Smart grid security: Critical success factors

Security is paramount in any smart grid deployment and should be embeded into the end-to-end architecture and deployment of intelligent networks

Threats to the smart grid can be classified into three broad groups: System level threats that attempt to take down the grid; attempts to steal electrical service; and attempts to compromise the confidentiality of data on the system.

It’s often assumed that security threats come exclusively from hackers and other individuals or outside groups with malicious intent. Staff and other “insiders” also pose a risk, however, because they have authorised access to one or more parts of the system. Insiders know sensitive pieces of information, such as passwords stored in system databases, and have access to a secure perimeter, cryptographic keys, and other security mechanisms that are targets of compromise. And not all security breaches are malicious; some result from accidental misconfigurations, failure to follow procedures, and other oversights.

An effective security strategy for smart grids needs to be end-to-end. This means that security capabilities need to be layered such that defence mechanisms have multiple points to detect and mitigate breaches. These capabilities also need to be integral to all segments of intelligent network infrastructure and address the full set of logical functional requirements, including:

Physical security

Examining the security of SCADA Networks, we always found lack of evidence in regards to physical security. The first thing to consider for securing a smart grid is keeping the intruders off the premises. A physical security solution needs to include capabilities for video surveillance, cameras, electronic access control, and emergency response. These functions need to be flexible enough to integrate and converge onto the IP backbone. The secure and smooth interoperability enables centralized management and control, monitoring and logging capabilities, and rapid access to information. This reduces the amount of time it takes facilities personnel and operations teams to respond to incidents across the grid.

Indentity and access control policies

Knowing who is on the grid is a vital element to the overall security strategy. Today, we see various user groups that have a reason to be on the network, including employees, contractors, and even customers. Access to these user groups, be it local or remote, should be granular, and authorization should only be granted to 'need to know' assets.

For example, an employee can have access to a specific grid control system, while a contractor only has access to a timecard application, and a customer has Internet-enabled access that allows that customer to view energy consumption and bills online.

Identity should be verified through strong authentication mechanisms. Passwords must be strong, attempts must be logged, and unauthorised attempts should be logged. We should implement a 'default deny' policy whereby access to the network is granted only through explicit access permissions. Furthermore, all access points should be hardened to prevent unauthorised access, and only ports and services necessary for normal operation should be enabled.

Hardened network devices and systems

The foundation of effective security architecture is the protection of the infrastructure itself. A system is only as strong as its weakest link and core elements—the routers and switches—can represent vulnerabilities and access methodologies if not properly protected. If these devices are compromised, they can be used to disrupt grid operations through denial-of-service (DoS) attacks or worse used to gain access to more vital control systems.

For example, routers can be shipped with factory default passwords and basic remote access such as Telnet and HTTP services turned on. Network administrators might neglect to change these settings, unknowingly providing an easy entry point into their domain. These best practices address the steps that keep intruders off the devices and help to make sure of a secure environment.

Threat defence

A comprehensive threat defence strategy is required to broadly cover the different vulnerabilities that a smart grid network can face. Despite discrete functional zones and clear segmentation, it is often difficult to anticipate what form a new threat might take. Care should be taken to apply security principles broadly across the entire infrastructure to build an effective, layered defence:

DoS attacks can debilitate the functionality of the grid. DoS attacks sourcing from the Internet should not have any effect on the control systems due to network segmentation and access control.

Host protection in the form of antivirus capabilities along with host-based intrusion prevention is required to protect critical client systems, servers, and endpoints. Host protection should be kept up to date with patch management controls to make sure that the latest threat intelligence and signature updates are in place.

Network intrusion prevention system (IPS) technologies should augment the host-based defenses. An IPS should be used to identify external threats attempting to enter the infrastructure, as well as stop any attempts at internal propagation.

Vulnerability assessments must be performed at least annually to make sure that any elements that interface with the perimeter are secure.

In some instances, user action can open potential vulnerabilities to the system. As such, awareness programs should be put in place to educate the network users—employees, contractors, and guests alike—about security best practices for using network-based tools and applications.

Data protection for transmission and storage

Because of the different entities that make up a grid, it is important to think about how data is protected as it is transmitted and stored.

  • Implement firewall functionality that enforces access policies between different network segments, either logical or physical
  • Support VPN architectures that apply encryption algorithms to make sure of secure and confidential data transmission
  • Allow for host encryption and data storage security capabilities to protect critical assets on servers and endpoints
  • Provide granular access control to sensitive data at the application level
  • Provide ubiquitous security across both wired and wireless connections in a consistent manner

Real-time monitoring, management, and correlation

For ongoing maintenance and tighter control, it is important to have the ability to monitor events at a granular level. Over the lifespan of any complex system, events occur. Some of these events might be the result of a security incident, and some might simply be 'noise', but it is important for the system to detect those events, generate alerts, and apply intelligence so that more informative and intelligent decisions can be made.

This level of visibility can show which network elements are being targeted, which network elements might be vulnerable, and what type of corrective action needs to take place. This is a requirement for any successful security strategy.

Shoaib Yousuf, Information Security Strategist.

Join the CSO newsletter!

Error: Please check your email address.

Tags SCADAsecurityindentity controlauthenticationsmart gridsaccess controlthreats

More about etworkIPSSmartTelnet

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Shoaib Yousuf

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts