1

Communication system for Smart Grids EE-576

M.ENGG. ELECTRICAL ENGINEERING PROGRAMME, FALL SEMESTER 2022
INSTRUCTOR: DR. SUNDUS ALI, ASSISTANT PROFESSOR, TELECOMMUNICATION ENGINEERING, NED UET

Week 13 TOPIC:
Smart Grid Network Security

Email: sundus@neduet.edu.pk, sundus@cloud.neduet.edu.pk

Office Location: Telecommunication Engineering Building Faculty Offices
 2
Network Security

 By 2015, the Smart Grid will offer up to 440 million potential points of attack also known as
“attack surfaces”
 Smart Grid applications have very stringent requirements for security, since vulnerabilities can be
exploited to destabilize the grid, potentially leading to outages across entire cities or regions.
Thus, a security breach can negatively impact the critical requirement of electric service
providers, namely, service reliability.
 Utilities and regulators are acutely aware that grid modernization cannot move forward without
a comprehensive and effective approach to security.
 The main objectives for grid security are to (1) minimize the attack surface, (2) increase the
effort/time required to compromise the network, and (3) decrease the amount of time required
to detect and respond a compromise.
 The architecture partitions the Smart Grid network into security zones. Network security elements
within each security zone maintain the security requirements specific to individual zones in the
presence of network interconnections with other zones.
 3
Importance of Smart Grid Security

 Energy security is a national security issue. Potential attacks may be launched by

hostile foreign entities or individuals and the introduction of malware.
 With the use of communication networks to enable a more efficient transmission and
distribution grid, there are growing concerns that the network (and therefore the grid) is
becoming more susceptible to cyber attacks. For example, the number of cyber
attacks against critical US infrastructure has grown dramatically in the recent years.
 To address this need, the Smart Grid cybersecurity market is expected to exhibit huge
growth before the end of the decade, climbing from a global value of $7.8 billion in
2011 to $79 billion in 2020.
 4
Examples of Cybersecurity Attacks on
the Grid
 Critical infrastructure companies, more specifically utilities, are subject of frequent
and increasingly aggressive denial-of-service attacks. These attacks are currently
focused on the utilities’ Internet interfaces. Advanced persistent threat attacks can
also be launched by bypassing these Internet interface protections via phishing, etc.
 Future cyber attacks could potentially be directed at application interfaces or
internal systems using attack vectors such as smart meters, mobile workforce devices
(mobile data terminals), or points within wireless FANs. As the Smart Grid rollout
continues, there will be a growing number of utilities communicating in complex ways
over a mix of public and private networks. Smart Grid evolution is extending
communication networks to many DG locations including homes and businesses.
 With such a large number of FANs, supporting the growing number of endpoints,
Smart Grid network protection will be infeasible without wide deployment of security
infrastructure.
 5
Regulations, Standards, and Best Practices

 Utilities must comply with regulations and standards specified by the national or
regional regulating agencies for power grid security in their country of operation.
 Generally, these standards specify the rules, processes, and (networking) protocol
limitations for the networking assets (cyber assets) and other critical assets in
substations, power plants, and utility DCCs.
 Adherence to these rules sets a logical Electronic Security Perimeter (ESP) that
encloses the critical cyber assets at each location subject to compliance of these
standards.
 Any security architecture proposal for Smart Grid must be compliant with the
regulations established in the United States by the Federal Energy Reliability Council
and NERC for critical infrastructures.
 6
Regulations, Standards, and Best Practices

 Regulatory standards such as the NERC CIP primarily address generation plants and HV
substations. Estimates suggest that, based on this classification, 80–90 % of grid assets
are outside the scope of NERC CIP. Further, NERC
 CIP is primarily compliance based. Compliance is important, but it is not enough to
ensure that rapidly evolving risks are adequately considered and acted upon.
 Due to the fast-paced development of activities in this domain, there are also industry
recommendations for best practices. Generally, these best-practice recommendations
are based on the principles of defense in depth, where multiple layers of security
controls are implemented to protect critical assets.
 Another recommendation is Enhanced Situational Awareness and Responsiveness,
which is essential for incident detection and for ensuring availability of critical
infrastructure. These recommendations are crucial for secure, real-time visibility of the
network and integrity of the monitored data.
 7
Smart Grid Security Architecture

 An overarching principle for designing grid security is the separation of the operational
grid network from the general business network in terms of both data sharing and
network access. Whether the utility business network is integrated with Smart Grid
network or they are two separate networks, separation of business application traffic and
grid operations and control application traffic is an important principle.
 Even within the Smart Grid operations and control network, requirements for security may
differ between applications, systems, and/or locations. Further, it may be necessary to
isolate traffic subject to different sets of security requirements.
 Therefore, the Smart Grid security architecture is divided into multiple security zones. We
illustrate this concept with an example including five security zones: Enterprise Zone,
Transmission Zone, Distribution SCADA Zone, Distribution Non-SCADA Zone, and the
Interconnect Zone.
 8
Security Zones
Enterprise Zone :
 The Enterprise Zone is comprised of the business systems, their users, traffic between these systems, and traffic
between the systems and users. These business systems include servers and clients used for functions such as
human resources, finance, information technology, customer service, billing, internal product development,
and procurement. In the case of the integrated Smart Grid network that supports business traffic, the Enterprise
Zone includes business traffic. Each business function should have its own security perimeter implemented via
appropriate access controls for systems and assets.
 This security perimeter provides better visibility and accountability to information being transmitted on the
enterprise network. It is possible that the business systems need to access operational data. Therefore, the
Enterprise Zone is isolated from all of the other operational zones through the use of Demilitarized Zones (DMZs).
The DMZ includes systems such as proxy servers to provide access to operational data without the need of
directly accessing the operational zones themselves.
 There are many different ways to design a network with a DMZ. For the Enterprise Zone, a dual-firewall DMZ is a
security best practice. This approach employs two firewalls to create a DMZ: the first firewall is configured to
allow traffic destined to the DMZ only, and the second firewall allows only the traffic from the DMZ to the
internal network. In this setup, two sets of firewalls need to be compromised in a successful security attack.
9
 10
Transmission Zone:

