Security Challenges to Power Grid and Smart

Grid Infrastructures

P.K.AgarwalAdditional General Manager

Power System Operation Corporation Ltd.New Delhi, India

Outline

• Why security of power grid and smart grid

infrastructure is important

• Security in the context of power grid and smart

grid.

• Operational Security

• Physical Security

• Cyber Security

• Challenges & Way forward

8th

No

v 2

01

3

2

Some Facts•US Blackouts

• During the past two decades, blackouts have increased 124 percent -- up from 41between 1991 and 1995, to 92 between 2001 and 2005, according to research at the University of Minnesota

• In the most recently analyzed data available, utilities reported 36 such outages in 2006 alone

Source -

8th

No

v 2

01

3

3

Increasing Cyber Security Incidences

8th

No

v 2

01

3

4

In Indian context……….

8th

No

v 2

01

3

5

8th

No

v 2

01

3

6

Power Grid

• Electrical grid is a man made miracle.

• Largest machine ever made.

• Managed by mutual co operation.

• Fulfills diverse requirements of

• System Operation

• Market Operation

• A Critical infrastructure of a Nation.

8th

No

v 2

01

3

7

Vast Size – Widely Spread

• Generating Stations - More than 450

• Generators - More than 1400

• Substations - More than 2000

• Circuit Kms of line - More than 270,000

• MW capacity - More than 220 GW

• Transformation Capacity - More than 480,000

• Nos of stakeholders - More than 160

8th

No

v 2

01

3

8

Smart grid

• Most significant upgrade to power grid in the last 100 years.

• Most flexible and transparent by the use of ICT.

• Has additonal new functionalities

• Self-healing.

• Motivates and includes consumers(Demand-0response).

• Accomodates all generation and storage options.

• Enables Electricity Markets.

• Optimize asset allocation and operational efficiently

8th

No

v 2

01

3

9

High Penetration

• DISCOMs – 43

• Utilities – 163

• Traders – 44

• power exchanges – 2

• OA applications - 32000 per year

• OA consumers - More than 2100

8th

No

v 2

01

3

10

Indian Smart Grid Pilot Projects

8th

No

v 2

01

3

11

MoP has approved 14 smart grid pilots for execution

Functionalities being opted:

• AMI for Residential, Commercial and Industrial

• Peak Load Management• Outage Management• Power Quality• Renewable Integration• Micro Grids• Distributed Generation

Source – Desi Smart Grid

Smart Grid Pilot by POWERGRID

8th

No

v 2

01

3

12

Source – Power Grid Corporation

Smart Grid Functions Implemented

• Advanced Metering Infrastructure (AMI)

• Virtual Demand Response (DR)

• Street Light Automation

• Outage Management System (OMS)

• Net-Metering by Renewable Integration

• Power Quality Management

• Smart Home

• Micro Grid Controller

• Electric Vehicle

8th

No

v 2

01

3

13

Security of Power Grid and Smart Grid

• Traditionally security to power system means – to withstand unexpected disturbances

• Such as short circuit

• Loss of a power system component such as Transmission line

• In today’s world secuirty focus has expanded to include

• disturbances due to overloading or unexpected causes

• Physical attacks or

• Cyber attacks

8th

No

v 2

01

3

14

Security….

GRID

Network

Data

Hardware

Premise

Software

CommunicationA

vaila

bili

ty

8th

No

v 2

01

3

15

Different Perspective…….

Business

ConfidentialityIntegrity

Availability

AvailabilityIntegrity

Confidentiality

Power Grid

IntegrityConfidentiality

Availability

Smart Grid

8th

No

v 2

01

3

16

Security of Power Grid/Smart Grid

• Operational Security

• Physical Security

• Cyber Security

8th

No

v 2

01

3

17

Operational Security

• THE DEGREE OF RISK POWER SYSTEM’S ABILITY TO SURVIVE DISTURBANCES

(CONTINGENCIES) WITHOUT INTERRUPTION.

• Robustness of the system to disturbances.

• Depends on the system operating condition

• Depends on the contingent probability of disturbances.

