Security Challenges to Power Grid and Smart
Grid Infrastructures
P.K.AgarwalAdditional General Manager
Power System Operation Corporation Ltd.New Delhi, India
Outline
• Why security of power grid and smart grid
infrastructure is important
• Security in the context of power grid and smart
grid.
• Operational Security
• Physical Security
• Cyber Security
• Challenges & Way forward
8th
No
v 2
01
3
2
Some Facts•US Blackouts
• During the past two decades, blackouts have increased 124 percent -- up from 41between 1991 and 1995, to 92 between 2001 and 2005, according to research at the University of Minnesota
• In the most recently analyzed data available, utilities reported 36 such outages in 2006 alone
Source -
8th
No
v 2
01
3
3
Power Grid
• Electrical grid is a man made miracle.
• Largest machine ever made.
• Managed by mutual co operation.
• Fulfills diverse requirements of
• System Operation
• Market Operation
• A Critical infrastructure of a Nation.
8th
No
v 2
01
3
7
Vast Size – Widely Spread
• Generating Stations - More than 450
• Generators - More than 1400
• Substations - More than 2000
• Circuit Kms of line - More than 270,000
• MW capacity - More than 220 GW
• Transformation Capacity - More than 480,000
• Nos of stakeholders - More than 160
8th
No
v 2
01
3
8
Smart grid
• Most significant upgrade to power grid in the last 100 years.
• Most flexible and transparent by the use of ICT.
• Has additonal new functionalities
• Self-healing.
• Motivates and includes consumers(Demand-0response).
• Accomodates all generation and storage options.
• Enables Electricity Markets.
• Optimize asset allocation and operational efficiently
8th
No
v 2
01
3
9
High Penetration
• DISCOMs – 43
• Utilities – 163
• Traders – 44
• power exchanges – 2
• OA applications - 32000 per year
• OA consumers - More than 2100
8th
No
v 2
01
3
10
Indian Smart Grid Pilot Projects
8th
No
v 2
01
3
11
MoP has approved 14 smart grid pilots for execution
Functionalities being opted:
• AMI for Residential, Commercial and Industrial
• Peak Load Management• Outage Management• Power Quality• Renewable Integration• Micro Grids• Distributed Generation
Source – Desi Smart Grid
Smart Grid Functions Implemented
• Advanced Metering Infrastructure (AMI)
• Virtual Demand Response (DR)
• Street Light Automation
• Outage Management System (OMS)
• Net-Metering by Renewable Integration
• Power Quality Management
• Smart Home
• Micro Grid Controller
• Electric Vehicle
8th
No
v 2
01
3
13
Security of Power Grid and Smart Grid
• Traditionally security to power system means – to withstand unexpected disturbances
• Such as short circuit
• Loss of a power system component such as Transmission line
• In today’s world secuirty focus has expanded to include
• disturbances due to overloading or unexpected causes
• Physical attacks or
• Cyber attacks
8th
No
v 2
01
3
14
Security….
GRID
Network
Data
Hardware
Premise
Software
CommunicationA
vaila
bili
ty
8th
No
v 2
01
3
15
Different Perspective…….
Business
ConfidentialityIntegrity
Availability
AvailabilityIntegrity
Confidentiality
Power Grid
IntegrityConfidentiality
Availability
Smart Grid
8th
No
v 2
01
3
16
Security of Power Grid/Smart Grid
• Operational Security
• Physical Security
• Cyber Security
8th
No
v 2
01
3
17
Operational Security
• THE DEGREE OF RISK POWER SYSTEM’S ABILITY TO SURVIVE DISTURBANCES
(CONTINGENCIES) WITHOUT INTERRUPTION.
• Robustness of the system to disturbances.
• Depends on the system operating condition
• Depends on the contingent probability of disturbances.
8th
No
v 2
01
3
18
Ensuring Operational Security
• Real time monitoring of transmission line flows - they are not overloaded.
