Computers become far more useful once they’re networked—at which point they also become vulnerable. Despite firewalls and anti-virus software there’s hardly a PC that hasn’t been the recipient of a virus that tracks online browsing activities or sends spam to a contact list. PC viruses rarely bring down the computer, since the sender is more interested in quietly stealing the information on it or joining it to a botnet that sends out further spam and/or viruses.
The Smart Grid is essentially a large, high-voltage communications network, and as such it’s subject to hacking, just like any other network. Unlike PC viruses any attack on the grid would be disruptive and potentially catastrophic. This concern has been one of the driving forces behind the move to a decentralized, robust, secure Smart Grid.
The Smart Grid is still a work in progress, with much of the North American electrical grid still consisting of a wide range of proprietary components and protocols. They’re networked, but they were designed before cyber security became a major issue.
The Smart Grid is essentially a complex industrial control system (ICS), where some assets have long been part of the grid (SCADA, remote terminal units (RTUs), etc.) and others are new “smarter” assets (Advanced Metering Infrastructures (AMI), intelligent electrical devices (IEDs), smart meters, etc.). All of these are high value targets that can serve as entry points into the grid with the goal of taking over SCADA systems.
The cyber security issues are known as the “CIA triad”—Confidentiality, Integrity, and Availability:
- Confidentiality—Access to information is largely a privacy issue; it’s important to consumers but less so for network security.
- Integrity—Protecting the integrity of control commands is imperative in order to maintain control of the grid. This equally true in a corporate environment.
- Availability—Continuous availability of real-time data is critical to the operation of SCADA systems, though it’s less of an issue for corporate IT systems.
The security issues for the Smart Grid are the same as those in corporate IT systems but the priorities are different:
Figure 2: Security issues for the Smart Grid vs. corporate IT systems
Maintaining the availability of real-time data is the top priority for Smart Grid systems, followed closely by the ability to ensure and maintain data integrity.
The power grid—with all its diverse, interconnected devices—represents an extremely large attack surface. Hardening it must start with putting all its Internet-connected elements behind secure servers with layered hardware and software security features.
Better security starts with the servers. Dell's 12th Generation PowerEdge R720t a is Tier 1 class, Network Equipment Building System (NEBS) Level-3/ETSI certified, carrier-grade server running four 95W Intel® Xeon® E5-2600-series processors. The Dell server takes advantage of the Intel® Intelligent Systems Framework, which provides a consistent way to address the foundation capabilities of connectivity, manageability and security. Rich connectivity options provide the flexibility to merge into existing deployments or legacy environments. The platform provides security, manageability and data ingestion options in addition to lightweight application functionality at a basic level.
Hardware based security features can create a trusted execution environment that prevents malicious software from running. Intel® Trusted Execution Technology (Intel® TXT) integrates security features directly into the processor, chipset, and other platform components to enable running mission-critical applications in a safe partition in hardware-secured memory regions. By storing VPN security keys and other critical data in secured memory, Intel® TXT secures the communications links along the Smart Grid.
Figure 3: Intel® Trusted Execution Technology (Intel® TXT)
The Smart Grid relies on distributed intelligence, so the smaller computers reporting back to central SCADA servers must also be secure.
Congatec’s conga-TS87 COM Express Type 6 module is a compact, secure computing solution that can be distributed at various points along the grid. Based on the 4th Generation Intel® Core™ i7 processor the conga-TS87 includes a wide range of connectivity options including seven PCI Express Rev. 2.0 lanes, four 6 Gbps Serial ATA, 8x USB 2.0, and 4x USB 3.0. The boards can be equipped with a discrete Trusted Platform Module (TPM) that is capable of calculating efficient hash and RSA algorithms with key lengths up to 2,048 bits; the TPM also includes a real random number generator.
A Holistic Approach
Implementing cyber security on the Smart Grid is a multi-faceted problem that requires firewalls, intrusion prevention systems, event management, application whitelisting, network security design, system hardening, and security features embedded at the processor level. All of the security challenges are magnified when connecting legacy systems to new ones, which is the nature of today’s Smart Grid. Those issues can be alleviated by standardizing on a distributed computing architecture based on scalable Intel technologies that can enable the grid to be both smart and secure at the same time.
Solutions in this blog:
Roving Reporter (Intel Contractor), Intel® Intelligent Systems Alliance
Editor/Publisher, Low-Power Design
Follow me on twitter: @jdonovan43