The document discusses security challenges facing power grids and smart grids. It notes increasing blackouts in the US and cyber security incidents globally. The Indian power grid is vast in size and undergoing smart grid pilots. Security encompasses operational, physical and cyber security. Challenges include the tight coupling of IT and physical infrastructure, legacy systems, and continuous availability demands. Collaboration between industry, government and academia is needed to address challenges through standards, technologies and a process-based approach.
1. Security Challenges to
Power Grid and Smart
Grid Infrastructures
P.K.Agarwal
Additional General Manager
Power System Operation Corporation Ltd.
New Delhi, India
2. Outline
• Why security of power grid and smart grid
infrastructure is important
• Security in the context of power grid and smart
grid.
• Operational Security
• Physical Security
• Cyber Security
• Challenges & Way forward
8thNov2013
2
3. Some Facts
•US Blackouts
• During the past two decades, blackouts have
increased 124 percent -- up from 41
between 1991 and 1995, to 92 between
2001 and 2005, according to research at the
University of Minnesota
• In the most recently analyzed data available,
utilities reported 36 such outages in 2006
alone
Source -
8thNov2013
3
7. Power Grid
• Electrical grid is a man made miracle.
• Largest machine ever made.
• Managed by mutual co operation.
• Fulfills diverse requirements of
•System Operation
•Market Operation
• A Critical infrastructure of a Nation.
8thNov2013
7
8. Vast Size – Widely Spread
• Generating Stations - More than 450
• Generators - More than 1400
• Substations - More than 2000
• Circuit Kms of line - More than 270,000
• MW capacity - More than 220 GW
• Transformation Capacity - More than 480,000
• Nos of stakeholders - More than 160
8thNov2013
8
9. Smart grid
• Most significant upgrade to power grid in the last 100
years.
• Most flexible and transparent by the use of ICT.
• Has additonal new functionalities
• Self-healing.
• Motivates and includes consumers(Demand-0response).
• Accomodates all generation and storage options.
• Enables Electricity Markets.
• Optimize asset allocation and operational efficiently
8thNov2013
9
10. High Penetration
• DISCOMs – 43
• Utilities – 163
• Traders – 44
• power exchanges – 2
• OA applications - 32000 per year
• OA consumers - More than 2100
8thNov2013
10
11. Indian Smart Grid Pilot Projects
8thNov2013
11
MoP has approved 14 smart
grid pilots for execution
Functionalities being opted:
• AMI for Residential,
Commercial and Industrial
• Peak Load Management
• Outage Management
• Power Quality
• Renewable Integration
• Micro Grids
• Distributed Generation
Source – Desi Smart Grid
12. Smart Grid Pilot by POWERGRID
8thNov2013
12
Source – Power Grid Corporation
13. Smart Grid Functions Implemented
• Advanced Metering Infrastructure (AMI)
• Virtual Demand Response (DR)
• Street Light Automation
• Outage Management System (OMS)
• Net-Metering by Renewable Integration
• Power Quality Management
• Smart Home
• Micro Grid Controller
• Electric Vehicle
8thNov2013
13
14. Security of Power Grid and Smart Grid
• Traditionally security to power system means – to
withstand unexpected disturbances
• Such as short circuit
• Loss of a power system component such as
Transmission line
• In today’s world secuirty focus has expanded to
include
• disturbances due to overloading or unexpected causes
• Physical attacks or
• Cyber attacks
8thNov2013
14
17. Security of Power Grid/Smart Grid
• Operational Security
• Physical Security
• Cyber Security
8thNov2013
17
18. Operational Security
• THE DEGREE OF RISK
POWER SYSTEM’S ABILITY TO SURVIVE DISTURBANCES
(CONTINGENCIES) WITHOUT INTERRUPTION.
• Robustness of the system to disturbances.
• Depends on the system operating condition
• Depends on the contingent probability of disturbances.
