BlackJack3D/iStock/Getty Images

Digital Substation Cybersecurity Challenge

Sept. 19, 2018
Cioraca recommends use of the National Security Agency’s (NSA) Security Robustness Index

Nearly every month we get additional information about cyberthreats to our electrical grid.  Last month the Department of Homeland Security reported that hackers were able to breach a large number of utility networks thought to be secure. This certainly is a concern for all utility systems, but it raises particular issues for owners of digital substations designed to enhance communications, interoperability and automation. GE made a presentation available to T&D World from Anca Cioraca, GE’s lead for Grid Automation products, that helps utilities analyze their cyber security challenges and draw upon available cybersecurity guidelines and regulations to become more fully prepared for today’s challenges.

Cioraca recommends use of the National Security Agency’s (NSA) Security Robustness Index that attaches a value to the importance of the data to be protected and the levels of threat that may exist. The robustness determination is then used to derive a Strength of Mechanism (SML) level appropriate for the needed defense to expected attacks. According to Cioraca, all vendor-supplied software and hardware should have an SML designation.

Today’s smart grid involves many open networks and standardized protocols. The latest reported breaches resulted from the use of stolen vendor credentials, similar to the Ukrainian distribution power outage in 2015. Utilities have been working for a number of years to implement the NERC Critical Infrastructure Protection (CIP) standards. Mechanisms for compliance of importance to utilities include IEC 62351 for Power System Data and Communication Security and potentially also the IETF standards for communications. Cioraca believes that IEC 62443 relating to the security of industrial control systems, including design guidance and technical requirements, also will be of increasing importance for the certification of suppliers and equipment.

GE is one of a number of companies with digital substation cyber security offerings. Their programs include secure designs, security validation testing, vulnerability management, and built in preventative, detection and response capabilities. GE believes cybersecurity will be an ongoing journey as detection and defense advances to counter increasingly sophisticated attacks. 

About the Author

David Shadle | Grid Optimization Editor

Dave joined the T&D World team as the editor of the Grid Optimization Center of Excellence website in January 2016.

Dave is a power industry veteran with a history of leading environmental and development organizations, championing crucial projects, managing major acquisitions and implementing change. Dave is currently a principal at Power Advance, LLC, an independent consulting firm specializing in power project development, research and analysis, due diligence and valuation support. Dave is also a contributing consultant for Transmission & Distribution World. Prior to Power Advance, Dave held business and power project development positions with The Louis Berger Group, Iberdrola Renewables, FPL Energy and General Public Utilities. He is a graduate of Pennsylvania State University, the New Jersey Institute of Technology and Purdue University.

Voice your opinion!

To join the conversation, and become an exclusive member of T&D World, create an account today!