Blog written in collaboration with Felix Kottmann, postdoc researcher under the Future Resilient Systems programme, Singapore-ETH Centre.
The electrical grid is a system that transmits power, often over long distances, generated from a diverse range of generation systems and distributes it to end users. It serves as the lifeblood of cities, communities, industrial facilities, schools, and homes, delivering uninterrupted electricity every minute, every day, throughout the year.
Over the past century, there have been significant changes to how the electrical grid is built and operates to meet its goal of providing reliable and affordable electricity. This includes industry-specific trends such as the shift from centralized power generation to distributed renewable energy sources, liberalization of power markets, and an overall macro trend towards digitalization of systems and communication infrastructure.
To master this transition, the communication infrastructure within the electrical grid system has become central to ensuring its reliable operation and power supply to society. However, the transition also brought some network security and reliability challenges.
Because of this, understanding and addressing electrical grid network vulnerabilities in its communication systems is a priority for organizations working to protect our power supply. Finally, that’s what makes the electrical grid a critical infrastructure that can benefit from SCION.
Network communication vulnerabilities in the electrical grid today
The energy sector is the fourth most attacked industry, targeted with an estimated 10.7% of all cyberattacks with a high share of network-related attacks. Network-related attacks are primarily:
- Routing attacks that involve manipulating or altering the paths that data take within the grid's communication network - these attacks may include Denial-of-Service (DoS) attacks, Distributed Denial-of-Service (DDoS) attacks, packet injection attacks, route manipulation attacks, traffic analysis attacks, eavesdropping attacks, spoofing attacks, and Man-in-the-Middle (MitM) attacks. All of them aim to get access to your data or disrupt your operations.
- BGP hijacking happens when attackers maliciously reroute Internet traffic, similar to someone changing out all the signs on a section of the highway and rerouting traffic onto the wrong exits. This is the risk for the data in communication systems on the electric grid.
These attacks can occur at any time throughout the value chain: generation, transmission, and distribution.
However, some key communication systems in the electric grid value chain require a higher network security protection – which, if not fulfilled, can cause an interruption in the supply of power, thus leading to a society halt.
Communication in operations
Due to the liberalization of power markets, generation, transmission, and distribution are served by different companies. Each domain has to maintain its own communication systems and structures. Most companies maintain two dedicated communication networks: Enterprise and process control networks (PCN).
The enterprise network serves daily corporate functions and related internet applications. The PCN is a usually physically separated process network that connects the Supervisory Control and Data Acquisition (SCADA) equipment of all physical components, such as substations or generators. It builds the heart of operations and serves for controlling, monitoring, and analyzing data from industrial equipment.
The rise of SCADA systems resulted from the automation of energy systems because this technology provides the tools and capabilities to effectively monitor, control, and manage the complex and distributed nature of electrical grid components.
In substations, SCADA systems control the many devices and systems, such as switches and breakers, through automation realized via programmable logic controllers. Further, they monitor system frequency, voltage and current levels, and the overall health of substation equipment. This automation is significant as it allows for rapid responses to changes in the grid, enhancing safety and operational efficiency.
In control rooms, the SCADA system is connected to a human-machine interface (HMI) via the PCN and takes a critical role in managing the grid's entire operation. This way, data from substations and power plants is monitored and used as feedback for the daily schedules that specify the supply and demand of power across the grid.
Likewise, it is crucial to coordinate remedial actions in the case of contingencies. For instance, if a power line fails, the SCADA system can accelerate those remedial actions to quickly provide power via alternative transmission lines to ensure minimal disruption. This is achieved by enabling operators to enhance the visibility beyond the grid components under their jurisdiction and to coordinate with other parties to remotely access breakers or generation to maintain grid stability.
As PCNs with their SCADA systems have often been individually developed over several decades by specific companies, little attention has been paid to their cybersecurity due to their physical separation.
However, with the move to digitization and integration with the power market, enterprise networks and PCNs are not physically separated anymore, with their (often unknown) boundaries being a major vulnerability. Attackers that attempt to compromise the enterprise network might gain access to the unsecured PCN.
For those interfaces between the PCN and enterprise network (and therefore the internet), as used for remote operation, vulnerabilities must be protected to avoid attacks on those potentially critical operations.
Communication in power markets
Before the liberalization of power markets, single entities controlled the entire value chain of the electric grid. Today, however, multiple players own and operate different parts of the value chain at different levels.
In today’s liberalized power markets, which encompass the trading of financial futures, physically delivered spot contracts, and the tendering for ancillary services, communication security poses significant challenges. This is primarily due to the market's reliance on internet-based communication among its numerous participants. As a result, the vulnerabilities associated with communication in a multi-player environment are particularly pronounced within the power sector.
Settlement of physically delivered spot contracts leads to the creation of schedules. These schedules require generation system operators to supply the power they have sold within specific time windows, while consumers are obligated to consume the power they have purchased. Based on these schedules, transmission and distribution system operators plan ahead to ensure their systems can accommodate the resulting power flow.