 IEDs, PMU, and other transmission substation elements, IEDs deployed at transmission lines (such
as DLR IEDs), the TMS systems at the DCC, and communication between all these entities are
included in the Transmission Zone.
 Additionally, communication between the DCC systems and the bulk power generation,
energy markets, and other external systems are also a part of the Transmission Zone. Traffic over
these external systems must also be afforded the same security implementation as
communication between the transmission elements within the utility.
 Note that extranet communication with bulk generation and markets, and even a utility’s
internal communication for some Smart Grid networks, may be carried over NSP networks
and/or the Internet.
 11
Distribution SCADA Zone

 SCADA IEDs in distribution substations, IEDs deployed at the feeders for distribution automation
(DA), DMS systems at the DCC, and communication between these entities for SCADA and DA
are included in Distribution SCADA Zone.
 Additionally, connections to other smart devices are also included. These smart devices
include IEDs at DG locations. Increasingly, the Distribution SCADA Zone will be required to
support communication for direct load control of consumer appliances such as air conditioners
and electric water heaters.
 As with the Transmission Zone, communication between entities within the Distribution SCADA
Zone may be carried over NSP networks and the Internet. For example, use of the Internet may
be the only viable option for connecting the smart devices at residential locations to the utility
communication network.
 12
Distribution Non-SCADA Zone

 Distribution Non-SCADA Zone covers the communication aspects of the distribution system that
are not critical to grid control. Such communication includes providing customers with data
about electricity usage through the AMI infrastructure.
 Thus, the Distribution Non-SCADA Zone includes AMI devices such as meters, data concentrators,
head ends, and the MDMS. A utility may provide web access to its customers for their individual
energy management. Such web access (often over the Internet) is also a part of the Distribution
Non-SCADA Zone.
 In addition to network security, user privacy is important to avoid revealing sensitive information,
such as whether and when customers are at home, which could be inferred from energy
utilization information.
 13
Interconnect Zone

 The Interconnect Zone includes the interconnecting networks between the entities of different
zones. These networks include the Smart Grid network, business network if separate from the
Smart Grid network, and connections to external entities.
 With Smart Grid communication increasingly reaching a large number of devices deployed
outside of substations and at consumer locations, the interconnecting communication network
must support the necessary security mechanisms that will separate critical and noncritical data.
 Additionally, the Interconnect Zone also includes mobile workforce communication that needs
interconnection with all other zones. Although we can segment the interconnection network
itself into these neatly defined security zones, in a practical implementation, such
implementation will not be cost-effective. Many network links, network elements, and even the
local area network (such as at the DCC) will need to carry traffic for more than one of these
security zones.
 14

 Note that the individual zone boundaries are logical and do not interconnect with each other.
All connections carrying traffic between entities of different zones go through the Smart Grid
network or the external networks shown, and through the security apparatus necessary for
separation between the zones. For completeness, the separation (for security) of utility
operations and business data traffic is shown, whether the business network is integrated with
the Smart Grid network or it is itself a separate network.
 15

 Before describing the network security architecture for each of these security zones, we
make some basic assumptions about the existence of security safeguards at the device,
system, and organizational levels:
 1. Device-level protection: Due to the large number of devices deployed in the Smart Grid
network, isolation and protection between components (such as circuit boards) of these
devices are necessary to prevent a failure or compromise in one component from affecting
another. We also assume that in the event of an attack, the time and space separation of
functions prevent the spread of malware among different systems. If one of the applications
is compromised by an intrusion, the others will continue to perform unaffected. The affected
partition can be disinfected and rebooted, while other virtual boards continue to run.
 16

2. System-level protection: Physical security for grid elements including barriers, locks, access control,
and CCTV must be provided.
3. Organizational level protection: In addition, for any security solution to be effective, it is critical that
policies and mechanisms are enforced at the organization level. For example, the necessary access
controls, firewalls, intrusion detection and prevention, cryptography, and anti-malware applications
should be actively used, monitored, and managed. Further, personnel-related security considerations
and procedural policies are required, including screening, security awareness, and training.
4. Incident management: While risk management and vulnerability management can help reduce
the frequency and impact of actual incidents, it is essential that there are procedures in place for
managing security incidents when they do occur. Incident management includes detection, analysis,
communication, correction, recovery, and retrospective assessment. Roles and responsibilities must
be clearly defined and documented. Ideally, there should be an automated system to support
incident management including the categorization, classification, communication, and escalation of
incidents. In the extreme, an incident may require disaster recovery activities such as migration to a
backup site. It is important to test incident management procedures with realistic scenarios.