8th

No

v 2

01

3

18

Ensuring Operational Security

• Real time monitoring of transmission line flows - they are not overloaded.

• Contingency analysis – a “What if analysis” of grid situations – ensuring that system is secure .

• Corrective preventative action - so that if contingencies occur - do not create a system breakdown.

• The contingency analysis is repeated periodically.

• Load and generation balance - frequency stability – keep it between permissible band (49.7 – 50.2 Hz)

• Inter regional transfers monitoring.

• Monitoring status of all - any mal-function the operator is alerted through alarms.

8th

No

v 2

01

3

19

Synchrophasor technology…

• use monitoring devices called phasor measurement units (PMUs) using GPS

• measures the instantaneous voltage, current, and frequency at specific locations in an electric power transmission system (or grid)

• Has high sampling rate 20 or more times per electrical cycle which is 1200 or more times per second.

• converts the measured parameters into phasor values, typically 25 or more values per second.

• adds a precise time stamp using GPS to these phasor values turning them into synchrophasors.

• The resulting high speed data• Enables transmission grid operators to have a high resolution “picure”

of conditions throught the grid.( Situational Awareness)

8th

No

v 2

01

3

20

Wide Area Monitoring - Synchrophasors

8th

No

v 2

01

3

21

Enhanced Situational Awareness to Monitor Health of the Grid

Grid Stress Phase Angular Separation

Grid Robustness Damping Status and Trend(s)

Oscillations Sustained Low Frequency oscillation

Frequency Instability Frequency Variation Across

Interconnection

Voltage Stability Low Voltage Zones / Voltage Sensitivities

Angular Stability Power-angle Sensitivities, stability

Margin (s) “How far from the threshold value?”

PMUs Deployment in India

8th

No

v 2

01

3

22

New tools – increased visibility

• The PMU in power grid and advance metering infrastructure in smart grid - provide “MRI” capability compared to the “x-ray” quality available from SCADA technology.

• Significantly increased situational awareness -fine-grained command and control.

• Digital information technology allows close interaction of the transmission and distribution grid.

8th

No

v 2

01

3

23

The Biggest Myth!!

● “We are secure because we are isolated from the Internet

and other networks”.

● After Stuxnet in Iran ....

● Myth gone haywire….

● Its only a matter of time!!

– Social Engineering => Sneakernet

– Cyber breach will not effect us as we are not controlling

from remote.

8th

No

v 2

01

3

24

• TODAY’S ELECTRIC UTILITY…..

• relies increasingly on digital electronic devices and communications for

• to optimize system operation

• and increase reliability,

• More automation and two way communication means –

• Increased cyber attack vector

• Inccreased attck surface

• Cybersecurity remains a constant challenge.

8th

No

v 2

01

3

25

Cyber Security a constant challenge…

What is at Risk? [Excluding Damages due to Physical Access]

● Thumb Rule: Any thing / process to which data can be

written to either through Software or Manually by User /

Administrator.

● Possible Targets:

– Relay Configurations

– Control System Settings – Changing of control parameters,

limiting values

– Erasing complete data from SCADA servers.

– Freezing values of critical line loadings.

– Denial of Service (communication to control room)

8th

No

v 2

01

3

26

• Eletrical grid is fundamentally designed with security by obscurity and isolation.

• Protocols – without in built security.

• Physical Security was the paramount concern.

• Integration of electric and information infrastructure -

• Increased attack vector and attack surface

• More automation – more vulnerabilities.

• Vulnerability weaponization - The vulnerability arms race —total disclosures in 2012 increased 19 percent from 2011

• Mobile vulnerabilities

• Web applications remain vulnerable

• Mature technologies, continued risk

8th

No

v 2

01

3

27

Many challenges….

8th

No

v 2

01

3

28

Understanding Security Exposures…

8th

No

v 2

01

3

29

GAP…

8th

No

v 2

01

3

30

8th

No

v 2

01

3

31

8th

No

v 2

01

3

32

Physical Security…

• Power grid and Smart grid are critical infrastructure of the Nation.

• Infrastructure is wide spread.

• Almost impossible to guard each and every point.

• Synchronised coordinated operation

• Damage to one part may cause cascade damage.

