Introduction
The electric grid in the United States has been built way back in the 1890s (“What is the Smart Grid,” 2012). At present, it has been a by product of technological advancements which consist of more than 1 million megawatts of generating capacity passing through about 300,000 miles of transmission lines (“What is the Smart Grid,” 2012). With the utilization of new technologies, today’s grid is geared to a more stretched capacity which can manage the more complicated electric needs of the twenty first century consumers. It is called a “smart” grid since it is digitalized and made up of automation, computers, controls, and new technologies and equipment which are all networked.
Smart grid is a modern type of technology of utility electricity service systems which makes use of computer-based automation and remote control. The “grid” consists of electrical networks which bring electrical power from the power plants or energy source to where it is needed. The smart grid is made up of substations, switches, transformers, wires, among others (“What is the Smart Grid,” 2012). The major element of its efficient operations is the two-way digital communication technology which links several devices to the grid. There is a network operations system in the smart grid network that manages the data exchanges through various devices such as detectors, fault voltage sensors, power meters, etc. Automation technology is a major feature of the smart grid which enables it to control and adjust several devices through a central location (“What is the Smart Grid,” 2012). The smart grid security systems transpire through a two-way communication technology and computer processing which are already being used in various industries worldwide (Springfield Networks, 2012).
The smart grid is developed in order to address the present demands of the modern society. This upgraded grid is developed from the bottom up to support the new foundation of digital and computerized equipment and technology where it relies. The main advantages of a smart grid system includes a more efficient transmission of electricity, quicker power restoration after disturbances, cost effective operations and management of utilities and decreased costs of power for consumers, and reduced peak demand (which also decreases the costs of electricity) (“What is the Smart Grid,” 2012). Other benefits include the increased linkages of large-scale renewable energy systems, improved security, among others.
These benefits are crucial since an electric disruption can be very threatening in today’s digital world. Power affects all aspects of life such as banking, communications, security, traffic, etc. A smart grid makes the electric utility more resilient for natural and man made disasters.Its new technologies manages the disruption and ensures a quick power recovery. It also addresses the very old energy infrastructure and efficiency problems (U.S. Department of Energy Website, 2012). Hence, smart grid security system gives many benefits to utilities and consumers.
Security Issues of the Smart Grid System
Major energy infrastructures such as the smart grid system need to be protected from various deliberate attacks and incidences. This is a long standing concern since the end of the Cold War Period, especially because of the terrorist threats. This discussion will focus on the energy infrastructure security, particularly on the politically and economically motivated supply interruptions.
Smart grids constitute various vulnerabilities. It needs a system-wide integrity to ensure supply reliability. This is especially important since critical facilities or substations are spatially concentrated. The following discussion explores the security features and problems of smart grid, how it differs from the traditional energy security concepts and its implications for private and policy decision making. Key concepts include utilization of technologies, resilience, storage, decentralization, and critical linkages.
The smart grid system utilizes digital information technology to transmit and deliver power. This operation is very dependent on a complex computer networks (Vijayan, 2009). This makes the smart grid network vulnerable to attacks. This nature also makes the network crucial in the new power infrastructure. This is because any malicious attack on the smart grid network would mean danger for many people and industries. An accidental operation could also cause harmful effects (Vijayan, 2009). Thus, the issue of security is a paramount concern for this centralized and digitized electric service system.
Aside from external attacks, malevolent security breaches and accidental misconfigurations or wrong procedures and other operational oversights can make the smart grid system very prone to harm (Bryne, 2011). Wireless or wire-line based network connections is also a major threat to its security (Bryne, 2011). Since the smart grid runs on an Internet protocol (IP) and is linked to open networks which can be hacked, this is also a major vulnerability to the electric utility system. An outsider can use a similar protocol which can be secured from the global information technology domain (i.e. hypertext protocol (HTTP) and Internet Protocol (IP).
As it is, the use of smart grid networks for the delivery of electric sources has its advantages and disadvantages. Some of its cumulative advantages are increased efficiency, better system and reduced power blackouts (Mills, 2009). However, its major reliance on the Internet technologies makes the smart grid system very vulnerable in four main areas. These are the following: communication networks, SCADA, substation security, and wireless networks security (Mills, 2009).
