the aforementioned experts. See chapter 6 for a detailed overview. 1 INTRODUCTION Because it is crucial to predict supply and demand for a continuous and efficient flow of electricity through the grid, the utilities sector has been investigating and implementing new technologies over the past few years. Especially with the advances in electric and hybrid cars, fluxes in the grid are becoming more apparent. Where formerly the demand was predictable because of rigid life patterns, such as time of breakfast, work-related travel and dinner time, electric cars and distributed energy sources, such as farmers with windmills and housing with solar panels, are distorting those patterns. This implies that supply and demand are harder to regulate, with consequences up to international power outages. The utilities sector is therefore increasingly adopting information technology to support their electricity grids, creating so-called smart grids. These smart grids can regulate the increasingly blurring line of supplier and customer, as they are selling and upstreaming energy produced by solar panels, or upstreaming unused energy in electric cars (Faruqui, 2010; Amin & Wollenberg, 2005). The electric grid’s IT infrastructure has to be upgraded to account for this new usage. By interconnecting parts of the grid that were formerly separate and autonomic, it allows the grid to communicate with other parts in an effort to regulate, or micro manage, the electricity flows on a lower scale (see Figure 1.1). This, however, introduces a series of new vulnerabilities and threats to the grid. There is widespread awareness of the importance of securing information systems. Shortly after the inception of the World Wide Web, various worms, Trojan horses, viruses and tools were developed to exploit weaknesses in information systems. Since then it has been a cat-and-mouse game played by security officers and attackers. However, with the introduction of new technologies within organizations and infrastructures, new potential vulnerabilities arise and should be addressed. Because of the potentially high impact of a successful attack on the electric grid, it is highly important that new smart grid technologies are secure. Figure 1.1: Interactions between actors in different smart grid domains (NIST, 2010) Because it is crucial to predict supply and demand for a continuous and efficient flow of electricity through the grid, the utilities sector has been investigating and implementing new technologies over the past few years. Especially with the advances in electric and hybrid cars, fluxes in the grid are becoming more apparent. Where formerly the demand was predictable because of rigid life patterns, such as time of breakfast, work-related travel and dinner time, electric cars and distributed energy sources, such as farmers with windmills and housing with solar panels, are distorting those patterns. This implies that supply and demand are harder to regulate, with consequences up to international power outages. The utilities sector is therefore increasingly adopting information technology to support their electricity grids, creating so-called smart grids. These smart grids can regulate the increasingly blurring line of supplier and customer, as they are selling and upstreaming energy produced by solar panels, or upstreaming unused energy in electric cars (Faruqui, 2010; Amin & Wollenberg, 2005). The electric grid’s IT infrastructure has to be upgraded to account for this new usage. By interconnecting parts of the grid that were formerly separate and autonomic, it allows the grid to communicate with other parts in an effort to regulate, or micro manage, the electricity flows on a lower scale (see Figure 1.1). This, however, introduces a series of new vulnerabilities and threats to the grid. There is widespread awareness of the importance of securing information systems. Shortly after the inception of the World Wide Web, various worms, Trojan horses, viruses and tools were developed to exploit weaknesses in information systems. Since then it has been a cat-and-mouse game played by security officers and attackers. However, with the introduction of new technologies within organizations and infrastructures, new potential vulnerabilities arise and should be addressed. Because of the potentially high impact of a successful attack on the electric grid, it is highly important that new smart grid technologies are secure. For that reason, the study described in this report has two main objectives: 1. Provide an overview of the current state of cyber security at electricity producers and grid operators, in Europe in general and the Netherlands specifically. 2. Present a tool for benchmarking the level of cyber security in utility organizations. In this report, we address the cyber security of 120KV-20KV substations in the electric grid. Substations are generally controlled by autonomous SCADA systems, but can also be controlled through a local wired or wireless connection. Substations provide the link between power plants and the customer, and a successful attack on one of these substations could have fatal and expensive consequences. To address the cyber security of smart grid substations, we develop a benchmarking tool for the cyber security of smart grid substations. The benchmarking tool is based on a maturity matrix, and can be used to measure the relative maturity of a company for a certain group of capabilities. The benchmark is specialized for smart grid cyber security, based on the current international standards on (smart) grid security. While the tool is based on maturity matrices used in enterprise architecture (Steenbergen, Schipper, Bos, & Brinkkemper, 2010) and software product management (Weerd, Bekkers, Brinkkemper, 2010), no developments towards a maturity matrix for the field of energy distribution has taken place in previous literature. This first version of the benchmark is then refined by evaluating it through a series of expert interviews. In the next few sections, we respectively describe our research approach, the scientific background related to smart grid cyber security and
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages60 Page
-
File Size-