• Control centers are strategic locations.

• Any risk to them may enganger thewhole infrastrucuture.

• Any unintentional mal-operation may render infrastructure in a state of grave danger.

8th

No

v 2

01

3

33

Physical Security Risks…..

• Risk impact is very high.

• Capturing of premise.

• Capturing control of control room.

• Damages to critical equipment.

8th

No

v 2

01

3

34

Mitigation…..

• Backup control centers.

• Defense in depth strategy.

• Security Guard/CCTV/Access Control.

• Zoning of premises

• Secuirty Mock Drills.

• Close cordination with local security authorities.

• Vigilant Staff.

• Security audit and certificaion.

8th

No

v 2

01

3

35

Cyber-Physical Approach to Smart Grid Security

• Physical systems operated are monitored, coordinated, controlled by a computing and communication core.

• Computing and communication capabilities will soon be embedded in all types of objects and structures in the physical environment.

• Smart grid will have more and more such embedded objects.

• Protecting critical infrastructure is vital to the health of an economy;

• one such infrastructure, the electric power transmission grid, forms one of the largest complex nterconnected networks ever built.

8th

No

v 2

01

3

36

• Tight coupling between ICT and physical system introduces new security concerns and requires a rethinking to common security approach.

• The smart grid will reach every house and building, giving potential attackers easy access to some of the grid components.

• A coordinated assessment of cyber and physical risks keeping the whole grid security goals in mind is needed.

• Bringing together cyber security and system theory is needed to address the security requirements.• Cyber attacks can cause disruptions that transcend the cyber

realm and affect the physical world –Stuxnet.

• Physical attacks can affect the cyber system - integrity of a meter can be compromised by using a shunt to bypass it

8th

No

v 2

01

3

37

Security of Cyber-Physical System

8th

No

v 2

01

3

38

Challenges to Power/Smart grid security

• Continuous availability demand.

• Time-criticality.

• Constrained computational resources on edge devices

• Large physical base.

• Wide interface between digital and analog signals.

• Social acceptance including cost effectiveness.

• User reluctance to change.

• Legacy issues

8th

No

v 2

01

3

39

Facts

• Smart Grid security is not a revolutionary concept, it is evolutionary.

• Should not pursue it as if it is a target to achieve but, rather, as a journey.

• Industry, government and academia coming together on policy innovation and standards development.

• Universities and R&D organizations collaboration for inventing technologies.

• Power grid and Smart grid is an corodinated effort. Any deficiency may give access to hackers..

8th

No

v 2

01

3

40

Facts

• Security is complex

• Security is a process and not a single product

• Security Solutions should be open to third party vendors

• Compliance approach should be the prefered method and starting point

• Security needs experienced security expertise

8th

No

v 2

01

3

41

References…..

• Cyber–Physical Security of a Smart Grid Infrastructure - By Yilin Mo, Tiffany

Hyun-Jin Kim, Kenneth Brancik, Dona Dickinson, Heejo Lee, Adrian Perrig, and Bruno Sinopoli.

• Smart Grid Security Issue – IEEE ecurity and Privacy, Januaer/Ferbuary 2010.

• Introduction SCADA Security for Managers and Operators - September 28, 29, 2006 – Idaho National Laboratory.

• Why is the Smart Grid is Target - 3o June 2012 - Symantec

• Risk Management Framework for the Power Grid Cyber-Physical Security -Riadh W. Y. Habash1*, Voicu Groza1 and Kevin Burr, - School of Electrical Engineering and Computer Science, University of Ottawa, Ottawa, Ontario, Canada. Kylowave Inc., Ottawa,

Ontario, Canada.

• A Taxonomy of Cyber Attacks on SCADA Systems - Bonnie Zhu, Anthony Joseph, Shankar Sastry, Department of Electrical Engineering and Computer Sciences, University of California at Berkeley, CA

• Desi Smart Grid Portal www.desismartgrid.com

• Website www.powergridindia.com of Power Grid Corporation of India

• https://apps.powergridindia.com/smartgrid/smartgrid_video.aspx

8th

No

v 2

01

3

42

8th

No

v 2

01

3

43