• Contingency analysis – a “What if analysis” of grid situations – ensuring that system is secure .
• Corrective preventative action - so that if contingencies occur - do not create a system breakdown.
• The contingency analysis is repeated periodically.
• Load and generation balance - frequency stability – keep it between permissible band (49.7 – 50.2 Hz)
• Inter regional transfers monitoring.
• Monitoring status of all - any mal-function the operator is alerted through alarms.
8th
No
v 2
01
3
19
Synchrophasor technology…
• use monitoring devices called phasor measurement units (PMUs) using GPS
• measures the instantaneous voltage, current, and frequency at specific locations in an electric power transmission system (or grid)
• Has high sampling rate 20 or more times per electrical cycle which is 1200 or more times per second.
• converts the measured parameters into phasor values, typically 25 or more values per second.
• adds a precise time stamp using GPS to these phasor values turning them into synchrophasors.
• The resulting high speed data• Enables transmission grid operators to have a high resolution “picure”
of conditions throught the grid.( Situational Awareness)
8th
No
v 2
01
3
20
Wide Area Monitoring - Synchrophasors
8th
No
v 2
01
3
21
Enhanced Situational Awareness to Monitor Health of the Grid
Grid Stress Phase Angular Separation
Grid Robustness Damping Status and Trend(s)
Oscillations Sustained Low Frequency oscillation
Frequency Instability Frequency Variation Across
Interconnection
Voltage Stability Low Voltage Zones / Voltage Sensitivities
Angular Stability Power-angle Sensitivities, stability
Margin (s) “How far from the threshold value?”
New tools – increased visibility
• The PMU in power grid and advance metering infrastructure in smart grid - provide “MRI” capability compared to the “x-ray” quality available from SCADA technology.
• Significantly increased situational awareness -fine-grained command and control.
• Digital information technology allows close interaction of the transmission and distribution grid.
8th
No
v 2
01
3
23
The Biggest Myth!!
● “We are secure because we are isolated from the Internet
and other networks”.
● After Stuxnet in Iran ....
● Myth gone haywire….
● Its only a matter of time!!
– Social Engineering => Sneakernet
– Cyber breach will not effect us as we are not controlling
from remote.
8th
No
v 2
01
3
24
• TODAY’S ELECTRIC UTILITY…..
• relies increasingly on digital electronic devices and communications for
• to optimize system operation
• and increase reliability,
• More automation and two way communication means –
• Increased cyber attack vector
• Inccreased attck surface
• Cybersecurity remains a constant challenge.
8th
No
v 2
01
3
25
Cyber Security a constant challenge…
What is at Risk? [Excluding Damages due to Physical Access]
● Thumb Rule: Any thing / process to which data can be
written to either through Software or Manually by User /
Administrator.
● Possible Targets:
– Relay Configurations
– Control System Settings – Changing of control parameters,
limiting values
– Erasing complete data from SCADA servers.
– Freezing values of critical line loadings.
– Denial of Service (communication to control room)
8th
No
v 2
01
3
26
• Eletrical grid is fundamentally designed with security by obscurity and isolation.
• Protocols – without in built security.
• Physical Security was the paramount concern.
• Integration of electric and information infrastructure -
• Increased attack vector and attack surface
• More automation – more vulnerabilities.
• Vulnerability weaponization - The vulnerability arms race —total disclosures in 2012 increased 19 percent from 2011
• Mobile vulnerabilities
• Web applications remain vulnerable
• Mature technologies, continued risk
8th
No
v 2
01
3
27
Many challenges….
Physical Security…
• Power grid and Smart grid are critical infrastructure of the Nation.
• Infrastructure is wide spread.
• Almost impossible to guard each and every point.
• Synchronised coordinated operation
• Damage to one part may cause cascade damage.
• Control centers are strategic locations.
• Any risk to them may enganger thewhole infrastrucuture.
• Any unintentional mal-operation may render infrastructure in a state of grave danger.