Communication networks can be very risky since it is made up of communications protocols called SCADA (Supervisory Controls and Data Acquisition). These protocols are created for the exchange of control messages on smart grid network. While the technology utilized by SCADA has been tested for several decades, the multiple interconnectivity is a serious threat for cyber attacks (Mills, 2009). Substation security is also beset by three principal threats. These are the following: the grid instability, the rapid level of automation and the lack of risk management (Mills, 2009). The increased automation level means more security risks because rapid automation implies more computer-controlled electronics and software. Grid operations can be instantaneously interrupted and this can greatly compromise the smart grid’s network operations with very dramatic impact on its costs. The critical smart grid infrastructures in the substation also lack adequate risk management (Mills, 2009).
The smart grid’s communication networks and protocols also lend themselves as potential attack paths for cyber attackers and terrorists. The smart grid system has been dramatically operated through Internet technologies, which have inherent security problems and thus this makes the smart grid networks more prone to dangers. Also, the smart grid security system strongly depends on the ability of various entities to interact via communication networks. As it runs through both wireless and wire based network technology, which is now the most popular and scalable communication infrastructure for smart grids, it is more prone to cyber attacks.
The wireless devices utilized in AMI security that are the main components of a smart grid have crucial cyber vulnerabilities. Since the AMI security devices are situated away from the smart grid’s physical security perimeter, they are at larger risk of being compromised (Mills, 2009). The lack of feasibility studies on the viability of the wireless devices is also one of the weaknesses of this component. According to Ullo (2010), only the IEEE 802.15.4 protocol, which is the foundation for all of these wireless technologies, has been studied. Only its related vulnerabilities have been identified.
The following details the security issues and vulnerabilities of the smart grid system:
1. Vulnerabilities in SCADA- Supervisory Control and Data Acquisition
Supervisory Control and Data Acquisition (SCADA) systems are widely used to monitor and manage the national power grid. Since these control networks evolved, the use of the Ethernet and TCP/IP became the norm (Liu, p. 1). Hence, it led to greater risks. While this technology has been used for many years, its complex interconnectivity poses more risks for cyber attack. Updated government reports have heightened concerns on the overall general security posture of the SCADA systems (Study of Security Attributes of Smart Grid Systems – Current Cyber Security Issues, 2009).
The National SCADA Test Bed (NSTB) program published a report which emphasized the numerous vulnerabilities existing in the SCADA systems which have not been disclosed in public (Study of Security Attributes of Smart Grid Systems – Current Cyber Security Issues, 2009). The NSTB reported that the National Vulnerability Database (NVD) also gathers 15 extra disclosed SCADA vulnerabilities daily (Study of Security Attributes of Smart Grid Systems – Current Cyber Security Issues, 2009). However, these vulnerabilities mostly pertain to control systems. There are inefficient security precautions since not all of the risks are publicized and made transparent to the public. These undisclosed risks can be exploited by an expert attacker or a terrorist (Study of Security Attributes of Smart Grid Systems – Current Cyber Security Issues, 2009).
As it is, the SCADA is very susceptible to cyber attack. It also inherits the network security problems from other industrial or commercial network since it could be transmitted through the networks (Study of Security Attributes of Smart Grid Systems – Current Cyber Security Issues, 2009). The convoluted connections of the SCADA systems also mean that an attack can only be managed through major computer engineering and control systems engineering expertise. This is because SCADA must overcome non-computerized fail-safe measures (Study of Security Attributes of Smart Grid Systems – Current Cyber Security Issues, 2009).
2. Vulnerabilities in Substation Security
According to Liu (2009), there are three main vulnerabilities in substation security - the increasing level of automation, the grid instability and the lack of proper risk management. Generally, about 81% of transmission substations carry some level of automation. Meanwhile, about 57% of distribution-type substations also carry some automation (Liu, 2009). The increase in the level of automation means more security risks because increased automation means increased computer-controlled electronics and software. More computer devices mean more cyber security risks (Liu, 2009). There are also several vulnerabilities connected to substation automation devices. When a smart grid network is attacked, this might lead to generator damages, power outages and grid instability (Liu, 2009).
Grid operations can be radically interrupted and this can instantly compromise the smart grid system operations with huge impact on costs. Tuning the grid becomes crucial because the grid data depends on the Internet protocol based flow of information. Once these data or information is compromised, security breach is highly possible (Liu, 2009).
The critical infrastructures in the grid’s substation lack proper risk management. Even when there are around-the-clock support operations, most of these are not regularly supervised (Heimbuch, 2011). This inattention compromises the levels of physical security. While most people think that smart grid security is only threatened by hostile environments and people, the software and management systems of the smart grid security are also very crucial. Hence, risk management is truly important for the facilities and the personnel who access the smart grid equipment and systems.