8thNov2013
18
19. Ensuring Operational Security
• Real time monitoring of transmission line flows - they are
not overloaded.
• Contingency analysis – a “What if analysis” of grid
situations – ensuring that system is secure .
• Corrective preventative action - so that if contingencies
occur - do not create a system breakdown.
• The contingency analysis is repeated periodically.
• Load and generation balance - frequency stability – keep
it between permissible band (49.7 – 50.2 Hz)
• Inter regional transfers monitoring.
• Monitoring status of all - any mal-function the operator is
alerted through alarms.
8thNov2013
19
20. Synchrophasor technology…
• use monitoring devices called phasor measurement units
(PMUs) using GPS
• measures the instantaneous voltage, current, and frequency
at specific locations in an electric power transmission system
(or grid)
• Has high sampling rate 20 or more times per electrical cycle
which is 1200 or more times per second.
• converts the measured parameters into phasor values,
typically 25 or more values per second.
• adds a precise time stamp using GPS to these phasor values
turning them into synchrophasors.
• The resulting high speed data
• Enables transmission grid operators to have a high resolution “picure”
of conditions throught the grid.( Situational Awareness)
8thNov2013
20
21. Wide Area Monitoring - Synchrophasors
8thNov2013
21
Enhanced Situational Awareness to Monitor Health of the Grid
Grid Stress Phase Angular Separation
Grid Robustness Damping Status and Trend(s)
Oscillations Sustained Low Frequency oscillation
Frequency Instability Frequency Variation Across
Interconnection
Voltage Stability Low Voltage Zones / Voltage Sensitivities
Angular Stability Power-angle Sensitivities, stability
Margin (s) “How far from the threshold value?”
23. New tools – increased visibility
• The PMU in power grid and advance metering
infrastructure in smart grid - provide “MRI”
capability compared to the “x-ray” quality
available from SCADA technology.
• Significantly increased situational awareness -
fine-grained command and control.
• Digital information technology allows close
interaction of the transmission and distribution
grid.
8thNov2013
23
24. The Biggest Myth!!
● “We are secure because we are isolated from the Internet
and other networks”.
● After Stuxnet in Iran ....
● Myth gone haywire….
● Its only a matter of time!!
– Social Engineering => Sneakernet
– Cyber breach will not effect us as we are not controlling
from remote.
8thNov2013
24
25. • TODAY’S ELECTRIC UTILITY…..
• relies increasingly on digital electronic devices and
communications for
• to optimize system operation
• and increase reliability,
• More automation and two way communication means –
• Increased cyber attack vector
• Inccreased attck surface
• Cybersecurity remains a constant challenge.
8thNov2013
25
Cyber Security a constant challenge…
26. What is at Risk?
[Excluding Damages due to PhysicalAccess]
● Thumb Rule: Any thing / process to which data can be
written to either through Software or Manually by User /
Administrator.
● Possible Targets:
– Relay Configurations
– Control System Settings – Changing of control parameters,
limiting values
– Erasing complete data from SCADA servers.
– Freezing values of critical line loadings.
– Denial of Service (communication to control room)
8thNov2013
26
27. • Eletrical grid is fundamentally designed with security by
obscurity and isolation.
• Protocols – without in built security.
• Physical Security was the paramount concern.
• Integration of electric and information infrastructure -
• Increased attack vector and attack surface
• More automation – more vulnerabilities.
• Vulnerability weaponization - The vulnerability arms
race —total disclosures in 2012 increased 19 percent
from 2011
• Mobile vulnerabilities
• Web applications remain vulnerable
• Mature technologies, continued risk
8thNov2013
27
Many challenges….
33. Physical Security…
• Power grid and Smart grid are critical infrastructure of the
Nation.
• Infrastructure is wide spread.
• Almost impossible to guard each and every point.
• Synchronised coordinated operation
• Damage to one part may cause cascade damage.
• Control centers are strategic locations.
• Any risk to them may enganger thewhole infrastrucuture.
