Secure Power Delivery Systems and Secure Communication

The power utility domain is facing a lot of challenges these days. There are environmental, technical, political, security-related, and market-related issues that require a new design of the whole chain of design, procurement, installation, operation and maintenance of systems that are needed to provide the needed power to the users of power.

There are tons of lists that require this and that. Take the cyber security aspect: You will find many documents that could help you to procure the right solution. One of the latest documents provides helpful text to write down the needs for “Cyber security of Power Delivery Systems”:

“Cybersecurity Procurement Language for Energy Delivery Systems”

Written by US-Experts and published last year.

Click HERE for a copy.

Many (likely most) publications on securing our infrastructure are assuming a mainly hierarchical and centralized Power Delivery and Automation Systems as described in the following (excerpt from the above document, page 1):

“Energy delivery systems comprise the following:

• The sensors and actuators used for monitoring and controlling energy delivery processes.
• The computer-based systems that analyze and store data.
• The communication pathways and networks that interconnect the various computer systems.

Cybersecurity threats, whether malicious or unintentional, pose a serious and ongoing challenge for the energy sector. Today’s highly reliable and flexible energy infrastructure depends on the ability of energy delivery systems to provide timely, accurate information to system operators and automated control over a large, dispersed network of assets and components.”

The cyber security requirements could be lowered dramatically in case we think of a more de-centralized Power System that would need a de-centralized Automation System over a small local system of assets and components – requiring a minimum of operational communication with the next hierarchy level.

It seems to be in the interest of manufacturers of network infrastructure to implement huge systems to control a large, dispersed network of assets and components. Sure: This would require a huge, secure network infrastructure – a huge and long-term business case. Cyber-Security seems to be a new support programme to the vendors of communication and automation infrastructure.

As we have experienced, more or less (intended!) simultaneous control commands to a huge number of assets could danger the stability of the power network. I guess that the risk in using a highly cyber-secure network (for monitoring and control) in a large hierarchical power system is much bigger than the risk of a “less” secure network (for monitoring and control) in small de-centralized, self-organizing power systems.

A cyber-secure network is one issue – the (physical and technical!) architecture of our future Power Delivery System is another.

Why don’t we pay more attention to distributed Power Delivery Systems that require distributed monitoring and control? Exchanging measurements, status, settings, and control commands in a huge hierarchical automation system will always be compromised by some people.

Would you trust an avalanche of measurements and status points arriving from millions of sensors communicated in a second? Would you trust that a setting going to millions of controllers will be interpreted in the same way? Or what’s about a control commands send out to ALL actuators? The un-thinkable is already a reality. It happened already last year in Bavaria and Austria.

I experienced the mis-interpretation of the power of my green laser pointer when I went through security of an international airport. My pointer has a power of “<1mW”. I was near to be arrested because the police officer was reading “one MegaWatt” … Fortunately I could help to translate “m” to “Milli”. Finally I had to check-in the pointer before I could go onboard.

I guess that one of the biggest challenges is to find an architecture of our future power delivery system that requires just a few or no measurements, status, settings, and control commands being exchanged between millions of interconnected intelligent devices and systems.

Smart grid in Denmark 2.0: IEC 61850 and CIM are crucial

The following interesting report has been published recently:

Smart grid in Denmark 2.0
IMPLEMENTATION OF THREE KEY RECOMMENDATIONS
FROM THE SMART GRID NETWORK

One of the key areas is related to information standards. The report summarizes on:

THE MOST IMPORTANT STANDARDS

Internationally, two standards for Smart Grids are singled out in particular, each including a number of part-standards and related standards. One is the IEC 61850 standard, which was originally developed for substations but which has today been developed to cover a wide range of other areas, e.g. DER units. The information model in IEC 61850 is based on the so-called Logical Nodes, whereby information can be structured in a harmonised way. The other standard is the IEC 61970 standard, which was originally developed for control centre environments, but which today, via related standards, covers a wide range of system activities in the power system, for example electricity markets. The information model in IEC 61970 is called the Common Information Model - CIM. The two information models are being harmonised with a view to defining a combined information model for the entire power system and its associated components and processes.

Click HERE for the report.

Do You Really Want to Use Your Phone for Remote Control?

Kim Zetter reported on 31 July that “Hackers Can Control Your Phone Using a
Tool That’s Already Built Into It”.

Would you like to be controlled by somebody else? Somebody you don’t know?

The report starts: “ … Two researchers have uncovered such built-in vulnerabilities in a large number of smartphones that would allow government spies and sophisticated hackers to install malicious code and take control of the device.”

Click HERE for the full report.

I hope that you are not planning to use smart phones in any critical infrastructure! Be smart! Any remote control in the energy automation could be very dangerous. Automation systems that highly depend on control commands from a central unit are in danger to be hacked or compromised by errors – independent of smart phones.

We have to thing towards more autonomous automation. Inputs to remote stations may be limited mainly to set-points that allow the algorithms in the remote units to check against the physical measurements and other information (situational awareness).