Tri-County Electric Cooperative is making an effort to continually improve system reliability through implementing advanced communications, control systems, supervisory control and data acquisition (SCADA), and meters. Along with these improvements, the coop recognizes the importance of cybersecurity so as not to undermine this investment.
Tri-County is developing a cybersecurity response plan to address cyber intrusions and physical compromise of its utility system. In doing this, the coop is taking into consideration several factors, one of which is the development of an effective culture that will contribute to sound and effective cybersecurity practices.
Utility Industry Culture
In the development of the North American Electric Reliability Corp. (NERC) reliability standards, much emphasis was placed on a culture of compliance concerning the implementation of the reliability standards. The emphasis of a culture of compliance was necessary within the industry to establish a fundamental principle within utilities to comply with the established standards and conduct system reliability according to the established NERC reliability standards.
NERC established a system that included input from the industry on the development of the standards. In establishing this process, NERC unwittingly exposed the ingrained practices and inflexible approaches to system operations that existed. It is important that the cybersecurity framework being developed evolves at a faster rate than the development of the critical infrastructure protection (CIP) standards.
In the process of seeking industry input, NERC has experienced the lethargic process of the industry concerning operational and administrative change. This has resulted in a long and time-consuming process in the development of reliability standards, which continues to keep the industry behind the curve in the development of a reliable and secure grid.
With the complexities of today’s utility grid components like SCADA, meters, relays, power-quality equipment and programmable logic controllers, the potential cybersecurity vulnerabilities that exist are causing the industry to rethink its approach to cybersecurity and the need for a more expeditious process to address this rapidly changing area.
In considering both the positive and negative aspects of the current industry culture as well as the paradigm shift caused by the improvement of its system, Tri-County is continually evaluating the effectiveness of its NERC internal compliance program to ensure it is maintaining a culture of compliance that is commensurate with good reliability practices. The development of a cybersecurity response plan is just another logical step to improve Tri-County’s system security and reliability.
Response to NIST
On Feb. 12, 2013, President Obama issued executive order 13636, improving critical infrastructure cybersecurity. This executive order provided an outline for the examination of current cybersecurity practices concerning the nation’s critical infrastructure and key resources (CIKR). As a result of this executive order, the President said the secretary of commerce shall direct the director of the National Institute of Standards and Technology (NIST) to lead the development of a national cybersecurity framework. This resulted in NIST and the Department of Commerce issuing a request for information in the Federal Register on Feb. 26, 2013.
Tri-County provided a response to the request for information in which it recommended changing the approach to be more situational awareness. The utility explained that the approach necessary for today’s grid needs to focus on a proactive and real-time approach based on situational awareness rather than today’s
In U.S. Army field manuals, situational awareness is defined in terms of “decision making” within the “battle space.” For power systems and the national grid, Tri-County has adopted this definition of situational awareness: “Knowledge and understanding of the current situation, which promotes timely, relevant and accurate assessment of system operations and recognition of cybersecurity issues within the overall operation of the system grid that facilitates effective decision making in the reliability and cybersecurity of the utility system.”
In all power systems, it is extremely important for engineers, planners and operations to understand the facilities on their system and the coordination of operation between these facilities. They also should understand how impacts on neighboring facilities can impact their operations.
Having an understanding of the function of the CIKR on a system provides for system knowledge that will improve the decision-making process and facilitate the appropriate response and action needed for a cybersecure and reliable grid. NERC reliability standards address this need for system response; however, the operational practices outlined in the reliability standards do not completely provide for secure, real-time operation of a system.
To have a complete understanding of the system’s current state and condition, it is important not only to understand the protocols of power flow and transfer among interconnections but to have the ability to retrieve information from the grid that is indicative of areas of weakness in the grid’s operations. The determination of a grid’s weakness is defined by the facilities ratings, cybersecurity measures and physical security used by the utility in its system operations. Based on the facilities ratings, weaknesses in the system can be extracted from data provided by SCADA, relays, power-quality devices, advanced metering infrastructure, substation equipment and transmission interchange equipment.
With the development of a sophisticated two-way communications structure among control systems, it is important to monitor information transmitted for system operation and control. If a utility develops metrics for the use of information being sent to system controls, then it could use that information as a guideline to find potential areas of compromise outside the system’s operational measures. When finding compromised areas within the system grid, action can be taken to eliminate the area of potential threat and reduce system risk.
