Introduction
The electric grid in the United States has been built way back in the 1890s. At present, it has been a by product of technological advancements which consist of more than 1 million megawatts of generating capacity passing through about 300,000 miles of transmission lines (“What is the Smart Grid,” 2012). With the utilization of new technologies, today’s grid is geared to a more stretched capacity which can manage the more complicated electric needs of the twenty first century consumers.
Hence, the smart grid is developed in order to address the present demands of the modern society. This new grid is built from the bottom up to manage the groundswell of digital and computerized equipment and technology reliant on it. It is a “smart” grid since it is digitalized and made up of automation, computers, controls, and new technologies and equipment which are all networked.
Smart grid is a modern type of technology of utility electricity service systems which makes use of computer-based automation and remote control. The “grid” consists of electrical networks which bring electrical power from the power plants or energy source to where it is needed. The smart grid is made up of substations, switches, transformers, wires, among others (Ibid.). The major element of its efficient operations is the two-way digital communication technology which links several devices to the grid. There is a network operations system in the smart grid network that manages the data exchanges through various devices such as detectors, fault voltage sensors, power meters, etc. Automation technology is a major feature of the smart grid which enables it to control and adjust several devices through a central location (Ibid.). The smart grid security systems transpire through a two-way communication technology and computer processing which are already being used in various industries worldwide (Springfield Networks, 2012).
The main beenfits of a smart grid system includes a more efficient transmission of electricity, faster restoration of power after disturbances, reduced operations and management costs for utilities and reduced power costs for consumers, and reduced peak demand which also reduces electric rates ((“What is the Smart Grid,” 2012). Other benefits include the increased linkages of large-scale renewable energy systems, improved security, among others.
These benefits are crucial since an electric disruption can be very threatening in today’s digital world. Power affects all aspects of life such as banking, communications, security, traffic, etc. A smart grid makes the electric utility more resilient for natural and man made disasters.Its new technologies manages the disruption and ensures a quick power recovery. It also addresses the very old energy infrastructure and efficiency problems (U.S. Department of Energy Website, 2012). Hence, smart grid security system gives many benefits to utilities and consumers.
Security Issues of the Smart Grid System
The smart grid system utilizes digital information technology to transmit and deliver power. This operation is very dependent on a complex computer networks (Vijayan, 2009). This makes the smart grid network vulnerable to attacks. This nature also makes the network crucial in the new power infrastructure. This is because any malicious attack on the smart grid network would mean danger for many people and industries. An accidental operation could also cause harmful effects (Ibid.). Thus, the issue of security is a paramount concern for this centralized and digitized electric service system. Aside from external attacks, malevolent security breaches and accidental misconfigurations or wrong procedures and other operational oversights can make the smart grid system very prone to harm (Bryne, 2011). Wireless or wire-line based network connections is also a major threat to its security (Ibid.).
Since the smart grid runs on an Internet protocol (IP) and is linked to open networks which can be hacked, this is also a major vulnerability to the electric utility system. An outsider can use a similar protocol which can be secured from the global information technology domain (i.e. hypertext protocol (HTTP) and Internet Protocol (IP)).
As it is, the use of smart grid networks for the delivery of electric sources has its advantages and disadvantages. Some of its cumulative advantages are increased efficiency, better system and reduced power blackouts (Mills, 2009). However, its major reliance on the Internet technologies makes the smart grid system very vulnerable in four main areas. These are the following: communication networks, SCADA, substation security, and wireless networks security (Ibid.).
Communication networks can be very risky since it is made up of communications protocols called SCADA (Supervisory Controls and Data Acquisition). These protocols are created for the exchange of control messages on smart grid network. While the technology utilized by SCADA has been tested for several decades, the multiple interconnectivity is a serious threat for cyber attacks (Ibid.). Substation security is also beset by three principal threats. These are the following: the grid instability, the rapid level of automation and the lack of risk management (Ibid.). The increased automation level means more security risks because rapid automation implies more computer-controlled electronics and software. Grid operations can be instantaneously interrupted and this can greatly compromise the smart grid’s network operations with very dramatic impact on its costs. The critical smart grid infrastructures in the substation also lack adequate risk management (Ibid.).
