CYBER SECURITY IN SMART GRID

Prathamesh Bhandari Pranav Chitmulwar

BT17EEE062 BT17EEE061

Contents

Abstract………………………………………………………………………………….2
1. Introduction…………………………………………………………………………...2
2. Smart Grid Infrastructures……………………………………………………………3
2.1 Definition of Smart Grid…………………………………………………………….3
2.2 Ideal functionalities of smart grid…………………………………………………...4
3. Security Issues of Cyber-Physical Smart Grid………………………………………..4
4. Cyber Security Objectives and Requirements………………………………………...6
5. Cyber Securities Threats in Smart Grid……………………………………………….8
6. Protecting Smart Grid from cyber vulnerabilities…………………………………….10
6.1 Protection from equipment-wise cyber attack……………………………………….10
6.2 Protection from Protocol-wise Cyber Attack ………………………………………………………….11
6.3 Protection from Topology-wise Cyber Attacks……………………………………...12
7. Security Issues for Future Smart Grid………………………………………………...12
8. Conclusion…………………………………………………………………………….13
9. References……………………………………………………………………………..14

List of Figures
3.1 Conceptual Model of Smart Grid…………………………………………………….5
4.1: Cyber Security Objectives and Requirements……………………………………….6
6.1: A security agent-based foundation for smart grid protection………………………..11

List of Tables
4.1 Time flexibility for different smart grid applications………………………………………………..7

1
Abstract:

A smart grid is a electrical power grid which consists of a variety of energy measures and operation including

smart meters, inexhaustible energy resources, and energy efficient resources. It is used to observe and automate

many operations of grid conditions, generation and energy consumption. However, the upcoming distribution of

smart devices at different layers followed by their merging with communication networks may introduce cyber

threats. Various subsystem functioning in the smart grid which are interdependent on each other may be

unprotected and greatly reduce efficiency and reliability due to any one of the devices not responding in real

time frame, if it is affected by cyber attack. The cyber security vulnerabilities become even more evident due to

the existing outdated cyber infrastructure. Smart grid security is important to maintain reliable and stable power

system operation during the emergency due to the failure of any important power system component. Cyber

Security is integrated with the physical power system to make the smart grid happen. This paper presents the

cyber security measures that should be included in the smart grid for its protection and further development. The

requirements and the state of the art of cyber security issues of a complicated power system infrastructure are

explained elaborately.

1. Introduction: Cyber Attacks on Smart Grid

In recent years, the Smart Grid in power system has faced many challenges on the cyber related front which

have reinforced the importance of cyber security. For the future development and protection of Smart Grid

cyber security is of utmost importance. In this section we will discuss some significant issues related to cyber

security in Smart Grid.

1. Back in 2010, a computer malware ‘Stuxnet’ was found to be spreading through the Windows

operating system and then seeking out Siemens industrial software and equipment to destabilise power

system operations. Stuxnet targets SCADA systems and is believed to be responsible for causing

significant damage to Iran’s nuclear program.

2. In the year 2012, a virus infection was discovered in a turbine control system of a US power plant. A

third-party technician used a USB drive which was infected by a variant of Mariposa virus. This virus

was responsible for the downtime for the impacted systems and delayed the restart of plant by almost 3

weeks.

2
 3. In 2010, with the introduction of the new PCAnywhere 12.5, some compatibility issues with the

SCADAlarm were discovered in which when the system was attempted to access through a modem, the

SCADAlarm software was rendered useless and non-functional.

From the above instances, it can be seen that major disadvantages of the Smart Grid are related to cyber

issues. Therefore, Smart Grid Security must address the intentional attacks by cyber terrorists and industrial

espionage, unsatisfied employees and user errors. In order to prevent harm to the critical smart grid

infrastructure, anomaly detection is an integral part of identifying malicious data in the network.

2. Smart Grid Infrastructures

2.1 Definition of Smart Grid

The Smart Grid concept is advanced to make the power grid more energy efficient and intelligent. Smart grid

can be defined as a autonomous system, which allows merging of any type and any scale generation sources to

the grid that reduces the workforce targeting continuous, reliable, safe and quality electrical power to all

customers.

