top of page
Search

Introduction to Cyber-security of Power Grids

Updated: Aug 21, 2020

Major #cybersecurity issues that occurred in #powersystems around the #world in last 5 years




In 2014 South Korean Hydro and Nuclear #powerplants were under #cyberattack by #hackers having their IP address traced back to either China or North Korea. Maps, plans and employee information of these plants were exposed to the public.


Similar attacks happened on Ukraine's #substations in 2015 and 2016, People were left without power for a whole day. It disrupted activities around towns and cities which led to a lot of physical and psychological damage.


Recent attacks on very well protected systems of Saudi Arabia, Europe and United States have proved that anyone with cyber systems in their #powergrids at any of the nodes is vulnerable to such attacks.


However, we can't keep the power grids away from innovations in information technology but at the same time how can we keep them safe from such attacks. The upcoming technologies like P2P trading, ICOs in investments, Inter-connectors and smart-metering and smart grid applications, and Algorithmic trading will make the system more vulnerable.


Analyzing how exposed these innovations leave the grid to cyberattacks have lead to thee results described below:

Here 1 means having the least impact and 5 means having the most impact on grid's security.


  • The Data presented in the table and graph shows that Peer to Peer trading being the most isolated has the least impact on jeopardizing the whole grid super systems as they only take place in microgrids.

    • The impact of a cyberattack on a #p2ptrading system would impact only the end-users involved in the microgrid. Hence the damage penetration is small.

    • Damage width is controlled as well, because microgrids are systems that can be isolated from the external grid at will.

  • While #Powertransmission #interconnections are the most vulnerable because they connect two or more countries with the same grid, hence 2 larger regions rely on such digitally operated infrastructure, making it very vulnerable.

    • The impact on cyber-attack on interconnections could be far reaching i.e. on grids of more than one country, impacting the generation, network and end-use infrastructure. Hence, the damage penetration is large and dame is wide ranging.

These two stark contrasting arrangement give a lot of clarity on the measures assumed during the analysis of the #gridstability during #cyberattacks. These parameters are defined in more detailed as follows ( the approach of definition is bottom up i.e. from the least impacted and most isolatable stakeholders to the most impacted and least isolatable stakeholders)





Definitions:

Vulnerability Ratings:

  • NPE - Not Fully Exposed - This refers to Isolated or Islanded systems or systems that can be isolated and islanded within span of micro-seconds (if not physically then digitally)

  • EPA - Exposed At Points - Vulnerable points of entry due to non-compliance of protocols or secure networks because of underdeveloped cyber laws or cyber-security policies and could not be islanded

  • PE - Partially Exposed - Vulnerable areas of the grid either due to non-compliance with cyber laws or due to negligence or having week security protocols and could not be islanded

  • ME - Majorly Exposed - When most of the grid stakeholders have cyber vulnerability issues at various nodes in their systems

  • FE - Fully Exposed - No cyber security measure is or could be taken on the system due to flaw in laws, regulations or design. For example an ICO for infrastructure investment

Damage Width:

  • PS - Primary Spread - Spread across only one type of stakeholder and that too with very low numbers (example - among only industrial end users of one SEZ)

  • LS - Low Spread - Post primary spread situation across only one type of stakeholder category with low numbers of the same kind (example - among industrial end users of whole city)

  • MoS - Moderate Spread - Vulnerability spreads over more than one type of the same stakeholder with moderate damage like temporary physical shutdowns (example - among commercial and industrial end users)

  • MS - Major Spread - Vulnerability spread across more than one type of the same stakeholder category with major shutdowns (example - all end users of an entire city)

  • ES - Entire spread - All stakeholders of the same category with complete width are impacted (example - all kind of end users of the entire state)

Damage Penetration:

  • ISO - Isolated - Impact on only one type of stakeholder (example - microgrid end-users)

  • MIN - Minimum Penetration - Impact on atleast two directly connected stakeholders (example - one retailer and its end users)

  • MOST - Most Stakeholders - Impact on most of the stakeholders directly connected (transmission operator, open access users, distribution operator, retailers, end-users but not microgrids)

  • EXT - Extended Stakeholders - Impact on one regional grid imbalancing other regional grids too (example - grids of western region drawing power from northern region goes into complete blackout causing overgneration in Northern grid)

  • ALL - All Stakeholders - impacting all the stakeholders in a given area of control.

Next in Line:

  • Grid-security Solutions Modeling

  • Grid-security Solutions Available

  • Grid-security Solution Providers Comparison

Part 2 - Link : https://www.sourceadvisory.in/post/power-grids-cyber-security-part-ii

Comments

  • LinkedIn Social Icon
  • Twitter
  • Facebook
  • logo-instagram-png-13547

Contact Us

Thanks for submitting!

© 2024 by Source Advisory and Services Pvt. Ltd.

bottom of page