Electric Energy T&D - Index
Electric Energy T&D - EE Magazine March / April - Index
Even the smallest facility, if electronically
connected to a control center, can be a
pathway to compromise the control center.
Conversely, a very large facility that is critical
for reliability considerations but has no
electronic connections is irrelevant from a
cyber perspective. When addressing cyber
security, it is not the size of the device or
facility, but the connections that matter.
Another issue that must be considered is
the exclusion of telecom. One of the most
probable causes or paths for cyber intrusions
are the inherent vulnerabilities within the
telecommunications environment. The NERC
Electric Sector ISAC issued an advisory on the
Slammer worm that occurred in January 003
affected a frame relay system 11 . The final
report of the Northeast Outage also identified
wireless and wireline communications 12 even
though the NERC CIPs excluded them. It has
been demonstrated by one of the National
Laboratories that 900 MZ spread spectrum,
frequency hopping radios can be hacked.
These radio systems provide the critical
communications within the substation
and provide input directly to SCADA.
Compromise of these radio systems can lead
to compromise of the devices within the
substation. If the current exclusions in the
NERC CIP are followed, these devices using
non-routable protocols will be excluded from
the assessment process which represents the
vast majority of utility communications. This
doesn’t make sense. It should be mentioned
that small systems, utility telecom systems,
and non-routable protocols have experienced
cyber incidents.
The distribution systems are excluded
from NERC cyber assessments. However,
because they often have undergone the
most upgrades, it is the distribution systems
that have now become arguably the most
cyber vulnerable part of the T&D system.
As distribution systems are electronically
connected with transmission systems, they
should not be ignored. There have been
several electric distribution cyber incidents
that could, or have, resulted in cascading
outages. The market function of an EMS
system receives data from insecure meters
and also electronically connects with SCADA.
As with distribution, the market functions
are often excluded by the NERC CIP. These
vulnerabilities could lead to very significant
economic impacts if meter or billing data is
compromised. Additionally, there have been
several incidents where nuclear plants have
had cyber incidents. Losing large central
station nuclear plants does have a significant
impact on grid reliability.
Therefore, it should be evident that by
excluding systems from NERC CIP programs,
it is not possible to identify all of the critical
cyber assets much less the vulnerabilities that
can impact critical cyber assets. Remember:
It’s all about the connections where the real
cyber vulnerability exists.
Perform risk assessments for business
perspectives
Cyber risk needs to be addressed for grid
reliability to meet NERC CIPs requirements.
However, cyber risk also affects systems that
can significantly affect the business, but
not necessarily affect grid reliability. Many
systems that are critical to the economic
health of the utility may not be critical to grid
operations and are consequently excluded from
the NERC CIPs. Facilities such as small power
plants, low to medium voltage distribution
substations, and automated metering
infrastructure are examples of facilities and
systems that are “business critical”, but not
“grid critical”. There is a significant potential
liability to a company for ignoring cyber risks
to the business even though these systems are
excluded by NERC CIPs.
Interconnections and interdependencies
The last issue is possible the most subtle,
but certainly not the least important. That
is the impact of interconnections between
transmission systems. Electric utilities often
share equipment such as RTU’s. Utilities
also interconnect with one another. There is
an old saying in the cyber community that
you are only as secure as your weakest link.
In this case, your weakest link could be your
neighbor. How this is addressed impacts
48 I March-April 2008 Issue
not only you, but also your interconnection
partner. These interconnections need to
be addressed comprehensively. This issue
becomes even more problematic when one
of the interconnections is with a federal
power agency such as TVA or BPA. Federal
power agencies MUST meet NIST SP800-
53 which is more comprehensive than the
NERC CIPs. Consequently, any non-federal
utility connecting to a federal power agency
becomes a weak link. Why should a federal
power agency be held to a higher standard?
Summary
The issues addressed in the NERC CIPs have
done the utility industry a great service by
beginning the process of requiring cyber
security to be specifically addressed. However,
it has done so in a limited manner. Many of
the identified limitations have already led to
cyber events. In order to minimize risk to the
utility infrastructure and business operations,
it is incumbent on the utility to utilize due
care and diligence in establishing and
maintaining their cyber security programs.
Cyber issues can materially affect the utility
industry’s bottom line from a positive direction
(improving system reliability and availability)
or from a negative direction (cyber impacts).
The positive direction takes a comprehensive
program beyond “just meeting the NERC
CIP requirements”. The negative direction
can occur because the program was not
sufficiently comprehensive and can lead to
punitive damages as suggested by NERC.
The choice is up to you.
About the Author
Joe Weiss is an industry expert on control
systems and electronic security of control
systems, with more than 30 years of
experience in the energy industry. He is a
member of numerous organizations including
the NERC CSSWG, IEEE, ISA, IEC, and
CIGRE.
11 SQL Slammer Worm Lessons Learned for Consideration by the Electricity Sector, June 0, 003, http://www.esisac.com/publicdocs/SQL_Slammer_ 003.pdf.
12 Final Report on the August 14, 003 Blackout in the United States and Canada: Causes and Recommendations, April 004, https://reports.energy.gov/B-F-Web-Part1.pdf