3. Vulnerabilities in Communication Networks
The smart grid communication networks are very important since it assures the balance maintenance between demand and power generation, frequencies and voltages, urgent response to dynamic conditions, and provision of real-time power market access, among others (Study of Security Attributes of Smart Grid Systems – Current Cyber Security Issues, 2009). Smart grid substations, control centers within utilities, regional transmission operator/independent system operators (RTO/ISOs) are in normal communication with each other (Study of Security Attributes of Smart Grid Systems – Current Cyber Security Issues, 2009). Aside from these, there is also various data exchange protocols utilized between entities within the smart grid. The communication network must be safe in order to synchronize transfer of data (Study of Security Attributes of Smart Grid Systems – Current Cyber Security Issues, 2009).
These communication networks and protocols also serve as potential paths for terrorists and cyber attackers. With the network’s increasing link to the Internet, the inherent vulnerabilities found in the Internet also increase the communication network’s security risks. The standardization of technology also renders its weaknesses to attackers (Heimuch, 2011). The current industry regulation and deregulation also adds to the security problems.
4. Vulnerabilities in Wireless Network Security
Wireless network technology is widely used as the most scalable and popular communication infrastructure for smart grids. These wireless networks deploy the smart grid because of their cost effectiveness and their availability. However, the analysis of IEEE 802.15.4 based networks evidence that the application of wireless technology may be very advantageous in terms of automation, remote monitoring and supervision yet very vulnerable to cyber attacks (Ullo, 2010).
The IEEE 802.15.4 security framework contains security vulnerabilities and major attacks in the context of WBAN or Wireless Body Area Network (Ullo, 2010). It attests that several types of attacks can occur on the Contention Access Period (CAP) and Contention Free Period (CFP) parts of the super frame. This implies that the direct adaptation of IEEE 802.15.4 security framework for WBAN is not secured (Ullo, 2010).
The wireless devices utilized in AMI security, which are deployed smart grid components, also have crucial cyber vulnerabilities (Ullo, 2010). The AMI is one of the principal technologies used to support the functions of the smart grid. The wireless devices are used in the smart meters situated in the customers’ premises. There are various ways by which these devices can be attacked in an AMI networks.
Another major issue is that these wireless devices are located far from the utility’s physical security perimeter. This implies great risk of being compromised (Study of Security Attributes of Smart Grid Systems – Current Cyber Security Issues, 2009). Attackers can obtain data from the memory of these wireless devices. Data includes the keys used for network authentication and how the device memory can be altered by an attacker to insert viruses or malicious software (Study of Security Attributes of Smart Grid Systems – Current Cyber Security Issues, 2009). Once the device is compromised, it can be also be used to attack other parts of the smart grid system through its communications inside the smart grid network. Attacks coming from the AMI wireless network device can cause a direct control systems compromise (Study of Security Attributes of Smart Grid Systems – Current Cyber Security Issues, 2009).
It is also said that there are scant studies on the reliability of the wireless devices like Zigbee and other wireless communication standards like the ISA 100.11a and Wireless HART (Study of Security Attributes of Smart Grid Systems – Current Cyber Security Issues, 2009). These devices are still in the early stages of development and deployment. As it is, there is limited information regarding its security.
Only the IEEE 802.15.4 protocol, the basis for all of these technologies, has been studied and its related vulnerabilities have been known (Study of Security Attributes of Smart Grid Systems – Current Cyber Security Issues, 2009). Sellers of wireless AMI technology often assure its customers of provided security features. However, the required security measures are not actually installed (Study of Security Attributes of Smart Grid Systems – Current Cyber Security Issues, 2009). This means that there is still a need for more security research on these wireless technologies as applied to smart grid systems.
Conclusion
The use of the smart grid network in the electricity sector of the United States generally upgrades the utility’s service by breaking down the barriers between transmission and distribution. It also supplies more electric power to more consumers at reduced rates. Several beneficial applications of the smart grid include efficient handling of electricity sources, reduced power blackouts, increased efficiency, and better system reliability.
However, the impressive use of the smart grid is threatened by its complex network of computers, software, and communication technologies. If compromised by an intelligent attacker, this will have several negative implications and can cause tremendous damage such as big power outages and electrical equipment destruction. As it is, the smart grid system is very vulnerable to a cyber attack at all fronts. Its reliance on open and integrated networks make it prone to cyber atatcks. This makes it highly vulnerable from security threats.
