The global energy industry is embracing the digital transformation of the power grid to achieve a future with net-zero carbon emissions. As data becomes increasingly digitalized and interconnected, the risk of cyberattacks becomes a pressing concern. Traditionally, substations' energy and information/data flow were separated in most countries, with substations primarily focusing on electricity transmission and distribution.

However, it is foreseeable that both energy flow and data flow will converge in substations in the near future. This shift emphasizes the crucial role of substation automation systems (SAS) in facilitating energy distribution and underscores the criticality of protecting SAS from cyber threats.

Safeguarding the Digital Power Grid as a Matter of National Security

In today's highly connected world, the power grid is intertwined with numerous digital networks. Substation automation exemplifies the convergence of operational technology (OT) and information technology (IT), as Supervisory Control and Data Acquisition (SCADA) systems and other applications automate tasks, reducing human error and repetitive work. Nevertheless, the digitalization of the power grid introduces new risks as system integrity becomes vulnerable to cyberattacks.

A stark reminder of these risks came in April 2022, when Ukraine's largest electricity utility thwarted a significant cyberattack that could have caused a blackout affecting two million people. Cybersecurity researchers revealed that hackers attempted to deploy the Industroyer2 malware against high-voltage power substations in Ukraine, along with deploying various destructive malware types like CaddyWiper.

Hackers spread CaddyWiper, a wiper software, throughout Ukraine to delete data on infected computer systems. The lessons learned from this incident underscore the urgency for governments, regulators, and power utilities to address the escalating cyber threats. Protecting critical power infrastructure must remain a top national priority, both during peacetime and in times of conflict.

Cybersecurity Guidelines for Substation Automation

In response to these concerns, governmental organizations like the North American Electric Reliability Corporation (NERC) and the European Union (EU) are pushing for more cybersecurity regulations and guidelines for power grid utilities. For instance, NERC introduced a "Security Integration Strategy" in December 2022, while the EU released its Network and Information Security Directive 2.0 (NIS 2.0).

While industry regulations continue to evolve, network security considerations focus on addressing the following three key challenges in securing power grid automation systems:

1. Visibility of Critical Assets

Substation automation systems comprise a diverse range of configurable and controllable components, such as protection relays, power meters, HMI, controllers, and network devices. Managing these critical assets from different suppliers poses challenges in terms of unified management and asset visibility. Regular firmware updates, installation of security patches as part of routine maintenance, and collaboration with vendors offering Product Security and Incident Response Teams (PSIRT) are crucial to identify potential vulnerabilities and staying protected.

2. Access Control

Robust physical access control is insufficient if inattentive logical access control policies or management practices compromise the system. Misaligned security standards between system operators and third-party vendors, along with accidental misconfigurations or unauthorized access, can pose significant risks. It is essential to establish cooperation between internal and third-party operational teams to align with maintenance guidelines and security settings for system equipment and software.

3. Proactive Security

Firewalls provide protection within a defined security perimeter, but modern digitalized electricity distribution systems are susceptible to external cyberattacks that exploit remote access vulnerabilities. Proactive security measures, including consistent monitoring of communication patterns and effective detection of potential threats, are vital in safeguarding power systems in today's threat landscape. Consider adopting advanced security technologies such as next-generation firewalls (NGFW) equipped with intrusion protection systems (IPS) and intrusion detection systems (IDS) to identify and mitigate suspicious and abnormal communications.

Summary

Achieving a completely cyber threat-free environment for substation automation systems is challenging. However, understanding the key challenges and implementing best practices can help minimize risks and enhance the resilience of the entire power grid. Prioritizing the security of your substation infrastructure is essential in safeguarding the digital power grid. Take action today to strengthen your power infrastructure's security.