Smart Grid Cyber Security:
Support from Power System
SCADA and EMS
Cyber Security and the Smart Grid –
Why is it important?
What caused the
Power Equipment Failures?
Mistakes by People?
Information Flow Design Flaws?
What does this blackout have to do
with Security? And Information
Flow Design Flaws? Are those Smart
Grid Security Issues?
Yes, given how dependent the Smart
Grid has (and will increasingly)
What is this picture? become on information, “All Hazards”
August 14, 2003 Northeast Blackout – security mandates the need for a
(enhanced photo) reliable and secure information
infrastructure April 29, 2011
Xanthus Consulting International 2
What is Security? Some Key Concepts
1. For power systems, keeping the lights on is the primary focus. Therefore the key
security requirements are Availability and Integrity, not Confidentiality (AIC,
2. Encryption, by itself, does not provide security.
3. Security threats can be deliberate attacks OR inadvertent mistakes, failures,
and natural disasters.
4. The most dangerous “attacker” is a disgruntled employee who knows exactly
where the weaknesses are the easiest to breach and could cause the worst
5. Security solutions must be end-to-end to avoid “man-in-the-middle” attacks or
failed equipment from causing denial of service
6. Security solutions must be layered, so that if one layer is breached, the next will
be there. Security is only as strong as its weakest link.
7. Security will ALWAYS be breached at some time – there is no perfect security
solution. Security must always be planned around that eventuality.
8. Security measures must balance the cost of security against the potential
impact of a security breach
Xanthus Consulting International 3 April 29, 2011
To maintain power system reliability, need to
manage both the Power System Infrastructure
and its supporting Information Infrastructure
1.Power System Infrastructure
Planners & Engineers
Central Generating Step-Up
2. Communications and Information Infrastructure
Distribution Receiving Distribution
Control Center Substation Gas
Station Substation Cogeneration
Photovoltaic systems Commercial
Storage Wind Power
Xanthus Consulting International 4 April 29, 2011
Traditional “IT” Security Measures Cannot Meet All Power
System Security Requirements
• Two key security issues for utilities are power system
reliability and legacy equipment:
– Power systems must continue to operate as reliably as
possible even during a security attack.
– It is financially and logistically impractical to replace older
power system equipment just to add security measures.
• Layered security is critical not only to prevent security attacks, but
also to detect actual security breaches, to survive during a security
attack, and to log all events associated with the attack.
– Most traditional “IT” security measures, although able to
prevent and/or detect security attacks, cannot directly help
power systems to continue operating.
– For legacy systems and for non-critical, compute-
constrained equipment, compensating methods may need to
be used in place of these traditional “IT” security measures.
Xanthus Consulting International 5 April 29, 2011
Use of Power System SCADA and Energy
Management Systems for Certain Security Solutions
• One method for addressing these problems is to use existing
power system management technologies as a valid and very
powerful method of security management, particularly for
detecting, coping with, and logging security events.
– Add sensors, intelligent controllers, and intrusion-detection
devices on “critical” equipment
– Utilize and expand existing SCADA systems to monitor these
additional security-related devices
– Expand the SCADA system to monitor judiciously selected
power system information from AMI systems.
– Expand Power Flow analysis functions to assess
anomalous power system behaviors such as unexpected shifts
of load and generation patterns, and abnormal power flow
contingency analysis results to identify unexpected situations.
Xanthus Consulting International 6 April 29, 2011
Energy Market Clearinghouse 2 Aggregators and Energy Energy Service
Market-based Providers Providers
Markets Service Provider
Transmission 34 Collectors 33 Sensors
ISO/RTO 1 SCADA/EMS
3 24 9 IEDs 35 Distributed Intelligence
23 SCADA Geographic Metering &
Distribution Field Information Billing
Crews, Mobile 8 System AM/FM
Computing 14 5
DMS power system Customer
7 modeling functions: 25 19
13 22 Information Sys
DOMA, VVWS, FLIR,
31 20 Distribution
CA, MFR, OMS, WMS
Distribution AMI Network
16 Load Metering
Distribution 18 30
Distribution Grid Management Use Cases: Logical
Interfaces Used by NIST for Security Assessments 32 10
DOMA: Distribution Operations Model & Analysis MFR: Multi-Feeder Reconnection
Customer appliances, DER, PEV,
OMS: Outage Management System
FLIR: Fault Location, Isolation, International 7
WMS: Work Management System Electric Storage Customer
April 29, 2011