Protecting our Energy Grids to Create Safe and Secure Cities
Effectively implementing cyber security to protect power grids has become one of the most serious economic and national security challenges of today. As investment increasingly flows towards creating smarter digital grids, the cyber tightening of the infrastructure underpinning them will play a pivotal role in guaranteeing the energy security of the society. As a result, it is vital that decision makers choose early on to build and maintain strong cyber security infrastructure across the total energy value chain.
It is increasingly common for cities and commercial hubs around the globe to become the targets of a wide range of cyber threats seeking to disrupt day-to-day energy availability and consumption. These threats will grow with time forcing authorities to think of ways to best protect their citizens and economic interests by cyber upgrading and hardening the energy infrastructure. Utilities that generate, manage and control electrical energy will play an important role in this cyber hardening process by proactively shaping regulations and deploying state-of-the-art cyber solutions.
Utilities today are racing to understand the threats that lie in cyber space and the defenses required to protect against them. Saddled with limited budgets and facing a growing volume of possible cyber attacks, utilities need to innovate and transition legacy infrastructure, optimize the use of existing technologies, and deploy strategic solutions to minimize vulnerability and increase resiliency.
Transitioning from vulnerable to valuable energy utility infrastructure
While diversity of individual utility requirements makes it harder to have a one-size-fits-all solution, utility security architecture should be enhanced to meet the following five requirements.
1. End-to-end Integrated Security Architecture
The prevalence of smart grid devices is contributing to greater efficiency and integration of utility networks, but it is also increasing their vulnerability to cyber exploitation. Implementing an end-to-end security infrastructure will ensure that the security requirements for the entire value chain are being addressed on an ongoing basis.
2. End Point Security Solutions
To ensure the long-term security of digital devices, their confidentiality, integrity and access control solutions must be tested and improved upon on a periodic basis. Moreover, security processes must be agile enough to quickly identify and isolate compromised devices. This overall security design must ensure that the potential impact can be contained to a single device or entity.
3. Smart Meter Security Architecture
Since there is no universal standard for smart meters communications, every utility must take into consideration a set of prioritized security requirements for their operating domain. These requirements should include end-to-end confidentiality, data integrity, and access control and authorization services to ensure completeness. Such implementations will allow for ease of upgrades and quick fixes to mitigate emerging threats.
4. In-Home Networks and Security Extensions
As consumer in-home networks continue to evolve, utilities should consider partnering with vendors to ensure that the energy solutions are secure and interoperable with grid infrastructure an emerging complex security requirement for todays connected enterprises. One of the key issues is the evolving nature of standards, and its impact on deployed proprietary devices, as many existing systems will require contingency plans and costly retrofits. As a result, it will be critical to maintain flexibility within smart meters and supporting architecture to match the evolving security schemes in consumer devices. This will be of particular importance during the process of evaluating security for emerging electric vehicles and rooftop solar (PV) to ensure successful infrastructure adaptability.
5. Extensions to IT Security
In response to the digital rollouts in the operating environment, utilities must be able to adopt open security architecture to accommodate those changes. While it remains difficult to implement conventional defense-in-depth models in field infrastructure, systems that can detect intrusion and anomalous behavior in devices and networks, along with models that predict cyber threats, will be vital. While integrated technologies will continue to strengthen security infrastructure, existing security processes should be extended to include smart grid elements and grid infrastructure.
Cyber attacks, changing security environment and pace of digital innovation will continue to challenge the ability of utilities to employ innovative technology solutions and minimize operational risks. Following the above five steps will help utilities consider the fundamentals on how they can begin to leverage more out of the utility grid, minimize business disruption, and bring about greater network security. For todays cities to realize their full digital and economic potential tomorrow, a smart and flexible infrastructure is essential. Now is the time to get serious about smart grid security.