According to the United States Department of Energy, smart grid can be defined as: “Smart grid generally

refers to a class of technology people are using to bring utility electricity delivery systems into the 21st century,

using computer-based automations and its control from a remote server. These systems are made possible by

bidirectional communication technology and computer processing that has been used for years in other

industries. They are statrting to be used on electricity networks, from the power plants all the way to the

consumers of electricity in homes and businesses. They offer many advantages and profits to utilities and

consumers -- mostly seen in huge improvements in energy efficiency on the electric power grid and in the

energy users’ residences and offices.”

Smart Grid refers to the electric grid improved by information technology. It is improvisation of the

electricity distribution and delivery system. A smart grid differs from a existing grid in the way that it allows for

bidirectional communication of electricity data, rather than unidirectional flow. They enable real time data

collection involving supply and demand of electric power, during transmission and distribution process, making

generation, consumption, auditing and maintenance more effective. Smart grids take into account the action of

all users in the power network using algorithm based remote control and automation as compared to the

traditional power grids which utilise only one-way communication methods. Thus, the controls, computers,

3
automations, telecommunication and equipment that work together with and within the electrical power grid to

form a smart grid which reponds digitally to our rapidly and continuously changing power demand.

2.2 Ideal functionalities of smart grid

Smart grid is the development of the traditional power grid which should ideally have some advanced

functionalities

• Self Regenerating

• Consumer Interaction

• Resilience to attacks

• Improves Power Quality

• Optimization of assets and operations

• Facilitates Electrical markets

• Accommodates all generation and storage options

The Electric Power Systems are a huge and complex interconnected network and is very sensitive to

physical and cyber attacks. The term ‘self-regenerating’ emphasizes the ability of modern smart grid to recover

from a physical abnormality or a cyber attack and become stable again. ‘Self-regenerating’ systems not only

address the automatic power restoration program considering distributed energy resources, but also deals with

high level of decentralised control algorithms to prevent blackouts. Another important feature of a smart grid is

the resistance to cyber attacks on the grid. Customers nowadays require power of a certain quality level in terms

of the voltage fluctualtions as well as the power quality, which is the responsibility of the supplying utility. The

real need of smart grid is to cater to the growing demand for the reliability of power supply and need for

optimised network conditions in normal and emergency operations. As the corruption of any component of the

power grid may result in the massive loss in the nation’s economy and social welfare, therefore it is very

important to protect smart grid power infrastructure, especially from cyber attacks considering the enormous

amount of data which is controlled online through various decentralised servers.

3. Security Issues of Cyber-Physical Smart Grid

In a smart grid, the traditional power system is interconnected with the cyber system which consists of

information and communication technologies which has led to new security concerns. For a reliable, secure,

stable and efficient operation of the grid, smart grid security issues must address to new challenges. It is

4
imperative to note that the current security measures are either inapplicable, insufficiently scalable,

incompatible or simply not upto the level of security requirements considering the technological advancements

in the field of network technologies and illegal and unauthorised gaining of access to the out of bounds servers.

A Smart Grid can be defined as the union of traditional Power system with cyber system infrastructure

including softwares,hardwares and communication requirements.In figure 1 a Smart grid model is shown where

power will flow from generator side to consumer side but information flow will be bidirectional that is in the

device level for coordination and among the operators and service provider level for efficient and advanced

control.Thus the Cyber-Physical Security of Smart Grid is very important.

Figure 3.1: Conceptual Model of Smart Grid

The security issues of a cyber-physical smart grid constitute of the following issues:

• The tangible components of the smart power grid

• Control centres and applications

• Protective measures to lessen the cyber threats and attacks

• The interrelation between cyber attack and its impact on smart grid

• The cyber infrastructur for stable, reliable, efficient planning and working of smart grid

The potential risks associated with cyber-physical smart grid are:

5
 1. Increased Complexity: The adding of new technologies in Smart Grid is making the smart grid

more and more complex in nature.