The smart grid’s communication networks and protocols also lend themselves as potential attack paths for cyber attackers and terrorists. The smart grid system has been dramatically operated through Internet technologies, which have inherent security problems and thus this makes the smart grid networks more prone to dangers. Also, the smart grid security system strongly depends on the ability of various entities to interact via communication networks. As it runs through both wireless and wire based network technology, which is now the most popular and scalable communication infrastructure for smart grids, it is more prone to cyber attacks.
The wireless devices utilized in AMI security that are the main components of a smart grid have crucial cyber vulnerabilities. Since the AMI security devices are situated away from the smart grid’s physical security perimeter, they are at larger risk of being compromised (Ibid.). The lack of feasibility studies on the viability of the wireless devices is also one of the weaknesses of this component. According to Ullo (2010), only the IEEE 802.15.4 protocol, which is the foundation for all of these wireless technologies, has been studied. Only its related vulnerabilities have been identified.
Detailed below are the explanations of the vulnerabilities of the smart grid system’s security:
1. Vulnerabilities in SCADA- Supervisory Control and Data Acquisition
Supervisory Control and Data Acquisition (SCADA) systems are widely used to monitor and manage the national power grid. Since these control networks evolved, the use of the Ethernet and TCP/IP became the norm (Liu, p. 1). Hence, it led to greater risks. While this technology has been used for many years, its complex interconnectivity poses more risks for cyber attack. Updated government reports have heightened concerns on the overall general security posture of the SCADA systems (Study of Security Attributes of Smart Grid Systems – Current Cyber Security Issues, 2009).
There are several vulnerabilities found in the SCADA security assessments, according to the National SCADA Test Bed (NSTB) program (Ibid.). This report stressed that various vulnerabilities exist in SCADA systems that have not been disclosed in public. To illustrate, the National Vulnerability Database (NVD) receives 15 additional publicly disclosed SCADA vulnerabilities daily (Ibid.). It is estimated that at least 12% of all these reported SCADA vulnerabilities pertains to control systems. As such, there are inefficient security precautions as not all the risks are publicized and made transparent to the people. These undisclosed risks can be exploited by an expert attacker or a terrorist (Ibid.).
Generally, the SCADA is very susceptible to cyber attack. It is also inherits the network security problems from other industrial or commercial network since it could be transmitted through the SCADA networks. The convoluted connections of the SCADA systems also mean that an attack can only be managed through major computer engineering and control systems engineering expertise. This is because SCADA must overcome non-computerized fail-safe measures (Ibid.).
2. Vulnerabilities in Substation Security
As mentioned above, there are three main vulnerabilities in substation security - the increasing level of automation, the grid instability and the lack of proper risk management. Generally, about 81% of transmission substations carry some level of automation. Meanwhile, about 57% of distribution-type substations also carry some automation (Liu, 2009). The increase in the level of automation means more security risks because increased automation means increased computer-controlled electronics and software. More computer devices mean more cyber security risks (Ibid.). There are also several vulnerabilities connected to substation automation devices. When a smart grid network is attacked, this might lead to generator damages, power outages and grid instability (Ibid.).
Grid operations can be radically interrupted and this can instantly compromise the smart grid system operations with huge impact on costs. Tuning the grid becomes crucial because the grid data depends on the Internet protocol based flow of information. Once these data or information is compromised, security breach is highly possible (Ibid.).
The critical infrastructures in the grid’s substation lack proper risk management. Even when there are around-the-clock support operations, most of these are not regularly supervised (Heimbuch, 2011). This inattention compromises the levels of physical security. While most people think that smart grid security is only threatened by hostile environments and people, the software and management systems of the smart grid security are also very important. Hence, risk management is truly important for the facilities and the personnel who access the smart grid equipment and systems.
3. Vulnerabilities in Communication Networks
The smart grid communication networks are very important since it assures the balance maintenance between demand and power generation, frequencies and voltages, urgent response to dynamic conditions, and provision of real-time power market access, among others (Study of Security Attributes of Smart Grid Systems – Current Cyber Security Issues, 2009). Smart grid substations, control centers within utilities, regional transmission operator/independent system operators (RTO/ISOs) are in normal communication with each other. Aside from these, there is also various data exchange protocols utilized between entities within the smart grid. The communication network must be safe in order to synchronize transfer of data (Ibid.).
