Cyber Security

How cyber security is a threat to smart grid?

Investing in strong cyber security measures is crucial for any digitally stored data. When it
comes to smart grids, however, the stakes are even higher since unsanctioned access could cause
disruption in energy supply networks, which could result in power outages and other
damages.

Seven domains of smart grid

The National Institute of Standards and Technology (NIST) Smart Grid Conceptual Model
provides a high-level framework for the smart grid that defines seven important domains:

● Bulk Generation,
● Transmission,
● Distribution,
● Customers,
● Operations,
● Markets and
● Service Providers.

Five types of cyber security

● Application Security. Application security refers to the measures taken to protect
software applications from malicious attacks and data theft. ...
● Network Security. ...
● Cloud Security. ...
● Critical infrastructure security. ...
● Internet of Things (IoT) Security. ...
● Build your cyber security strategy with Office Solutions IT.

Key Encryption

1
There are two main types of encryption: symmetric and asymmetric. They are
distinguished by the number of keys they use.

Symmetric encryption
Secret key encryption, also known as symmetric encryption, uses a single key to
encrypt and decrypt data. This type of encryption is symmetric because the same key
is used to encrypt plain text into cipher text and decrypt that ciphertext back into
plaintext.

Asymmetric encryption
Public key cryptography, also referred to as asymmetric cryptography, uses public key
pairs. One of the paired keys is public, and the other is private. Each of these keys can
transform plaintext into encrypted cipher text - but ciphertext encrypted with one of
the keys can only be decrypted with the other key.

When the public key is used to encrypt ciphertext, that text can only be decrypted using
the private key. This enables anyone with access to the public key to encrypt a
plaintext message, which only the private key holder will be able to decrypt. This is
how private messages can be sent without exchanging a shared secret key.

2
Authentication
Three types of authentication in cyber security
There are three basic types of authentication.
● The first is knowledge-based — something like a password or PIN code that only the identified
user would know.
● The second is property-based, meaning the user possesses an access card, key, key fob or
authorized device unique to them.
● The third is biologically based.
The five main authentication factor categories are
● knowledge factors,
● possession factors,
● inherence factors,
● location factors,
● and behavior factors.

Authentication technology provides access control for systems by checking to see if a user's
credentials match the credentials in a database of authorized users or in a data authentication
server. In doing this, authentication assures secure systems, secure processes and enterprise
information security.

Four general forms of authentication

The most common authentication methods are
● Password Authentication Protocol (PAP),
● Authentication Token,
● Symmetric-Key Authentication, and
● Biometric Authentication.

Source ( IIT- Kanpur): http://iitk.ac.in/npsc/Papers/NPSC2016/1570293178.pdf

CYBER SECURITY THREATS IN SMART GRID

1) Generation System:

3
● The numerical relays in the generation plants adopt Ethernet based IEC 61850 for
information exchange. An adversary may launch a DoS attack causing the relay to mal operate
during the fault conditions or may even alter the relay settings causing inadvertent tripping of relays.
For example, if an attacker successfully delays the transmission of message in case of trip protection
in generating stations then it can cause serious damage to the power equipment.
● Various local control loops including that of speed control, valve control and AVR are linked
with plant control center through Ethernet. If an adversary manages to find security holes then it can
easily gain access inside the local area network (LAN) and plant a Trojan or get a backdoor entry
● The generation plants are monitored and controlled by the SCADA system. Legacy SCADA still
uses hardcoded passwords, ladder logic and lack authentication.
● RTUs and PLCs in power plants generally use MODBUS or DNP3 protocols for communication
purpose. The MODBUS protocol does not provide security against unauthorized entry. DNP3
protocol also does not employ encryption, authentication and authorization. So an attacker with
network access can easily fabricate the messages.
2) Transmission System:
● HVDC power lines are becoming paramount mode for bulk energy transfer. The present cyber
security infrastructure at HVDC links are substandard with no authorization and access
control features put into their SCADA network.
● Modern FACTS devices uses high speed communication link to exchange information with each
other during operation–hence increasing the vulnerabilities in the system
3) Distribution System:
Cyber Security concerns with AMI
AMI faces three primary threats: customer attacks, insider attacks, and terrorist or nation-state
attacks. These threats could cause cyber effects such as loss of integrity and availability to the
AMI system or to the bulk electric grid controls. System impacts range from increased peak
usage up to widespread outages.

● A conventional meter can be modified by reversing the internal usage counter or can be
manipulated to control the calculation of electric flow.
● If an adversary manages to send false data packets to inject negative pricing in the system then it
will result in power shortages at the targeted area causing loss of revenue to the utility company.
● Networking and communication within the AMI infrastructure will rely on technologies like
WLAN, ZigBee, Wireless Local Area Networks (WLANs) do not provide authorization
mechanisms.

High-level cyber security objectives and specific security requirements

4
Mitigation approaches: Risk evaluation and Attenuation process

5
Risk Inspection and Attenuation
Risk is the potential for an unwanted outcome resulting from internal or external factors, as
determined from the likelihood of occurrence and the associated consequences. Simply risk may
be defined as the union of likelihood of an attack, possible actions that an adversary may pursue
and its consequent outcomes.
Risk = Likelihood of Attack × Possible Actions × Consequent Outcomes

’
Cyber security standards in smart grid
(Source: https://www.sciencedirect.com/science/article/abs/pii/S1874548216301421
This initial set of 16 interoperability standards, published in 2009, has since grown to more than
200. These standards address smart meters, distributed generation components, communications,
and cyber security. The growth in the number of standards has coincided with the proliferation of
grid-integrated technologies.

Standards on cyber security assessment of smart grid

IEC TS 62351-1 defines security assessment as “a circular process of assessing assets for their
security requirements, based on probable risks of attack, liability related to successful attacks,
and costs for ameliorating the risks and liabilities.”

Conclusions
The study shows that a smart grid standard on cyber security assessments has not been specified
so far. Cyber security related standards for smart grid address the issue to various extent and in
different ways.

Load altering attacks

6
A load altering attack (LAA) is a cyber-physical attack against demand response and demand
side management programs. It attempts to control and change certain unsecured controllable
loads in order to damage the grid through circuit overflow or other adverse effects.
Further Study.
https://www.aimspress.com/article/doi/10.3934/electreng.2021002?viewType=HTML

Common security risks in Smart Grids

Phishing
Denial-of-Service
Malware spreading
Eavesdropping and traffic analysis

Trojan horse malware Black Energy

Stuxnet -A malicious computer worm, known as the Stuxnet, targeted the Supervisory Control
and Data Acquisition (SCADA).
Proposed security solutions for Smart Grids

● Encryption
● Authentication
● Malware Protection
● Network Security
● Remote access VPN
● IDS & IPS ( Network Intrusion Detection (NDS), Network Prevention System (NPS)
● Site-to-site VPN
● Risk and Maturity Asssements