2. Cascading Failures: The cyber system and traditional power system are strongly interconnected

with each other in a smart grid. Thus, the failure of any one of them due to any random or targetted

attack can affect other leading to potential Cascading failures.

3. Data privacy Issues: Boundless use of Intelligent Electronic Devices (IEDs) in a smart grid has

increased the data assemblance and bidirectional information flow broadly leading to problems related

to data privacy, confidentiality and intervention in customers privacy.

4. Cyber Security Objectives and Requirements

Electric Power Research Institute(EPRI), Smart Grid Interoperability Panel(SgiP), National Institue of

Standards and Technology(NIST) and IEEE are some of the various organizations which have done exhaustive

research work in the development in the areas of Cyber objectives and requirements.The report published by

NIST explains three high priority cyber security objectives which are: Availabality, Integrity and

Confidentiality. These are the objectives which have been outlined the report by NIST. The same report also

outlines some specific security requirements like privacy, authentication, trust, authorisation, indentification and

access control. These bodies issue guidelines and frameworks which need to be continously modified in order to

make sure of a scalable, secure and trustworthy operation of the smart grid. Smart Grid security requirements

differs from other critical infrastructures. The Security Objectives for the protection of the smart grid

infrastructure are described as below:

Figure 4.1: Cyber Security Objectives and Requirements

• Integrity: Integrity in the power grid system refers to the prevention of modification of sensitive

information in sensory devices, electronic components, software and control command which might

6
 disturb the decision-making ability and corrupt the data exchange. It has been observed that the bad

data injection against the state estimation compromises the integrity of the power grid causing power

mismanagement. Integrity of the power grid is crucial because any hacker can control any equipments

and or electrical devices through compromised software.

• Confidentiality: Prevention of illegal access by an unauthorised personnel of an high security

information such as power usage, cost information and command controls which inadvertently leads to

the intrusion of privacy of customers and reveals the functional information of utilities is called as

Confidentiality.However the confidentiality of software should not be treated as essential rather than

focusing on secrecy of keys.

• Availability: Preventing an attacker from not allowing control or access of the system to the

authorized person is called availability. Distributed DoS (DDoS) and Denial-of-service (DoS) attacks

can damage, block or delay the information leading to power unavailability or information exchange in

the smart grid. In cases like this, availability of price information and control command is severe as it

can cause less revenue collection. Generally, availability can be reffered as “reliable and timely access

to the use of information”. However, the time flexibility of the availability depends on the application

as shown in Table. 4.1

Time Requirements Data availability for the certain applications

<=4 ms Protective relaying

Sub-seconds Transmission wide-area situational awareness monitoring

Seconds Substation and feeder SCADA data

Minutes Observing non essential equipment and some market pricing

information

Hours Longer-term market pricing information and Meter reading

Days/Weeks/Months Accumulating long-term data such as power quality information

Table 4.1: Time flexibility for different smart grid applications

7
5. Cyber Securities Threats in Smart Grid

It is very much important to understand the eventual vulnerable threats in the smart power grid. In this section,

the risk evaluation methodology that provides a basis for exploiting the possible entry points which are exposed

to malicious attacks have been described. How these attacks allow an attacker to take unwanted actions and

consequently affect the entire smart grid infrastructure has also been outlined.

In Power Industry chain various attack points are listed below:

1. Generation System:

• In Generation Plant the numerical relays adopt the ethernet based IEC 61850 for exchange of

information. An attacker may launch a DoS attack causing the relay to disfunction during the fault

conditions or may even change the relay settings causing unintended tripping of relays. For

example, if an adversary delays the transmission of message successfully in case of trip protection

in generating stations then it can cause serious harm or blow to the components

• The SCADA System controls and monitors the Generation plant. Traditional SCADA still practice

encoded passwords, ladder logic and lack verificatiom. An attacker may easily attack the SCADA

system to vary frequency measurements given to the automatic governor control (AGC). The

stability of the system can be directly affected by such an attack. A technique is proposed using

reachability analysis to account the effect of an attack on the AGC loop.