8th
No
v 2
01
3
33
Physical Security Risks…..
• Risk impact is very high.
• Capturing of premise.
• Capturing control of control room.
• Damages to critical equipment.
8th
No
v 2
01
3
34
Mitigation…..
• Backup control centers.
• Defense in depth strategy.
• Security Guard/CCTV/Access Control.
• Zoning of premises
• Secuirty Mock Drills.
• Close cordination with local security authorities.
• Vigilant Staff.
• Security audit and certificaion.
8th
No
v 2
01
3
35
Cyber-Physical Approach to Smart Grid Security
• Physical systems operated are monitored, coordinated, controlled by a computing and communication core.
• Computing and communication capabilities will soon be embedded in all types of objects and structures in the physical environment.
• Smart grid will have more and more such embedded objects.
• Protecting critical infrastructure is vital to the health of an economy;
• one such infrastructure, the electric power transmission grid, forms one of the largest complex nterconnected networks ever built.
8th
No
v 2
01
3
36
• Tight coupling between ICT and physical system introduces new security concerns and requires a rethinking to common security approach.
• The smart grid will reach every house and building, giving potential attackers easy access to some of the grid components.
• A coordinated assessment of cyber and physical risks keeping the whole grid security goals in mind is needed.
• Bringing together cyber security and system theory is needed to address the security requirements.• Cyber attacks can cause disruptions that transcend the cyber
realm and affect the physical world –Stuxnet.
• Physical attacks can affect the cyber system - integrity of a meter can be compromised by using a shunt to bypass it
8th
No
v 2
01
3
37
Security of Cyber-Physical System
Challenges to Power/Smart grid security
• Continuous availability demand.
• Time-criticality.
• Constrained computational resources on edge devices
• Large physical base.
• Wide interface between digital and analog signals.
• Social acceptance including cost effectiveness.
• User reluctance to change.
• Legacy issues
8th
No
v 2
01
3
39
Facts
• Smart Grid security is not a revolutionary concept, it is evolutionary.
• Should not pursue it as if it is a target to achieve but, rather, as a journey.
• Industry, government and academia coming together on policy innovation and standards development.
• Universities and R&D organizations collaboration for inventing technologies.
• Power grid and Smart grid is an corodinated effort. Any deficiency may give access to hackers..
8th
No
v 2
01
3
40
Facts
• Security is complex
• Security is a process and not a single product
• Security Solutions should be open to third party vendors
• Compliance approach should be the prefered method and starting point
• Security needs experienced security expertise
8th
No
v 2
01
3
41
References…..
• Cyber–Physical Security of a Smart Grid Infrastructure - By Yilin Mo, Tiffany
Hyun-Jin Kim, Kenneth Brancik, Dona Dickinson, Heejo Lee, Adrian Perrig, and Bruno Sinopoli.
• Smart Grid Security Issue – IEEE ecurity and Privacy, Januaer/Ferbuary 2010.
• Introduction SCADA Security for Managers and Operators - September 28, 29, 2006 – Idaho National Laboratory.
• Why is the Smart Grid is Target - 3o June 2012 - Symantec
• Risk Management Framework for the Power Grid Cyber-Physical Security -Riadh W. Y. Habash1*, Voicu Groza1 and Kevin Burr, - School of Electrical Engineering and Computer Science, University of Ottawa, Ottawa, Ontario, Canada. Kylowave Inc., Ottawa,
Ontario, Canada.
• A Taxonomy of Cyber Attacks on SCADA Systems - Bonnie Zhu, Anthony Joseph, Shankar Sastry, Department of Electrical Engineering and Computer Sciences, University of California at Berkeley, CA
• Desi Smart Grid Portal www.desismartgrid.com
• Website www.powergridindia.com of Power Grid Corporation of India
• https://apps.powergridindia.com/smartgrid/smartgrid_video.aspx
8th
No
v 2
01
3
42