The Continental-European grid is connected within one synchronous area, where the frequency is standardized at 50Hz. Maintaining the system frequency at 50Hz by balancing supply and demand is crucial, as deviations could trigger the disconnection of loads, generation systems, or transmission lines, which might escalate in a cascade.
There is a possibility of grid splits in the synchronous grid, along with controlled load shedding, commonly known as brown-outs, or uncontrolled loss of loads, referred to as black-outs. It is clear that schedules must be synchronized and exchanged with the utmost cybersecurity, as an incident in one company could have repercussions in other countries.
To ensure that the frequency is maintained upon deviations from the market-derived schedules, ancillary services are contracted by transmission grid operators. Providers of those services increase or decrease their power feed-in within given, short time horizons to keep the system frequency smooth and within range.
Overall, maintaining the grid balance through the power trading process and the ancillary services is fundamental to continuing to supply energy to society. The communication system used for these transactions must be protected at all costs from cyberattacks from third parties.
Communication in distributed energy resources
Renewable energy has empowered many companies and individuals to enter the power market as “prosumers.” For example, households can feed their excess solar energy into the grid, and companies can utilize space to install large-scale wind turbines.
Such distributed energy resources (DERs), e.g., photovoltaic (PV) cells, small wind turbines, small hydropower plants, or even the envisioned use of electric vehicles (EV), became increasingly popular in many countries due to their environmentally friendly nature and their essential role in the energy transition.
This move opened up new avenues of energy management, such as virtual power plants (VPP) that group DERs into one entity that can act on the power market, similar to a centralized generation system. With this paradigm shift, a new challenge is presented through the lack of a dedicated PCN since the DERs that are part of one VPP might be owned by a variety of owners, leaving only the internet as a communication system. Hence, those cybersecurity challenges that already exist in conventional operations are further increased in VPPs.
Furthermore, to enable VPPs to offer the whole range of frequency-supporting ancillary services, orchestration of the participating DERs becomes crucial. Since all of the underlying communication and data management might occur over the Internet, these systems are vulnerable to cyberattacks and security breaches. Additionally, with the current best-effort-traffic of the internet, ancillary services provided by VPPs are behind their full potential.
The rise of electric vehicles also ties into this narrative. EVs can act as mobile energy storage units that can feed into the grid during peak demand and recharge during off-peak periods, making them potentially valuable assets to VPPs and the grid stability. But, as with other DERs, the control and coordination of EVs open up additional cybersecurity concerns that need to be managed.
SCION, a solution for electric grid network security
The SCION (Scalability, Control, and Isolation on Next-Generation Networks) architecture marks a significant advancement in network security. It provides unique features that directly address the challenges faced by electric grid networks.
Path Control |
In SCION, the source of a packet chooses the path, allowing it to avoid potentially compromised parts of the network. This addresses targeted cyberattacks in exchanging crucial information such as schedules and the remote operation of the SCADA equipment. SCION has also highly reliable network infrastructure, enabling seamless communication among organizations. Specifically, the multipath feature of SCION, coupled with instant failover, ensures unparalleled reliability in case of any communication path issues. The utmost reliability of SCION lies in its ability to facilitate uninterrupted and efficient connectivity between entities. |
Isolation Domains |
SCION's isolation domains ensure that failure or compromise in one part of the network does not affect the rest. This directly addresses the coordination challenges and interconnected weaknesses inherent in the current grid structure, particularly with the ongoing deployment of DERs. |
Explicit Trust |
The SCION architecture only allows traffic from explicitly trusted entities, preventing unauthorized access and potential attacks. This feature counteracts the security vulnerabilities present in all market-related activities, the exchange of operations-related information, and the coordination within VPPs. |
Conclusion
As power grids become increasingly interconnected and dependent on digital technologies, the potential impact and frequency of network-related attacks will likely increase.
In conclusion, the electric grid’s communication systems are confronted with plenty of cybersecurity challenges, from the complexity of modern power grids, an international power market, and the rise of decentralized generation to digitalization.
These challenges underscore the importance of a holistic approach to security that combines technical advancements and collaboration. Secure communication protocols, intrusion detection systems, and network security are all critical components of a robust security posture.
As we look to the future of electric grid cybersecurity, exciting developments are on the horizon. For instance, Anapaya's recent partnership with the Association of Swiss Electricity Companies (Verband Schweizerischer Elektrizitätsunternehmen VSE) signifies a proactive step towards grid security.
Using the Secure Swiss Energy Network (SSEN), a visionary project aimed at enhancing the resilience of the Swiss energy infrastructure, Anapaya's solutions will form the foundation for a more reliable and safe energy network.
To learn more about how Anapaya is helping secure the power grid and ensure the safety of critical infrastructure, visit our website or contact us today.