A holistic approach to security recognizes a range of threats and that protective systems must integrate both physical and cyber security solutions. But even then, best practices need to evolve and incorporate a dynamic approach to systems, solutions and processes.
THE INCREASING CONNECTIVITY OF SUBSTATIONS in electrical grids has been both a boon and a challenge for network managers. Positive results include greater efficiency, responsiveness and integration. The downside has been an increase in the complexity of protecting the information network, given that greater connectivity also means greater vulnerability.
Meeting this challenge requires a holistic approach to security that recognizes the wide range in types of breaches, acknowledges that no solution can create 100 percent protection and integrates physical and cyber security solutions.
Networks in electrical substations now need to include the latest technology for physical and cyber security.
How has the landscape changed?
Electrical substations were once islands where the security of the network was less of a priority than safety, reliability and ease-of-use. This isolation is no longer the case and networks in electrical substations are most likely to include one or more of the following:
- Commercial off-the-shelf technology
- Ethernet and TCP/IP-based protocols
- Open IEC60870-5-04 and IEC61850
- Integration of legacy industrial protocols (DNP3) and Modbus TCP
- Remote connections
- Interconnection with company IT systems
- Use of public networks
Interconnected with systems across entire countries, networks are more prone to mistakes and failures. Protecting these networks requires robust cybersecurity policies designed first to prevent denial of service (DoS) attacks.
Preventing DoS attacks is prioritized based on the critical role that the network plays in the operation of high and medium voltage grids and the reality that a DoS attack may lead to service disruption and financial losses. Other objectives include protecting confidentiality and ensuring information integrity by preventing unauthorized modification or theft of information.
Five levels of security
Cybersecurity requires network managers to continuously evaluate conditions and threat sources to ensure that systems and policies remain current and effective. To manage this iterative process, it′s helpful to understand the differences between risks, threats and vulnerabilities:
- A risk is the likelihood that something will happen to cause harm to an information asset, including loss.
- A vulnerability is a weakness that could be used to endanger or cause harm to an information asset.
- A threat is anything (caused by nature or man-made) that has the potential to cause harm to an information asset.
Protecting against these various hazards requires a multi-layered approach to cybersecurity designed to protect and mitigate from harm in the event of a breach. There are five layers of security for optimizing protection and threat mitigation:
1. Preventive security: Intended to prevent incidents from occurring and reduce the number and type of risks and vulnerabilities. Methods include strong password policies and preventing external USB devices from accessing open ports.
2. Network design security: Minimizes vulnerabilities and isolates them so an attack doesn′t affect other parts of the network. A "zones and conduits" model can help limit the number of connections between network zones, lowering the risk of an attack spreading across the network.
3. Active security: Includes measures and devices that block traffic or operations that are not allowed, or expected, on a network. Examples include encryption, protocol-specific deep packet inspection, Layer 3 firewalls and antivirus use.
4. Detective security: Identifies an incident in progress or after it occurs by evaluating activity registers and logs, including log file analysis and intrusion detection system monitoring.
5. Corrective security: Aims to limit the extent of any damage caused by an incident, such as configuration parameter backup policy and firewall and antivirus updates.
Best practices for cybersecurity
Grounded now in the types of hazards, and the types of security and network solutions that can protect and mitigate threats, operators can design security strategies that go far beyond single point of defense solutions.
The Defense in Depth model is based on multiple, overlapping layers of protection for critical infrastructure. Defining policies and procedures based on an integrated view of physical, network, computer and device security, Defense in Depth is the best way to manage both external and internal threats.
The model draws on three concepts to ensure fast detection, isolation and control, limiting the impact of an error or breach, regardless of where or how it happens on the network:
1. Multiple layers of defense: If one is bypassed, another layer provides defense.
2. Differentiated layers of defense: If an attacker finds a way past the first layer, they can′t get past all the subsequent defenses, since each layer is slightly different than the one before it.
3. Threat-specific layers of defense: Designed for specific risks and vulnerabilities, these solutions defend against a variety of security threats the electric power system is exposed to, such as computer malware, angry employees, denial of service (DoS) attacks and information theft.
By building multiple layers of security protocols, any system failure or breach can be contained to limit damage.
As part of a multi-layered Defense in Depth model, physical and cybersecurity should be used together to create more robust protection for critical infrastructure. Physical protection systems include card readers at critical assets, such as transformer cabinets and control rooms, and security cameras that monitor access.
A systematic approach to network security should include the following elements:
- Routers and firewalls between the corporate backbone and substation network.
- Stateful or Deep Packet Inspection.
- Clearly demarcated zones between the operational and telecom network.
When physical security is combined with layers of network security, utility operators gain a coordinated monitoring system for the protection of both physical and cyber assets.
The electrical grid including substations and feeders is an increasingly attractive target for hackers. The potential for losses due to breaches, whether malicious or accidental, is significant and makes the mandate for a rigorous integrated cybersecurity strategy all the more compelling.
Vigilance is key
Implementing these changes from the historical approach to security may seem like a daunting task, but utility operators can manage the process with a few tenets. First, prioritize to ensure that mission-critical systems are secure. Second, create a culture of security with information and education. Third, keep risk assessments current. Finally, do not be tempted to deploy a one-size fits all solution; the threats, risks and objectives are varied, so the solutions must be as well.
Cybersecurity threats will evolve over time, making it essential that those charged with managing the protection systems continuously evaluate systems and processes. Answering a few questions can ensure that, as the landscape for threats evolves, so do the best practices:
- Do we know the topology protocols and type of traffic on the network?
- Do we know how and where components are connected, so we′re allowing necessary conduits for traffic and can establish effective security zones?
- Do we require that any new device connected to the network be validated by an administrator and trigger a review of all documentation?
- How frequently do we change network passwords?
- Are we staying current with upgrades?
Ideally, network managers would be able to guarantee 100 percent protection, but the reality is that level of protection is simply not possible. Whether intentional and malicious or accidental, breaches will happen and so the objective must be to limit their effect on the system.
By building multiple layers of security protocols, any system failure or breach can be contained, making it easier to control efficiently and limit damage. Most importantly, the Defense in Depth model for cybersecurity protection ensures that in spite of any breach, the remaining portion of the system remains safe and high-performing.
Germán Fernández is global vertical marketing manager, Power Transmission and Distribution for Belden.