Continuous Monitoring is the Key to a Healthy Smart Grid
- November 14, 2016
- 2102 views
Utilities are facing an increasingly difficult challenge when it comes to managing and protecting today’s smart grid. This is because most advanced Advanced Metering Infrastructure (AMI) and Distribution Automation (DA) deployments use wireless mesh communications networks, which are inherently unprotected environments. As a result, reliable operations and security monitoring capabilities are critical for utilities to manage networks efficiently and securely. But actually achieving this type of environment starts with gaining full visibility into these complex networks.
Wireless field area mesh networks are complicated systems, including hundreds of thousands - and even millions - of smart meters and other remote intelligent devices deployed by large utilities. Modern utility networks often include DA traffic from remote devices such as line sensors, reclosers, switches and smart transformers. Networks this large experience many issues outside of security, including configuration and operations challenges. This makes it extremely difficult to properly monitor a network to identify anomalies and defend against external threats.
Utilities are adding to the complexity by considering monetizing their AMI investments with services like smart gas and water meters, outdoor lighting and traffic signals. Added complexity makes real-time identification of changes to information systems and operational environments very important, along with the correlation between those changes and how they affect network performance and security exposure.
However, most utilities today take a long time to recognize the negative impacts of these anomalies within mesh networks, even after they are already detected. Wireless networks and their remote intelligent devices are hackable from anywhere, bringing an inevitable level of increased risk and vulnerability.
One reason for this delay is most AMI management tools only provide visibility into a small subset of network activity. In fact, more than 95 percent of mesh traffic never leaves the mesh network to make its way to AMI vendor management systems. Likewise, network device management tools gather information from end devices, but they can’t provide a holistic view of network operations or how tenant services are being impacted. Utilities need solutions that deliver visibility beyond siloed subsets and provide an end-to-end perspective of network activity.
There are countless examples of smart grid attacks where enhanced visibility through continuous monitoring would have been beneficial. For instance, the December 2015 attack on Ukraine’s power grid is one example that proves attackers are targeting energy distribution systems as well as generation and transmission systems. In the incident, hackers took down 27 substations across three separate Ukrainian power companies, blacking out power to 225,000 customers. More alarming is the hackers reportedly controlled some systems for months before executing the attack. With the right monitoring capabilities, these companies would have been able to track for abnormal behaviors or system activities and potentially could have identified and removed the hackers before the attack was launched.
The first, and most important, step in solving this security problem is increasing transparency across all utility networks. Increased visibility enables utilities to better monitor and protect networks and respond to threats in real-time. Network monitoring also supports the verification and validation of network/security configurations coupled with continuous feedback on their effectiveness.
Unfortunately, most available tools on the market today aren’t providing adequate capabilities to support the management and monitoring needed to most effectively operate and protect AMI networks.
Utilities need to understand the limited capabilities of AMI systems and identify weaknesses in their networks to achieve proficient, continuous monitoring. The Continuous Monitoring Strategy & Guide, developed by the U.S. General Services Administration, Department of Homeland Security, Department of Defense and National Institute of Standards and Technology (NIST), outlines recommendations for creating and maintaining a reliable continuous monitoring process, as well as explains why regular assessment of these programs is needed to improve operations, efficiency and transparency for security.
Now is the time for industry leaders and government experts to act cohesively to find flexible, yet comprehensive solutions that offer the monitoring capabilities necessary to better manage and protect the grid network. Reliable monitoring will help improve overall operations, engineering and customer service, enhance the security posture of the grid, protect meter-to-cash processes and ensure compliance. On top of all that, it will also help utilities save money by reducing the costs associated with system maintenance.
As the threat landscape evolves and the smart grid becomes more complex, it has become increasingly important for utilities to improve the hygiene of their networks. Utilities need real-time monitoring capabilities to identify anomalies in operations technology and network environments to maintain and protect the grid. The ability to quickly understand how those activities affect network performance and/or reveal vulnerabilities is crucial to the health and functionality of the smart grid.