Cyber Security strategies to safeguard smart grids from cyber crime

DigiAware

Integrating smart solutions into the existing power infrastructure promises to offer attractive capabilities of dynamic monitoring, measuring and even controlling power flows in real time that can help identify losses and trigger appropriate technical and managerial actions to minimize the damage.

With the vision of building a Smart India, Government of India’s National Smart Grid Mission (NSGM) is solely aimed at providing functional resources and financial assistance in planning and implementation of smart grids across the nation. NSGM proposes comprehensive solutions for the development, establishment, operations and management of smart grids, stipulate training & capacity building, strengthen consumer engagement and dispense funding to state-owned DISCOMs.

Smart grid solutions vastly employ information technology in the underlying roots in varying forms of networking and application aspects to enable monitoring and control of the flow of electricity to end users. The extensive incorporation of information technology provides numerous benefits to the grid operations and management, such as increased visibility, predictability, in addition to the regulation of generation and demand to improve efficiency.

However, this enhanced use of information technology to the grid has in parallel introduced the dimension of cybercrime to the smart grid as the grid is now constantly connected to the Internet and can be exploited by hackers by leveraging the wide array of cyber security vulnerabilities. Security of the smart grid is essential to ensure uninterrupted power supply and minimize resulting losses. Compromise of the grid may result in a huge information or business losses by the means of cyber espionage or grid collapse. An uninterrupted power supply lies at the heart of all sectors and failures to the same will result in cascading damages, compelling the establishment of robust smart grids. The key cyber security threats and vulnerabilities concerning the smart grid technology and proposes protection strategies, methodologies, and technologies to safeguard the smart grid from resulting security damages.

Different hardware, software and networking the work together in the core of smart grid architecture. This together increases the complexity of the smart grid resulting in an increased array of security vulnerabilities. Cyber-attacks on the smart grids have already been realized and are here to stay. The next sections highlight the growing adoption of smart grids worldwide and the security concerns multiplying in the parallel.

Some proven cyber defense strategies that can be applied to the smart grids in order to enhance the security and thus avoid the repercussions for the corresponding breaches include:

1. Stronger Defense Mechanism
 
Mitigating the evident vulnerabilities can be achieved by adopting the traditionally proven Defense in Depth principle that adopts a multi-layered approach by employing different security mechanisms at each layer. This mechanism behind this approach is to distribute the risk across various layers, so that if one layer of defense gets penetrated, another layer of defense stands active to hopefully discourage the attacker from probing further.
2. Secure Key Management
 
Security in the overall process of key management starting from generation, to distribution, including updating if any, and finally destruction is crucial for the overall grid security posture. Devices connected to the Smart Grid should support reliable cryptographic capabilities, including the ability to support symmetric ciphers for authentication and/or encryption. Public-key cryptography may be supported either in hardware by means of a cryptography co-processor or, as long as it is performed infrequently or in software.
3. Cybersecurity Risk Assessment
The objective of cybersecurity risk assessment is to evaluate various information assets to identify underlying vulnerabilities and threats, and determine their impact in the instance of a cyber-attack. The conclusion of the risk assessment frames the required security requirements and dictates the selection of security controls for smart grid. Top-down, bottom-up, qualitative and quantitative approaches should be used to implement risk assessment.
4. Awareness and Training
 
Security awareness and training formulate the building blocks of smart grids enhanced security. Effective training programs need to be designed based on individuals’ roles and responsibilities to enhance awareness on the existing potential vulnerabilities. Such awareness would cater to a safer smart grid due to pinned understanding of security issues.
5. Incident Response

 

Incident response refers to the capability to resume normal operations in the event of disruption of Smart Grid information system operations. Incident response planning involves the preparation of incident specific policies and procedures to enable the smart grid to recover smoothly and swiftly in case of an incident. In the absence of an effective incident management plan, an incident may result in disruption in the operations of vital business functions including ICT systems, employees, customers and others.

Related posts

Leave a Comment