• Plant control center are linked to various simple control loops for example valve control, speed

control and AVR through Ethernet. If an attacker somehow finds out security holes then it can gain

access inside the local area network (LAN) easily and get a backdoor entry hence allowing the

attacker to easily give and take the digital control modules by disturbing the control logic. This

could be the most severe type of security threat.

• In power plants generally MODBUS protocols are used by RTUs and PLCs for communication

purpose. The MODBUS protocol does not provide security against unverified entry. So, an

attacker with IP connectivity can damage RTUs or PLCs causing undesired system operation. So,

an adversary with network access can easily make fake messages. It is also possible to make “man-

in-themiddle” attack between the SCADA and the RTUs or PLCs to get data regarding the device

functionality and network topology.

8
2. Transmission System:

• The most important part of transmission system at load dispatch centers is SCADA. It is now applied to

wide area networks (WANs) due to huge development in information technology sector. Load dispatch

centers have control which is independent, but they are also connected to other centers using a common

communication infrastructure. Today many high-tech transmission companies have merged internet

into the communication network for better reliability and efficiency. But this puts the entire

transmission system at a high risk because if an attacker manages to access any one of the SCADA

networks then it can cause a chaotic situation to the entire system operation.

• HVDC power lines are becoming more and more dominant mode for bulk energy transfer. At HVDC

links the cyber security infrastructure are lousy with no access control features and verification put in

their SCADA system. An attacker may even block the power flow leading to acute loss of power at

targeted areas

• During operation modern FACTS devices uses bidirectional high-speed communication link to share

the information with each other – hence increasing the threats in the particular system. Wrong

operational data can be sent by adversary to the FACTS devices leading to unnecessary VAR

compensation resulting in unstability

• In transmission system RTUs and PLCs there is same threat as it was in generation system. An attacker

can specially make an URL that can be shared with anyone at the control center. As the URL is opened

from the HMI connected to the network, a malicious computer code is executed in the web browser.

This then automatically searches the PLCs connected to that network and attacks the system. Such

attacks are classified as Cross-Site Request Forgery (CSRF) attacks.

3. Distribution System:

• A conventional meter can be upgraded by reversing the internal usage counter or can be changed to

control the calculation of electric flow. Intelligent Electronic Devices like smart meters can be handled

to set up various functionalities from remote location. This enables an attacker to remotely connect or

disconnect the devices or interfere with data sent to the system operator or sneak into private data of

the consumers. Also, if an attacker manages to send incorrect data packets to inject negative pricing in

the system then it will lead to power shortages at the targeted area causing revenue loss to the utility

company. Given that there are millions of smart meters connected to the system, it is tough to protect

9
 every node–increasing the threats in the system to multiple times. An attacker could switch-off millions

of smart meters simultaneously through a remote location.

• An attacker or hijacker can hijack the Virtual Private Network of distribution utilities. The effects of

slammer worms travelling through a VPN connection to SCADA network are reported. The worm has

ability to infect the control center LAN and blocked the SCADA traffic. Such attacks are very

dangerous as they can be monitored and controlled remotely.

• Due to lack of verification and encryption at the Head End System (HES), an adversary can directly

interfer the Meter Data Management System (MDMS) and send unverified trip signals to the smart

meters. Also, an attacker can control smart meters connected at consumers end and transfer false

energy usage signals to the control center. Since the software installed at HES cannot find any doubt or

uncertainity, it accomplishes the required control and grant command to switch off the smart meter.

This kind of attacks can be very tough to trace or locate as the adversary imitate a smart meter.

• Customers having net metering scheme set up at their premises can also mess with the net energy usage

data transmitted to the utility’s control center by getting unauthorized access into the communication

network of the AMI. The adversory can curtail the electricity bill or may earn credits into their account

even if the consumer is not selling electric power to the grid. This does not strike directly to the system

operation but rise up the losses of distribution companies.

