Is your smart grid secured?

July 01, 2016 // By Patrick Le Fèvre
Involved in early days projects to add communication and intelligence to power supplies, which became the so called “Digital Power” I have been frequently asked about software security and how the power supplies industry was prepared to address such issues.

If it is for sure, there is very little risk a hacker reaches a single Digital-POL at board level, the risk increases exponentially as we move upward in the value chain and, in that chain, the Smart Grid is probably the highest and the most exposed to attacks. At a time when the number of renewable power sources is growing, smart meters are being deployed and many others are being connected to the Smart Grid, what is the situation in terms of security? Are we safe?

 

Risk escalation

From 2007, when the US government demonstrated, in the Aurora Generator Test, that with only 21 lines of codes hackers could take control of a power plant and physically destroy a generator; to April 2016 when a water and electricity authority in the State of Michigan, after being victim of a ransomware attack was forced to keep IT systems locked down for a week, the number of cases reported to security authorities is rapidly increasing.

The Florida International University estimated that, during the first six months of 2015, more than100 cyber incidents have affected infrastructure in the US and the energy sector had the largest number of attacks. Cyber-attacks toward Smart Grid is a global threat and all countries are exposed to high risk, motivating power experts and networks managers to consider a global response and methodology to prevent any damages.

February 2016, the US Department of Homeland Security (DHS) issued an alert (IR-ALERT-H-16-056-01), reporting on a case that happened on December 2015 in Ukraine, raising the information to a high level of attention to Smart Grid Operators, motivating them to accelerate protection mechanisms and to develop preventive actions policies.

The Ukrainian case combined multiple elements in the attack, including physical sabotage though the sophistication of the part related to the cyber-attack reached a new level of intrusion, motivating the Smart Grid community to strengthen cooperation and efforts to accelerate sustainable security within the Smart Grid.