Digital substations, which play a central role in modern electrical systems, have become an attractive target for cybercriminals. The use of Ethernet communications to transfer information between substations and utility enterprise systems makes these substations more vulnerable to attacks, giving hackers the potential to disrupt operations at various institutions such as banks, gas stations, and emergency services. In fact, from January through August 2022, there were 101 cyberattacks reported nationwide on equipment that delivers electricity, according to a report by Politico.
The vulnerability of utility systems and substations to cyberattacks highlights the need for robust security measures and protection. Coordinated cyberattacks on substations can cause disruptive outages, making substation cybersecurity essential. To ensure effective cybersecurity, the principles of defense-in-depth, cyber kill-chain mapping, and intelligence-driven cybersecurity should be incorporated.
Until recently, cybersecurity was not a priority for many electric utilities, but advancements in threat groups and malware have forced their hand. Advanced threat groups have been using a malware kit called Pipedream, specifically developed to disrupt industrial processes, to target critical infrastructures and industrial control systems. Other cyber incidents, such as the 2021 ransomware attack on Colonial Pipeline’s IT system, have highlighted the potential threat of cyberattacks on the operational technology (OT) systems of electric energy infrastructure.
In enterprise environments, data theft and manipulation are the primary concerns in cyberattacks. These attacks often revolve around financial motives and result in productivity losses, repair costs, or the theft of sensitive information. However, attacks on electrical supply systems can have a major impact on customers and critical infrastructure.
To address the growing threat of cyberattacks, the Biden administration has committed to improving the security of critical infrastructure, including electric utilities, banks, and hospitals. The release of the National Cybersecurity Strategy and the National Cyber-Informed Engineering Strategy by the US Department of Energy aims to proactively manage cyber risks in the development of new energy infrastructure. These strategies encourage the incorporation of cybersecurity practices into the design life cycle of engineered systems.
While regulation provides a foundation for implementing baseline protections and best practices, continuous improvement is necessary to ensure the security of electrical grids. This includes real-time monitoring and detection capabilities to identify and respond to potential cyber threats.
When establishing a cybersecurity architecture, utility companies should focus on establishing baseline policies for protection and implementing standard control systems. Understanding the consequences of cyber risks is crucial for effective risk management. The cybersecurity requirements and interfaces of the systems should be based on best practices and consequence-driven risk assessments.
Utility companies need to focus on three main areas to develop a successful cybersecurity program. First, they should determine security program ownership and responsibilities. Stakeholders involved in electric energy OT control systems, particularly system owners or operators, need to prioritize cybersecurity and determine the requirements for a robust security program. Second, they should collaborate with system integrators to create a security strategy that incorporates the security capabilities of all cyber assets. This will enable the assessment of an organization’s cyber maturity and its ability to adapt to new threats. Finally, utility companies should ensure that manufacturers are aware of any security vulnerabilities and address them through a defined development process.
It is important for companies to develop top-down security policies that align with specific goals and objectives. These policies should encompass technical, procedural, and organizational guidance and foster a culture of shared responsibility for security. Processes should be established to enforce these policies while allowing adaptation to changes. Collaboration between manufacturers and system operators is also vital for exchanging information about incidents and vulnerabilities, facilitating the sharing of threat intelligence.
Creating a solid cybersecurity strategy for digital substations requires defining the essential elements and functions of the system while anticipating and adapting to new threats. The security architecture should protect critical assets while maintaining operational reliability and performance.
In conclusion, the increasing number of cyberattacks on digital substations highlights the need for robust cybersecurity measures in the electric utility industry. Utility companies must prioritize cybersecurity and implement strategies that address the evolving threat landscape. By adopting best practices, collaborating with system integrators, and fostering partnerships with manufacturers, organizations can enhance the security of their digital substations and protect critical infrastructure from cyber threats.