Large-scale failures are not unknown in the power sector. Some of them may have had benign causes, like the United States and Canada Northeast blackout of 2003, while others, like the December 2015 Ukraine power outage, are attributed to malicious activity. These and other power outages over the years have demonstrated that the power sector is not immune to outages or attacks.
The main question to be asked is not if the power grid is secure, but instead, what contributes to the insecurity of the grid and what possible cyber security measures can be put in place to form a solution. Previously, the publicised focus of power grid security pointed solely towards the potential for malware to be installed on the grid and its implementation into the industrial control the system. In this article, we explore some of the other aspects of the power grid that contribute to its insecurity.
The Pitfalls of Legacy Systems
The power grid is considered critical infrastructure for good reason, it can’t just be shut off for maintenance without major repercussions. For this reason, much of the infrastructure supporting the modern power grid is built to last decades, rather than the months or years that most modern technology is designed to function before reaching end of life.
The durability of power system technology means that it now faces threats that were not a concern when it was first designed. For a network where the average age of its components is over a quarter century, the age of the Internet and modern security threats weren’t part of the threat model for power systems when many of these components were being designed and built.Power systems were designed to last, meaning that simplicity and reliability often trumped security considerations.
Geographical Distribution Of Facilities
By necessity, the power grid is a widely distributed network. In order to take advantage of convenient sources of energy and distribute this power to its locations that need it, power generation organisations need a large number of satellite locations that can manage operations at a local level. By necessity, many of these locations are minimally staffed or completely unmanned, relying on automated alerting and centralised monitoring to alert an operations centre of a potential issue and the need to send someone to investigate.
The lack of physical oversight of power systems creates a security risk around the potential for unauthorised physical access to critical systems. Even if monitoring technology is deployed and monitored, the physical distances involved mean that response teams will likely arrive in time to perform triage and cleanup after an incident has occurred, rather than in time to prevent it or catch the perpetrator.
The scale and distribution of the power industry’s operations also creates the potential for social engineering attacks. Since employees are widely dispersed geographically, it is highly unlikely that all employees have met or are familiar with every other employee within their area. Social engineers who have done their research could convincingly pose as a company employee long enough to gain access to sensitive information or convince an employee to perform a damaging action.
Increased Connectedness Between Systems
With the advent of the Internet and later the Internet of things, the power grid has become increasingly interconnected. The geographical distribution of power systems made on-site monitoring and control difficult and the creation of the Internet and automated monitoring solutions made it unnecessary. The increased use of Internet-based communications has created a network where components are connected in ways not anticipated during their design or the initial layout of the network. This creates the potential for cascading failures or single-points of failure as connected systems are unable to function with the loss of a critical component.
As a result, the power grid has become a massively interconnected network of systems that were never designed to be connected to the Internet. Some components of the power grid predate the Internet and, in order for the network to function, other systems must communicate with these systems in a way that they can understand. This means that parts of the network can be communicating using unencrypted, simple command-and-control protocols over the Internet or local networks.
Another contributor to the increased connectivity of the power network is a need for technicians and operators to be able to quickly and efficiently identify whether or not a system is functioning properly. Rather than requiring technicians to carry a variety of tools to directly interface with different systems, modern technology has allowed operators to interact with power system components via a laptop or even a smartphone. Technology in the power grid is now directly or indirectly connected to the Internet, Bluetooth, and Near Field Communications (NFC) in ways that were not anticipated or accounted for in their security design.
The Requirements For Specialised Code
One of the greatest challenges in securing the power grid is the need for specialised knowledge in order to efficiently and effectively control and monitor power systems. These systems and its protocols (e.g. DNP3, IEC 61850, ICCP, IEC 104/101…etc) are designed for a certain purpose and, in order to effectively write code for them, a programmer needs to understand their purposes, how they work, and the potential and impact for different failure cases. In order to adequately protect these systems, the programmer also needs formal training in secure coding techniques and common vulnerabilities. Both of these are specialised skillsets and finding an expert in both fields is difficult.
Additionally, a complete overhaul of the software that operates the power sector is a massive undertaking. The variety of different systems in use makes design and testing difficult and the need for near-continuous uptime means that the implementation must be flawless the first time. As a result, modifications to the infrastructure are made piecemeal and are designed to be backward compatible with existing systems, making large improvements in security infeasible.
Securing the Energy Sector
The complexity of the systems in the power sector make securing it a difficult challenge. While some issues may be obvious, others may have arisen from connections, configurations, etc. that don’t appear as part of the official documentation for the power systems. Considering the above aspects, the recommended course of action is firstly to understand the risk level faced to the current systems before recommendations can be formed to enhance security. Applied Risk is experienced in performing Risk and Vulnerability Assessments for power utilities (Generation, Transmission and Distribution) and can assess facilities and current systems to determine which actions to take and cyber security practices to implement.