As interest in the concept of smart cities grows around the world, attention is increasingly being placed on the vital role played by smart grids.
Smart grids are essentially next-generation electricity networks that can take power from where it is being generated or stored to the people and devices that require it. They differ from conventional power grids because they have been designed from the outset to support bi-directional power flows.
Smart grids are also able to transport data about power availability and consumption, grid performance, and the health of components. Operators can view connected devices and, in some cases, adjust their operation in real-time. This is particularly valuable at times when power is in high demand, or damage has occurred in a part of the grid due to events such as fire or storms.
Smart grids comprise a number of devices that play a critical role in their operation. These range from operational technology (OT) components such as generators, transformers, and transmission lines to smart meters that register power consumption. When it comes to managing data, smart grids also contain IT components, including network servers and storage, routers, and wireless communication capabilities.
The security challenge
When it comes to ensuring effective security within smart grids, operators need to overcome a range of different challenges. Many of those challenges stem from the integration of IT and OT devices into a single, consolidated infrastructure.
Historically, OT devices have not needed to be connected to the internet and so often lack the security measures regarded as standard in the IT world. When the two are brought together, this can open up gaps that could be exploited by a cybercriminal.
Other challenges stem from the fact that many OT devices have not been configured to communicate with centralised control resources. This can mean they remain invisible to network operators who could be unable to respond to an incident should one occur.
Further challenges emerge because of a range of undocumented protocols that could exist within OT devices. When this is combined with undocumented configurations and potentially out-of-date equipment, the challenge of achieving effective security becomes even more acute.
Gaps in such OT/IT infrastructures can lead to a range of serious incidents. Cybercriminals who gain access can cause significant problems by shutting down all or portions of the grid and creating disruption for users.
Operators can even be shut out of their grids, with access only restored if a ransom payment is made. As well as being costly, such incidents can have a detrimental impact on customer satisfaction and corporate reputation.
Improving smart grid security
Faced with these challenges, there are a number of steps that smart grid operators should consider taking. They include:
- Adopt security best practices:
There are a range of guidelines and recommendations that have been developed by organisations around the world. These are designed to allow operators to undertake proven steps that can help with the challenge of securing their smart grid infrastructures. Examples include the Centre for Internet Security’s Critical Security Controls and the North American Electric Reliability Corporation’s Compliance Automation Guidelines.
- Have centralised monitoring of OT and IT cyber threats:
Smart grid operators need to have in place the capability to centrally monitor all cyber threats that could have an impact on their OT and IT systems and devices. Using a comprehensive dashboard, operators should be able to spot breaches and initiate the steps required to avoid disruption.
- Document all protocols in use:
With many OT devices likely to be using non-standard protocols, it is important for a smart grid operator to undertake a full inventory to determine exactly what is in place. This, in turn, will help the security team to understand the steps it needs to take to protect all devices.
- Implement threat lifecycle management capabilities:
Another important step grid operators should take is to create a comprehensive threat lifecycle management plan. This plan should clearly map out what needs to happen during each phase of a cyberattack. The plan should start when a threat is detected and cover when that threat is investigated and then neutralised. It should also indicate what needs to take place during the recovery phase.
By taking these steps, smart grid operators will be able to ensure their infrastructures are well protected from potential cyberattacks. This will allow the grids to reliably deliver the services required by a complex and growing smart city.
Just as electricity grids have supported cities for years, so smart grids will deliver even more value in the decades to come.