Cybersecurity Is Necessary for Mission-Critical Energy Grids

Image

Today’s energy sector is undergoing massive change, especially as more utilities try to usher in clean or renewable energy alternatives like solar, geothermal, hydroelectric, and wind power. In addition to the clean energy transition, grid modernization is another major shift in the energy industry.

The Industrial Internet of Things (IIoT) is expected to transform the energy grid and support modernization efforts. However, with more technological innovations than ever before, operators must make careful considerations, especially in light of recent cyberattacks against critical infrastructure sectors.

Mission-critical energy hardware and software must come equipped with strong cybersecurity measures to prevent extended downtime while ensuring that consumer demand is being met.

The Role of Cybersecurity in Grid Modernization

It’s no secret that the nation’s energy infrastructure is past overdue for an upgrade. As consumers and businesses continue to leverage new technologies, whether it’s a simple smartphone or an advanced AI algorithm, energy demand is skyrocketing.

Grid modernization and adoption of IIoT in smart grid architecture are well underway, according to the U.S. DOE’s Office of Electricity. The office states that the nation’s economy, national security, and health and safety rely on the energy grid – this is why increasing its resilience by using new technologies is imperative.

With new technologies, however, come new opportunities for optimization and new cybersecurity threats. These threats, whether ransomware, malware, phishing, or distributed denial of service (DDoS), make mission-critical systems more vulnerable than they have ever been.

Cybersecurity Threats for Mission-Critical Energy

Today’s grid, including its mission-critical components, is highly vulnerable to potential cybersecurity threats. Take the Colonial Pipeline ransomware attack in 2021, for example. Computerized equipment managing Colonial Pipeline, one of the largest pipelines in the country, was hit with a ransomware attack that cost around $4.4 million.

The attack was carried out after one compromised password appeared in a leak on the dark web. While there were many negative aspects of this attack, there was one main lesson to be learned – cybersecurity for critical infrastructure, including the energy sector, is of the utmost importance.

Cybersecurity for Each Mission-Critical Component of Energy Grids

Energy grids are made up of three interconnected transmission grids, each with a specific purpose – generation and storage, transmission, and distribution.

Every grid requires mission-critical technologies to operate successfully, or extended downtime is a serious risk. Therefore, it’s important to ensure all transmission grids have strong cybersecurity, including both hardware and software tools enabling functionality.

A closer examination of these three interconnected transmission components reveals the significant role cybersecurity plays in each one.

Generation and Storage

Solar farms, utility-scale installations, and residential solar panels – among other energy generation and storage tech – are all at risk of cybersecurity attacks.

While large-scale solar installations must meet applicable cybersecurity standards before coming online, small Photovoltaic (PV) systems and other Distributed Energy Resources (DERs) lack any standards to follow.

According to the Environmental Protection Agency (EPA), energy generation and storage technologies require cybersecurity strategies to prevent, identify, detect, respond to, and recover from cyberattacks. This might mean implementing endpoint detection and response (EDR) software or other automated solutions to keep computers, servers, inverters, and other solar PV tech continuously updated.

Transmission

In the transmission grid, there are step-down substations and long-distance transmission systems, where energy makes its way to the next generation phase. Transmission system operators must understand which cybersecurity measures will be most effective at protecting the grid.

There are several attack vectors threat actors can use to attack energy transmission operations:

• Insider attacks
• Denial of service
• Lateral movement from office networks
• Physical access

Operators can leverage various cybersecurity strategies to mitigate these potential threats. For example, they can set forth access control policies to prevent unauthorized access to transmission substations. They can implement cybersecurity training to prevent accidental insider attacks, or use multifactor authentication to lessen the chance of lateral movement impacting operational technologies (OT).

Distribution

The step-down substation transmits energy to residential, commercial, and industrial customers and then back to the energy storage equipment and power source in the generation and storage part of the grid. According to the U.S. Government Accountability Office (GAO), the grid’s distribution systems are decentralized and more vulnerable to cyberattacks due to monitoring and control technologies.

If monitoring and control technologies are a major vulnerability, what can be done to secure them? By understanding that remote access and monitoring rely on connections to business networks, it helps to emphasize the importance or securing the network. This can offer inherent protection to the monitoring and control technologies used for the distribution portion of the grid.

One specific way to protect this interconnected network is to hire dedicated IT professionals. These individuals would focus on and be responsible for keeping a utility’s corporate network secure, bolstering the resilience of grid distribution systems.

Effective Technologies and Practices to Secure Each Section of the Grid

Companies must use advanced cybersecurity tools to secure their portion of the grid. According to a DOE report called, “Spotlight: Advancing Cybersecurity to Strengthen the Modern Grid,” these technologies fall into one of the following categories: Identify, protect, detect, respond, recover, and endure. Here are the cybersecurity solutions needed to protect the grid’s mission-critical assets:

• Identify: Risk assessments, critical failure/component analysis, asset management.
• Protect: Encryption, firmware and control verification, and network segmentation.
• Detect: Data aggregation and data analytics for threat detection.
• Respond: Network segmentation, cyber-physical fault isolation, and orchestration and remediation.
• Recover: Cyber incident reconstruction, optimized Black Start strategies.
• Endure: Utilizing cyber-safe modes and component diversification.

At every stage of energy generation, there needs to be a resilient cybersecurity plan in place. Since each stage is interconnected, equipment and technology is inherently mission-critical. If one piece of equipment or technology fails, it will have a cascading effect, making it challenging for utilities to distribute energy to customers.

Protecting Mission-Critical Energy Grids During Modernization Efforts

Before the grid modernizes further, new technologies adopted by operators must be implemented with a strong sense of urgency regarding cybersecurity requirements. Ideally, new grid tech will have “security by design” approaches to guard against potential cyber incidents.

All energy-related equipment within the grid must leverage advanced cybersecurity strategies like threat detection, encryption, and network segmentation, in order to reduce the likelihood of downtime. Cyberattacks on mission-critical energy technologies will likely increase as the grid becomes more advanced.

Stakeholders such as federal, state, and local government agencies must work with utility companies to ease the transition to renewable and smart tech, all while keeping cybersecurity top of mind.

About the Author:

Emily Newton is the Editor-in-Chief of Revolutionized, an online magazine celebrating innovations in industry, science and technology. Subscribe to our newsletter for industry updates.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.