• Any unintentional mal-operation may render infrastructure in a
state of grave danger.
8thNov2013
33
34. Physical Security Risks…..
• Risk impact is very high.
• Capturing of premise.
• Capturing control of control room.
• Damages to critical equipment.
8thNov2013
34
35. Mitigation…..
• Backup control centers.
• Defense in depth strategy.
• Security Guard/CCTV/Access Control.
• Zoning of premises
• Secuirty Mock Drills.
• Close cordination with local security authorities.
• Vigilant Staff.
• Security audit and certificaion.
8thNov2013
35
36. Cyber-Physical Approach to Smart
Grid Security
• Physical systems operated are monitored, coordinated,
controlled by a computing and communication core.
• Computing and communication capabilities will soon be
embedded in all types of objects and structures in the physical
environment.
• Smart grid will have more and more such embedded objects.
• Protecting critical infrastructure is vital to the health of an
economy;
• one such infrastructure, the electric power transmission grid,
forms one of the largest complex nterconnected networks
ever built.
8thNov2013
36
37. • Tight coupling between ICT and physical system introduces
new security concerns and requires a rethinking to common
security approach.
• The smart grid will reach every house and building, giving
potential attackers easy access to some of the grid
components.
• A coordinated assessment of cyber and physical risks keeping
the whole grid security goals in mind is needed.
• Bringing together cyber security and system theory is needed
to address the security requirements.
• Cyber attacks can cause disruptions that transcend the cyber
realm and affect the physical world –Stuxnet.
• Physical attacks can affect the cyber system - integrity of a meter
can be compromised by using a shunt to bypass it
8thNov2013
37
Security of Cyber-Physical System
39. Challenges to Power/Smart grid security
• Continuous availability demand.
• Time-criticality.
• Constrained computational resources on edge
devices
• Large physical base.
• Wide interface between digital and analog
signals.
• Social acceptance including cost effectiveness.
• User reluctance to change.
• Legacy issues
8thNov2013
39
40. Facts
• Smart Grid security is not a revolutionary concept, it is
evolutionary.
• Should not pursue it as if it is a target to achieve but,
rather, as a journey.
• Industry, government and academia coming together on
policy innovation and standards development.
• Universities and R&D organizations collaboration for
inventing technologies.
• Power grid and Smart grid is an corodinated effort. Any
deficiency may give access to hackers..
8thNov2013
40
41. Facts
• Security is complex
• Security is a process and not a single product
• Security Solutions should be open to third party
vendors
• Compliance approach should be the prefered
method and starting point
• Security needs experienced security expertise
8thNov2013
41
42. References…..
• Cyber–Physical Security of a Smart Grid Infrastructure - By Yilin Mo, Tiffany
Hyun-Jin Kim, Kenneth Brancik, Dona Dickinson, Heejo Lee, Adrian Perrig, and Bruno
Sinopoli.
• Smart Grid Security Issue – IEEE ecurity and Privacy, Januaer/Ferbuary 2010.
• Introduction SCADA Security for Managers and Operators - September 28, 29,
2006 – Idaho National Laboratory.
• Why is the Smart Grid is Target - 3o June 2012 - Symantec
• Risk Management Framework for the Power Grid Cyber-Physical Security -
Riadh W. Y. Habash1*, Voicu Groza1 and Kevin Burr, - School of Electrical Engineering and
Computer Science, University of Ottawa, Ottawa, Ontario, Canada. Kylowave Inc., Ottawa,
Ontario, Canada.
• A Taxonomy of Cyber Attacks on SCADA Systems - Bonnie Zhu, Anthony Joseph,
Shankar Sastry, Department of Electrical Engineering and Computer Sciences, University of
California at Berkeley, CA
• Desi Smart Grid Portal www.desismartgrid.com
• Website www.powergridindia.com of Power Grid Corporation of India
• https://apps.powergridindia.com/smartgrid/smartgrid_video.aspx
8thNov2013
42