6. Protecting Smart Grid from cyber vulnerabilities

In recent years, due to broad adoption of communication network in distinct levels of planning and operation of

a power grid the vulnerabilities in smart grid has increased manifold times. To secure the smart grid, it is

important to protect the traditional grid from three broad classes of cyber attacks described below.

6.1 Protection from equipment-wise cyber attack

To secure the smart grid at device level, various security agent-based foundation has been proposed. The

security agent should be implanted in both substation level and in field devices as shown in figure 2. Some

important functions of security agents are mentioned below:

• Assembling network traffic patters and traffic data examining

• Preserving Data log and making its report

• Providing end-to-end security

• Management of Alarm
10
 • Run security and attack detection algorithms

Source: Reference no. [7]

Figure 6.1: A security agent-based foundation for smart grid protection

6.2 Protection from Protocol-wise Cyber Attack

In critical Power grid infrastructure SCADA is broadly used. In case of manifold shareholders sometimes

‘verification’, ‘encryption’ and ‘firewalls’ may not diminish the security issues in a huge SCADA network.

Furthermore, focusing protecting concerns considering only SCADA network as a individual body will not figur

out the problem and therefore, it is of utmost importance to ensure the cyber security of the each and every

device in the network. For successful automation and working of a smart grid different communication

protocols are used in SCADA equipments. The expansion and development of the industrial SCADA protocols

11
began in early 1980s when Modbus Plus, Modbus, and proprietary and vendor specific protocols were initially

developed.

6.3 Protection from Topology-wise Cyber Attacks

Smart grid is also unsafe to topology wise cyber attacks. For example, based on the information of the power

system topologies, an attacker may attack the bad data disclosure algorithms of the current state estimators.

Another topology based cyber attack is attack on the circuit breaker which will lead to the isolation of the

generation units from the main power grid. It has been seen that a cyber attack on confidentiality with proper

topological information can cause to an integrity and availability attack. Therefore, an information flow

security-based model is suggested for lessening these security issues. In the cyber-physical network, an

optimum inter-link placement strategy against random attacks is proposed that tests that the strategy ensures a

better security compared with all other acheivable strategies, containing strategies using unidirectional

interlinks, random allocation in the case when topography of the cyber and physical network is not known to

each other.

7. Security Issues for Future Smart Grid

To make the grid better and intelligent, important and serious actions are taken around the globe. These

initiatives will not only develop the grid but also increases the overall system stability, efficiency and reliability.

But protecting measyres must be preserved to establish the continuous power supply to the consumers and to

conserve the national electricity grid from terrorist attacks. It is necessary to describe that a properly designed

defence foundation against cyber-attack should respond to all aspects related to the cyber-crime in a

complicated cyber-physical electricial power grid infrastructure. That means, not only targeted cyber-attack

should be studied but also, accidental ICT related anomalies should be solved, e.g., software errors, human

operator errors, component failures and natural disaster related problems.

More and more automations are introduced in the smart grid to make it intelligent and smarter but this

will lead to increase in risk of the smart grid. Importantly cyber terrorists or hackers have control centres as

there main target. Many cyber security plans and advanced techniques are implemented by the utilities to avoid

this kind of attacks. We can implement advanced attack detection and prevention techniques in different parts of

the complex smart grid. Utilities are implementing various security management systems for betterment and

protection of smart grid. Energy providers are adopting distinct riskmanagement strategies and defence

approach in oppose to cyber-attack.

12
 It is clear that smart grid is giving lots of benefits including pollution free technologies like solar and

wind, energy-efficient smart houses, cost-effective demand-side management, smart charging stations for

electric cars and many more. In order to get these benefits, smart grid protection measures must be preserved.

8. Conclusion:

In few past years, the number of cyber attacks is rapidly increasing. The knowledgable cyber terrorists having

detailed and proper information of power system can create an integrity, availability or confidentiality attack on

the network. Cyber security of a smart grid is not only concern of utility operators, engineers or research

workers but it is also the duty of government to ensure the protective measures and security of this national

critical infrastructure.

