Cyber Security in Power Sector

Posted by Prathamesh Gangnaik on Aug, 2020

The increasing digitalization of the power sector through the deployment of Information and communications technologies (ICTs) is embodied in the rollout of advanced metering infrastructure and another network sensing infrastructure. However, the increased digitalization of the power system has created new vulnerabilities. Protecting a nation’s electricity grid from cyber-attacks is a critical national security issue and an important priority for electric utility Organizations.

Utility Companies are vulnerable to attack and will become more so in the next decade as utility systems have more digital controls and operations and metering while resource management systems have become more interconnected and complex.

The widespread connection of solar, wind, demand-response, and other distributed energy resources with two-way digital controls increases cyber vulnerabilities and requires more widespread and intensive cybersecurity protection.

Utilities throughout the world are therefore focusing on resilience and preparation to contain and minimize the consequences of cyber incidents. The increasingly widespread collection and, in certain markets, dissemination of energy production and consumption data is already causing privacy concerns and raising questions over who should own and manage this data.

Furthermore, regulation must account for new risks such as those posed by cyber-attacks on utilities or risks to consumers’ privacy.

The usual purpose of malware that is targeted at electric utilities is to obtain control of a utility’s systems. The goal may not be to shut down an entire system but rather to make the system less efficient, disrupt certain regions, game pricing models, gain information about a nation’s electricity consumption and industrial operations, or prepare for future attacks.

Threats and Impacts on the Sector

Physical and cyber security threats pose a significant and growing challenge to electric utilities. Unlike traditional threats to electric grid reliability, such as extreme weather, cyber threats are less predictable and therefore more difficult to anticipate and address. The ways in which a cyber-attack can be conducted are numerous and the growing complexity and interconnectedness of electric grids is increasing the number of potential targets and vulnerabilities. The attack surfaces of software environments that is, the different points where an unauthorized user (the "attacker") can try to enter or extract data are increasing.

Furthermore, Cyber incidents can cause loss of grid control or damage to grid equipment due to:

  • - Deliberate tampering with data, firmware, algorithms, and communications
  • - False data injection into pricing or demand systems
  • - Data exfiltration and
  • - Ransom demands to restore access to data.

Much like the electromagnetic pulses that can be caused by nuclear explosions and major geomagnetic disturbances (including solar flares), widespread cyber-attacks are generally high-impact, low-frequency events. Multiple smaller, lower-impact events may occur more frequently.

Attacks on the financial and industrial sectors are typically financially motivated, whereas attacks on critical infrastructure systems tend to be politically or ideologically motivated.

Future attacks may feature a mix of cyber and physical attacks and may be paired with social action to Instil anxiety and fear:

Electric power systems are comprised of cyber systems, physical systems, and people. Failures can originate from physical or cyber-attacks and from people acting mistakenly or purposely (i.e., with intent to harm). For instance, DER nodes can be compromised by strategically manipulating generation set points on a distribution feeder. Software attacks can damage variable frequency drives in electro-mechanical equipment to control motor speed and torque.

Threats can be both external and internal to the power system. Traditional supervisory control and data acquisition (SCADA) systems, distributed control systems, and programmable logic controllers were designed as closed systems with limited control interfaces, but these technologies are now becoming digitized and are being designed to include more “intelligent” software and hardware components

Management & the boards have now begun prioritizing and evaluating cybersecurity-related risks, governance, and operations; review results of security audits; evaluate cyber-event prevention and recovery plans and operations; act when a cybersecurity breach is known; and evaluate cyber-insurance options.

Considering the spike in the Cyber Crime incidents most importantly originating from Government Agencies & regulatory environment expected to grow furthermore stringent and having an appropriate risk transfer mechanism in place is the need of an hour. A Cyber Liability Insurance & Commercial Crime Insurance Program would provide Financial Indemnification to the Managements & the Boards of the Company associated with the expenses associated with:

  • Business Interruption due to cyber-attack resulting into loss of revenues
  • Theft of Funds because of Social Engineering attacks or if done by your internal employee
  • Cyber extortion demands by hackers
  • Data restoration costs to rebuild the information asset i.e. “DATA”
  • Regulatory Investigations & administrative fines and penalties
  • Claims on the grounds of theft/misuse of sensitive third party Personally Identifiable Information