Cyber security is a critical concern in the protection of major energy infrastructure such as electricity. One of the major threats is from global terrorists who can easily and discreetly attack the grid’s system. As such, the US government must build a stronger, utility-wide security management framework to confront cyber security issues. This is very crucial to enhance the security and the dependability of the country’s electric grid. To ensure a resilient smart grid is paramount because it is the most complex and critical infrastructure. Many other sectors and industries depend on electricity and power failure can lead to tremendous losses and dangers.
The U.S. energy infrastructure is the powerhouse of the 21st century economy. It holds the banking, telecommunications, manufacturing, and all the other sectors. Without a sustainable electric energy supply, all the other sectors and services will be greatly affected. The U.S. economy cannot literally function without a stable supply of electricity. Hence, the US smart grid system must be transformed into an attack resilient system.
References:
Byrne, Ciara. (February 1, 2011). "How secure is the smart grid?" Venture Beat . Retrieved on October 18, 2012 from, http://venturebeat.com/2011/02/01/how-secure-is-the-smart-grid/.
Heimbuch, Jaymi. (January 10, 2011). "CES 2011: Pinpointing Problems With Smart Grid Security." Tree Hugger. Retrieved on Ocotber 18, 2012 from, http://www.treehugger.com/clean-technology/ces-2011-pinpointing-problems-with-smart-grid-security.html.
Liu, C. (March 15-18, 2009). Cybersecurity of SCADA Systems: Vulnerability assessment and Mitigation. Power Systems Conference and Exposition. PSCE 2009. IEES/PES.
Mills, Elinor. (April 10, 2009). "Just how vulnerable is the electrical grid?" CNET News. Retrieved on October 18, 2012 from, http://news.cnet.com/8301-1009_3-10216702-83.html.
Springfield Networks. (2012). White Paper on the Smart Grid Security, Myths Versus Reality. Retrieved on October 19, 2012 from, https://docs.google.com/viewer?a=v&q=cache:LzVzrMi8z5UJ:www.silverspringnet.com/pdfs/whitepapers/SilverSpring-Whitepaper-SmartGridSecurity-MythsReality.pdf+%EF%83%98+Operations+and+Control+of+smart+grid+security+system&hl=tl&gl=ph&pid=bl&srcid=ADGEESha-yT__KLOObNcBHbFNDj7We0p3rHUuJyiFFgvlTWqpF2i46_7b8tp-0gnfw9_4Nrzr2VwD81Mqnl6-CohZNhP700FH_VcnqyXGozlZGSVCCsh-ToRyhJDsN1rpQeaoyAlxWxB&sig=AHIEtbQGZQ5tnIX5FqyqFkRbYbLOnUskfA.
Study of Security Attributes of Smart Grid Systems – Current Cyber Security Issues. (April 2009). U.S. Department of Energy, Office of Electricity Delivery and Energy Reliability. Retrieved on October 18, 2012 from, https://docs.google.com/viewer?a=v&q=cache:wqtdg3Fim8YJ:www.inl.gov/scada/publications/d/securing_the_smart_grid_current_issues.pdf+security+issue+sin+the+smart+grid+systems+%2B+substation+security&hl=tl&gl=ph&pid=bl&srcid=ADGEESgjyQneJAjdh8HjuPVzGv2yLdxKI8n-hvEOoQbJ8ZeukziVbmr-TUJvS8Ik8OZMoy_NYY8ZXikm6anCvAklbmzu1B7mf3Qq2U_taQGXTdcifLeIN6zYLARjHF_H1n9N9uitqg8b&sig=AHIEtbReBWn7KSm7FQkuagNE7VZzdSfq7A.
Ullo, S. (2010). The role of pervasive and cooperative Sensor Networks in Smart Grids communication. MELECON 2010 - 2010 15th IEEE Mediterranean Electrotechnical Conference. Retrieved on October 18, 2012 from, http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=5476236&url=http%3A%2F%2Fieeexplore.ieee.org%2Fiel5%2F5470286%2F5475895%2F05476236.pdf%3Farnumber%3D5476236.
U.S. Department of Energy Website. (2012). Smart Grid. Office of Electricity Delivery & Energy Reliability. Retrieved on October 19, 2012 from, http://energy.gov/oe/technology-development/smart-grid.
Vijayan, Jaikumar. (September 29, 2009). Report highlights Smart Grid security vulnerabilities." Computer World . Retrieved on October 18, 2012 from, http://www.computerworld.com/s/article/9138677/Report_highlights_Smart_Grid_security_vulnerabilities.
“What is the Smart Grid?” (2012). SmartGrid.Gov Website. U.S. Department of Energy. Retrieved on October 18, 2012 from, http://www.smartgrid.gov/the_smart_grid#smart_grid.