Cyber security and real-time electric control center operations
Protection of electronic information and intellectual property, along with a secure digital network, are essential for any modern organization to function safely in today’s electronic digital world. It seems like every day major news media outlets headline a form of cyber-attack on the infrastructure of some industry.
This is especially true for utilities, as they upgrade their systems with intelligent devices to increase operational efficiencies and awareness. With a growing dependency on computer based systems for their operations, cyber technology, and security has emerged as a major concern.
Potential threats make it more critical than ever that organizations protect cyber systems to prevent catastrophic interference with their operations. In particular, real-time monitoring and control network systems are considered critical to the economy, security, and quality of life of a nation. Government agencies and industry organizations are involved in developing standards and best practices to guide the protection of these critical cyber infrastructures.
Almost 60,000 cyber vulnerabilities have been identified to date, and new threats are discovered every day. These threats help to show the ease with which sophisticated hackers or disgruntled employees can disrupt system availability or obtain access to confidential data. Eliminating these risks requires a defense-in-depth strategy beyond standard protective measures such as firewalls and passwords. In addition, testing must be performed to ensure these protections are adequate, and up to date.
The “components” of the electric power sector, the most critical of the United States industry sectors identified by the Department of Homeland security and Congress, are the interconnected system of electric power loads, power generated by generation sources, and the high voltage transmission lines which carry the power from generation sources to the loads. The reliability of this grid—the number one concern of the federal government and government regulatory bodies—is determined, for the most part, by the operators of the hundreds of “control centers (CC)” that retrieve data from and provide component operations for the three electric interconnections that make up the US electric grid. The operation of these control centers is dependent upon two critical capabilities:
- The ability to retrieve accurate data from all the interconnected components of their responsible portion of the grid. Cyber-attack vectors that result in manipulation of this data could cause the operators to take inappropriate real-time actions on the control systems that potentially jeopardize reliability of the grid.
- The ability to perform actions in the control center based on this data that will allow the operators to control the flow of electric power on the grid in order to insure safe, secure power under all operating conditions. A cyber-attack vector that allows for an outside entity to gain direct control capabilities of an EMS system is the number one threat to the power grid today.
In today’s world, Energy Management Systems (EMS)—computer based cyber systems that use sophisticated software applications, network interconnections, and related data acquisition and control systems—are used by these operators to monitor and operate the grid. Due to the cyber nature of these systems, the interconnected nature of the power grid, and the physical attributes of the grid (i.e., components that are operating in real time with reaction times of milliseconds for electric power transitions), and the security and integrity of these interconnected cyber controlled systems, is critical to the reliable operation of the grid.
In many other industry sectors, cyber security is also very important for successful operation of related businesses functions. In these industries, cyber security is monitored and maintained by software and hardware solutions that rely on cyber-attack detection and automatic isolation of the system from the attack vector and the “outside world” to prevent loss of critical data. The main difference between these industries and the electric power industry in cyber security implementation is the need for the grid control centers and related operators to be able to retrieve necessary data and operate the EMS systems without being isolated from the “outside world.” In electric power operations, continuity of the grid is critical on a real-time basis. Cyber security protection systems that take action in the systems they are monitoring independently from operator action would not be feasible in the EMS/electric power operation of the electric grid. The detection of cyber related incidents and the ability to mitigate the effects of successful attacks in real-time scenarios on these on these EMS systems is the number one concern for cyber security of the electric power sector. Under these conditions and with the increasing level of cyber incidents related to EMS system operation, software companies, and the electric power industry are working together to solve this unique problem of maintaining a secure cyber network while allowing the operators to monitor and control the system in a secure environment.
Since 2008, DNV GL has worked with clients on projects related to cyber security and related regulatory requirements and continues working diligently with cyber security software vendors and our electric power customers to define and implement effective security measures specific to these EMS environments as well as performing necessary cyber testing to enable a clear view of their security postures. These tests result in specific recommendations to remove or mitigate found issues, allowing for a strong level of confidence in an entities operational security investment.