In this paper we have discussed about cyber attack and its history. We also explained on Smart grid

infrastructure which consisted of its definition and ideal functions. Security issues in cyber-physical grid is

elucidated. The important cyber security objectives and requirements of a smart grid which are availability,

integrity and confidentiality are also discussed. Cyber threats in generation, transmission and distribution sytem

of a smart grid are thoroughly explained. The protective and secured foundation of smart grid against

equipment-wise, protocol-wise and topology-wise cyber-attacks are also reviewed in this paper. Finally, broad

idea about Security Issues for Future Smart Grid is given in this paper.

Cyber security is very important for the secure and reliable operation of a critical smart power grid

infrastructure. Till date, only Bad Data Detection algorithms are used for data security in the state estimation.

Cyber security in smart grid is still under crucial stage of development. However, any attacker can attack the

grid through any of the entry point of the cyber-physical system and can cause a great impact on the physical

assets directly. For enhanced security and reliability of smart grid, intrusion detection algorithms and security

system should be added in the complete system of Smart Grid.

13
 References

[1] Dr. M. K. Khedkar, Dr. G. M. Dhole.” A Textbook of Electric Power Distribution Automation”, University
Science Press (An imprint of Laxmi Publication).
[2] R. McMillan, “Siemens: Stuxnet worm hit industrial systems,” COMPUTERWorld, Sept.14, 2010.
[3] Repository for Industrial Security Incidents.
[4] The Smart Grid Interoperability Panel – Cyber Security Working Group, “Guidelines for Smart
Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level
Requirements”, August 2010
[5] Haoming Liu; Xingying Chen; Kun Yu; Yunhe Hou; , "The Control and Analysis of Self-Healing
Urban Power Grid," , IEEE Transactions on Smart Grid, vol.3, no.3, pp.1119-1129, Sept. 2012
[6] Sridhar, S.; Hahn, A.; Govindarasu, M., "Cyber–Physical System Security for the Electric Power
Grid," Proceedings of the IEEE , vol.100, no.1, pp.210-224, Jan. 2012
[7] Dong Wei; Yan Lu; Jafari, M.; Skare, P.M.; Rohde, K., "Protecting Smart Grid Automation
Systems Against Cyberattacks," , IEEE Transactions on Smart Grid, vol.2, no.4, pp.782,795, Dec.
2011
[8] C.-W. Ten , G. Manimaran and C.-C. Liu "Cybersecurity for electric power control and
automation systems", Proc. eNetworks Cyberengineering Workshop, IEEE-SMC, pp.29 -34 2007
[9] Le Xie; Yilin Mo; Sinopoli, B., "Integrity Data Attacks in Power Market Operations," IEEE
Transactions on Smart Grid, vol.2, no.4, pp.659,666, Dec. 2011
[10] Mitigating Event Confidentiality Violations in Smart Grids: An Information Flow Security-Based
Approach," IEEE Transactions on Smart Grid, vol.PP, no.99, pp.1,8, 0
[11] Yagan, O.; Dajun Qian; Junshan Zhang; Cochran, D., "Optimal Allocation of Interconnecting
Links in Cyber-Physical Systems: Interdependence, Cascading Failures, and Robustness," IEEE
Transactions on Parallel and Distributed Systems, vol.23, no.9, pp.1708,1720, Sept. 2012
[12] Y. Huang, M. Esmalifalak, H. Nguyen, R. Zheng, Z. Han, H. Li and L. Song, “Bad data injection in smart
grid: attack and defense mechanisms,” IEEE Communications Magazine, Jan. 2013, pp. 27-33.
[13] O. Kosut, L. Jia, R. J. Thomas, and L. Tong, “Malicious data attacks on smart grid state estimation: attack
strategies and countermeasures,” Proc. 1st IEEE SmartGridComm 2010, Gaithersburg, MD, Oct. 2010, pp. 220-
225.
[14] Eduard Kovacs, “Flaws in rockwell PLCs expose operational networks,” Security Week, Oct. 28, 2015.

14