Utilities that understand the application and operation of the CIKR in the system grid, as well as how to extract the necessary information concerning the current weak points within the system grid, have the ability to reduce the uncertainty within the system grid. In reducing the uncertainty, the reliability of the grid becomes stable and the risk of system compromise from cyber threats is reduced.
Based on Tri-County’s desire to have a secure and reliable system, the coop is proactively developing its cybersecurity measures in addition to its NERC program. The utility was originally registered with NERC through its generation and transmission (G&T) provider who handled the coop’s NERC requirements. In 2011, Tri-County started developing a NERC program while still being represented by the G&T provider. In May 2012, Tri-County moved from being represented by the G&T provider to becoming a registered entity with NERC.
Since then, Tri-County saw the need for developing cybersecurity measures in addition to its compliance with the NERC reliability standards. When the executive order concerning cybersecurity was issued with a corresponding request for information, Tri-County saw an opportunity to take an active role in the development of the nation’s cybersecurity framework. In addition to learning from the comment process, a team was formed to develop the coop’s cybersecurity response plan, which considers several important factors:
- The determination of CIKR on the system and understanding its role and function within the system
- The ability to monitor the CIKR and system conditions to respond quickly or identify potential cybersecurity risks
- The recognition of the roles of engineering, operations and IT in providing system security
- The development of a symbiotic relationship between engineering, operations and IT to ensure an effective and prompt response to cybersecurity conditions
- The security of information internally and a framework to define procedures for information released outside the utility
- Senior management providing emphasis of the importance of practicing the utility’s cybersecurity plan.
These factors and others that emerge during the development of Tri-County’s cybersecurity response plan will create a strong cybersecurity framework along with the CIP standards.
The Gap and Crossroads
It is easy to identify a considerable gap between the technologies of today and operational philosophies of yesterday. Current regulatory standards and practices, when effective, only provide part of the bridge that will reduce this gap. But, the potential for cybersecurity compromises and system reliability degradation are real challenges that may be enabled by the industry’s unwillingness to look forward and evolve.
Tri-County recognizes the need for a strong cybersecurity program, in addition to its NERC program, to ensure a secure and reliable system for its members. While cybersecurity plans beyond the CIP standards may not be a requirement for the industry, Tri-County recognizes the need to develop a cybersecurity response plan as a prudent and responsible step in supplying energy to its members.
It is important for the industry to understand the electric grid is at a crossroads that will determine its overall effectiveness in the future. The industry can be a keystone of this nation’s future infrastructure security.
Mike Swearingen ([email protected]) is manager of regulatory policy at Tri-County Electric Cooperative and has bachelor’s degrees in computer science and mathematics from the Eastern New Mexico University. He is a member of the IEEE Power & Energy Society, the Computational Intelligence Society and the IEEE Standards Association. He has served on the National Rural Electric Cooperative Association’s power-quality subcommittee, worked with the National Electric Energy Testing Research and Applications Center as well as the Centre for Energy Advancement through Technological Innovation, and been a member of Subcommittee 5 of the National Electrical Safety Code. Swearingen actively contributes to the Department of Energy’s Gridtech Grid Integration team, the DOE’s Grid Engineering for Accelerated Renewable Energy Deployment as an independent merit reviewer, and the DOE’s Energy Efficiency and Renewable Energy in establishing a T&D system R&D road map.
Joe Weiss ([email protected]) is a managing partner at Applied Control Solutions and an expert on cybersecurity of industrial control systems (ICS). He spent more than 14 years at the Electric Power Research Institute and is a member of several international standards organizations on ICS cybersecurity. He has authored two books, several book chapters and more than 60 articles, as well as testified to several congressional committees. Weiss is an ISA fellow and an IEEE senior member, and he chairs the annual ICS Cyber Security Conference.
Applied Control Solutions| http://realtimeacs.com
National Institute of Standards and Technology
North American Electric Reliability Corp.| www.nerc.com
Tri-County Electric Cooperative| www.tri-countyelectric.coop
Cybersecurity is a concept of significant concern and interest within the power industry for all operational facilities. The development of the intelligent utility grid and associated facilities has further expanded the discussion concerning system vulnerability and security. Much effort is being put into the development of cybersecurity by government, equipment suppliers, security providers, consultants and IT departments across the United States and around the globe.
Utilities are developing strategies concerning the deployment and use of new utility grid technologies to obtain maximum operational impact on their systems. U.S. agencies such as the Department of Homeland Security, the National Security Agency, the Department of Defense, the Department of Energy, and the National Institute of Standards and Technology are focused on the proper use of technology and the cybersecurity of the technology within the nation’s power grid.