However, these communication networks and protocols also serve as potential paths for terrorists and cyber attackers. With the network’s increasing link to the Internet, the inherent vulnerabilities found in the Internet also increase the communication network’s security risks. The standardization of technology also renders its weaknesses to attackers (Heimuch, 2011). The current industry regulation and deregulation also adds to the security problems.
4. Vulnerabilities in Wireless Network Security
Wireless network technology is widely used as the most scalable and popular communication infrastructure for smart grids. These wireless networks deploy the smart grid because of their cost effectiveness and their availability. However, the analysis of IEEE 802.15.4 based networks evidence that the application of wireless technology may be very advantageous in terms of automation, remote monitoring and supervision yet very vulnerable to cyber attacks (Ullo, 2010).
The IEEE 802.15.4 security framework contains security vulnerabilities and major attacks in the context of WBAN or Wireless Body Area Network (Ibid.). It attests that several types of attacks can occur on the Contention Access Period (CAP) and Contention Free Period (CFP) parts of the super frame. This implies that the direct adaptation of IEEE 802.15.4 security framework for WBAN is not secured (Ibid.).
The wireless devices utilized in AMI security which are deployed smart grid components have crucial cyber vulnerabilities. AMI is one of the principal technologies used to support the functions of the smart grid. The wireless devices are used in the smart meters situated in the customers’ premises. There are various ways by which these devices can be attacked in an AMI networks.
Another major issue is that these wireless devices are located far from the utility’s physical security perimeter. This implies great risk of being compromised (Study of Security Attributes of Smart Grid Systems – Current Cyber Security Issues, 2009). Attackers can obtain data from the memory of these wireless devices. Data includes the keys used for network authentication and how the device memory can be altered by an attacker to insert viruses or malicious software. Once the device is compromised, it can be also be used to attack other parts of the smart grid system through its communications inside the smart grid network. Attacks originating from the AMI wireless network device can result to a direct control systems compromise (Ibid.).
It is also said that there are scant studies on the reliability of the wireless devices like Zigbee and other wireless communication standards like the ISA 100.11a and Wireless HART (Ibid.). These devices are still in the early stages of development and deployment. As it is, there is limited information regarding its security.
Only the IEEE 802.15.4 protocol, the basis for all of these technologies, has been studied and its related vulnerabilities have been identified. Sellers of wireless AMI technology assure its customers of provided security features. However, the required security measures are not actually installed (p. 12). This means that there is still a need for more security research on these wireless technologies as applied to smart grid systems.
Conclusion
The application of the smart grid network in the electricity sector of the United States intends to improve the service by breaking down the barriers between transmission and distribution. It also intends to bring more electric power to more consumers at reduced rates. The smart grid is also geared towards full integration and inter linkages for better utility and security protection. Several applications of the smart grid system include various benefits such as enhanced cyber-security, efficient handling of electricity sources, etc. It also reduces power blackouts and increases efficiency and better system reliability.
The management and the operation of this advanced and very impressive smart grid security system depend on a complex network of computers, software, and communication technologies. If compromised by an intelligent attacker, this will have several negative implications and can cause tremendous damage such as big power outages and electrical equipment destruction. The smart grid system is very vulnerable to a cyber attack at all fronts. This is due to the heavy linkages to Internet protocols and open networks which can be hacked. This is a major reason which makes the smart grid system highly vulnerable from security threats.
The grid’s use of internet technologies makes the system vulnerable in four major areas: substation security, SCADA, communication networks and wireless networks security. In sum, all these electric utility distribution depends on the secuirty of its computer operations. In the context of increased security requirements due to global terrorism, the government must build a stronger, utility-wide security management framework. Cyber security is the first and foremost concern.
The U.S. energy infrastructure is the powerhouse of the 21st century economy. It holds the banking, telecommunications, manufacturing, and all the other sectors. Without a sustainable electric energy supply, all the other sectors and services will be greatly affected. The U.S. economy cannot literally function without a stable supply of electricity.
Ultimately, the smart grid system must be transformed into an attack resilient system. According to the Iowa State University (2012), this is possible through the following:
1. Vulnerability Analysis: There must be a proper and adequate assessment of cyber vulnerabilities in the SCADA and other automation systems of the smart grid.
2. Impact Analysis: The impact of a successful cyber attack on the operations of a smart grid must be quantified so that the different government departments will be more prepared in the future.
