Wanted: An Integrated Approach to Cybersecurity and Physical Resiliency

Imagine a major electric utility grid, circa 2035. After two decades of increasing deployment of distributed energy resources (DERs) – including microgrids, commercial and residential rooftop solar, and battery energy storage systems – the grid is highly complex. Automated, decentralized control-and-command systems help regulate the wide variety of energy sources, informed by a vast amount of real-time data from smart meters, advanced electric grid equipment and intelligent devices in industrial, commercial and residential settings. It’s a smarter, cleaner and more efficient system – just as many stakeholders in the energy industry envisioned and worked diligently to achieve.

But then imagine this: a lone cyber attacker with stolen IT (Information Technology) and ICS (Incident Command System) passwords hacks into the grid’s automated control systems. Once in, they open breakers, install malicious software to break communications between centralized control centers and substations and use automated phone calls to disrupt service at customer service call centers (a telephone denial of service attack). To then multiply the impact, they lock operators out of human-machine interface systems and destroy critical system data using wiper software.

Sound far-fetched? In fact, the above scenario has already happened. In 2015, a cyber attack in Ukraine using similar tactics caused more than 200,000 customers to lose power for almost six hours. In some areas, automated control systems were not restored for more than a year.

Solutions Exist, But Grid Architecture Needs Improvement
Many experts think the threat of similar attacks is increasing and has been so far mostly overlooked. While the U.S. hasn’t yet experienced a major power failure resulting from a cyber attack, the proliferation of DERs, grid sensors, and grid-connected devices makes for a vastly more complicated environment – and creates more access points and therefore opportunities for disruptions resulting from cyber attacks.

On the bright side, solutions exist that could have prevented the Ukrainian takedown, and will help mitigate the risk of similar and even more sophisticated cyber attacks on U.S. power grids.

The transition to a smart grid is focused on overcoming challenges such as interoperability and reform of utility revenue models. However, the utility industry will also need a fundamental redesign of basic grid architecture to ensure resilience. A system that relies heavily on smart devices and meters, accurate digital data, and automation is increasingly vulnerable to cyber attacks that disrupt operations. Therefore, cybersecurity needs to extend from data protection of software and communications to the devices that generate and use these data. In short, cybersecurity will soon be indistinguishable from physical security – an emerging trend called cyber-physical convergence.

Urgent Need for CPR
Cyber-Physical Resiliency (CPR), a term coined by experts to describe the element missing from most smart grid planning discussions, will require strong protections against cyber attacks as well as redundancies to ensure continued operation in the event of a cyber or physical event. By constructing modern grid architecture with CPR in mind, engineers can prioritize capabilities that are needed most for application of CPR techniques — including redundancy, transience, dynamic reconfiguration and quick restoration should a breach occur.

A Cyber-Physical Resiliency Task Force convened by the Smart Electric Power Alliance (SEPA), and consisting of experts from across the sector has been working to raise awareness of the issue. The task force created an accessible catalog of publications and documents that address CPR and is supplementing existing documents to include CPR elements.

“We deliberately included both Cyber and Physical in our scope,” said Task Force Chair Dr. Elizabeth Sisley, CEO/Founder of Calm Sunrise Consulting. “Cyber Resiliency of course refers to the cybersecurity goals of modern systems, while Physical Resiliency references traditional engineering and architecture goals. These traditional techniques include redundancy; failover, or quick restart; reconfiguration; and grid hardening techniques — with the goal of minimizing disruption to a system’s functionality.”

“Grid hardening includes techniques such as upgrading wood poles to corrosion-resistant metal, burying power lines, and upgrading from wood to composite cross-arms,” said Task Force member Ron Cunningham, IT Enterprise Architect at American Electric Power.

While potential solutions exist to most envisioned CPR threats, the challenge is overcoming the lack of coordination between professionals working in cybersecurity, and those dealing with physical and operational systems. And while many policymakers are setting admirably ambitious targets for carbon reduction, the smart grid they envision requires a redesigned architecture to ensure cyber-physical resilience.

“This is looked upon as way down the line, but it’s not,” said Task Force member Larisa Dobriansky, Chief Business & Policy Innovation Officer for General Microgrids. She noted that “integrating renewable and distributed energy resources into the grid using smart technologies that fuse power, control and information necessitates evolving a new grid operating system and materially changing the nature of utility investments from the legacy business model.”

Building on NIST Resources
The Task Force is taking a two-phased approach to its work. First, members published a Catalog of Resiliency Best Practices, a living document that brings together relevant CPR publications and documents in one searchable spreadsheet.

Second, the Task Force is developing a supplement to the National Institute of Standards and Technology Interagency Report (NISTIR) 7628r1. The SEPA document will map best practices in cyber-physical resiliency to the cybersecurity controls in NISTIR 7628r1, and will draw upon the aforementioned Task Force’s initial catalog of best practices. It will also rely significantly on the recent NIST publication, “Developing Cyber Resilient Systems: A Systems Security Engineering Approach Special Publication 800-160 volume 2.”

“We are identifying and adding cyber resiliency controls that supplement what’s in the NISTIR in terms of cybersecurity controls,” said Task Force member Dr. Michael Cohen, Principal Critical Infrastructure Systems Engineer at MITRE, and Vice Chair of the CPR Task Force. “By providing the power grid, smart grid, and microgrids with the ability to withstand cybersecurity compromises and attacks, cyber resiliency helps to keep the lights on and the revenue coffers full.”

By identifying CPR protections with existing cybersecurity controls used by grid operators, Task Force members hope to foster development of a smart grid that can avoid failure or recover quickly if a cyber attack succeeds. However, cybersecurity threats are on the rise, according to a recent GAO (U.S. Government Accountability Office) report, and no system is 100% risk-free.

“We recognize that cyber attacks will occur and systems are not perfect, so we are seeking a system design that can bounce back quickly, or continuing to deliver power with temporarily reduced power services,” explained Dr. Kennech Wacks, Task Force member and chair of the SEPA Customer Grid Edge Working Group.