3. Risk Modeling: This is a quantitative method to assess the risk due to cyber attacks. This includes coordinated attacks.
4. Risk Mitigation: Protection and control measures to mitigate attacks.
Works Cited:
Byrne, Ciara. (February 1, 2011). "How secure is the smart grid?" Venture Beat . Retrieved on October 18, 2012 from, http://venturebeat.com/2011/02/01/how-secure-is-the-smart-grid/.
Heimbuch, Jaymi. (January 10, 2011). "CES 2011: Pinpointing Problems With Smart Grid Security." Tree Hugger. Retrieved on Ocotber 18, 2012 from, http://www.treehugger.com/clean-technology/ces-2011-pinpointing-problems-with-smart-grid-security.html.
Iowa State University. (2012). Power Infrastructure Cybersecurity Laboratory of Electrical and Computer Engineering Department. Retrieved on October 18, 2012 from, http://powercyber.ece.iastate.edu/.
Liu, C. (March 15-18, 2009). Cybersecurity of SCADA Systems: Vulnerability assessment and Mitigation. Power Systems Conference and Exposition. PSCE 2009. IEES/PES.
Mills, Elinor. (April 10, 2009). "Just how vulnerable is the electrical grid?" CNET News. Retrieved on October 18, 2012 from, http://news.cnet.com/8301-1009_3-10216702-83.html.
Springfield Networks. (2012). White Paper on the Smart Grid Security, Myths Versus Reality. Retrieved on October 19, 2012 from, https://docs.google.com/viewer?a=v&q=cache:LzVzrMi8z5UJ:www.silverspringnet.com/pdfs/whitepapers/SilverSpring-Whitepaper-SmartGridSecurity-MythsReality.pdf+%EF%83%98+Operations+and+Control+of+smart+grid+security+system&hl=tl&gl=ph&pid=bl&srcid=ADGEESha-yT__KLOObNcBHbFNDj7We0p3rHUuJyiFFgvlTWqpF2i46_7b8tp-0gnfw9_4Nrzr2VwD81Mqnl6-CohZNhP700FH_VcnqyXGozlZGSVCCsh-ToRyhJDsN1rpQeaoyAlxWxB&sig=AHIEtbQGZQ5tnIX5FqyqFkRbYbLOnUskfA.
Study of Security Attributes of Smart Grid Systems – Current Cyber Security Issues. (April 2009). U.S. Department of Energy, Office of Electricity Delivery and Energy Reliability. Retrieved on October 18, 2012 from, https://docs.google.com/viewer?a=v&q=cache:wqtdg3Fim8YJ:www.inl.gov/scada/publications/d/securing_the_smart_grid_current_issues.pdf+security+issue+sin+the+smart+grid+systems+%2B+substation+security&hl=tl&gl=ph&pid=bl&srcid=ADGEESgjyQneJAjdh8HjuPVzGv2yLdxKI8n-hvEOoQbJ8ZeukziVbmr-TUJvS8Ik8OZMoy_NYY8ZXikm6anCvAklbmzu1B7mf3Qq2U_taQGXTdcifLeIN6zYLARjHF_H1n9N9uitqg8b&sig=AHIEtbReBWn7KSm7FQkuagNE7VZzdSfq7A.
Ullo, S. (2010). The role of pervasive and cooperative Sensor Networks in Smart Grids communication. MELECON 2010 - 2010 15th IEEE Mediterranean Electrotechnical Conference. Retrieved on October 18, 2012 from, http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=5476236&url=http%3A%2F%2Fieeexplore.ieee.org%2Fiel5%2F5470286%2F5475895%2F05476236.pdf%3Farnumber%3D5476236.
U.S. Department of Energy Website. (2012). Smart Grid. Office of Electricity Delivery & Energy Reliability. Retrieved on October 19, 2012 from, http://energy.gov/oe/technology-development/smart-grid.
Vijayan, Jaikumar. (September 29, 2009). Report highlights Smart Grid security vulnerabilities." Computer World . Retrieved on October 18, 2012 from, http://www.computerworld.com/s/article/9138677/Report_highlights_Smart_Grid_security_vulnerabilities.
“What is the Smart Grid?” (2012). SmartGrid.Gov Website. U.S. Department of Energy. Retrieved on October 18, 2012 from, http://www.smartgrid.gov/the_smart_grid#smart_grid.