Security plan for electric substations

Adoption of new technologies in electrical substations has improved communications, but it has also made these networks more vulnerable to cyber threats. Good cyber security policy focuses on three objectives. See five levels of industrial control system (ICS) security.

05/23/2015


In the past, the design of electrical substations was safe, easy to use and reliable. Security wasn't a concern. As the substations have become more complex in their design, cyber security became a priority.

A substation with lax security is more likely to fail or have issues—and these failures can be expensive. So, it's necessary to have a security policy in place that can help minimize or contain threats. A good cyber security policy focuses on these three objectives:

  • Confidentiality: Preventing unauthorized access to information
  • Integrity: Preventing unauthorized modification or theft of information
  • Availability: Preventing denial of service (DoS) and ensuring authorized access to information.

Typical wisdom is that in IT networks, confidentiality is the main objective. However, in industrial networks, availability is usually the critical design parameter.

Five levels of ICS security

It's important to note cyber security is not a static process. As conditions and threat sources change, you may need to upgrade systems and update your policies. Regardless of the source of the threat, an effective cyber security policy contains the following five levels of security for industrial control systems (ICS):

1. Preventive security controls prevent an incident from occurring. Examples include using strong passwords and preventing external USB drives from accessing open ports.

2. Network design security minimizes vulnerabilities and isolates them so they don't affect the rest of the network.

3. Active security blocks traffic or operations not allowed or not expected in a network. Examples include encryption, Layer 3 firewalls and antivirus software.

4. Detective security controls identify an incident in progress or after it occurs by evaluating activity registers and logs. Examples include log file analysis and intrusion detection system monitoring.

5. Corrective security limits the extent of damage caused by an incident and includes both a configuration parameter backup policy, as well as firewall and antivirus software updates.

Creating good security policy

In the past, a cyber security policy would often have a single point of defense. However, as substations become more complex, it's now necessary to have a cyber security policy with several defense points. A policy based on Defense in Depth is a practical and cost-effective solution.

Defense in Depth involves using multiple, overlapping layers of protection and includes both policies and procedures, as well as the physical network security. A multi-layered security approach allows you to control or manage an attack more efficiently, while allowing the protected portion of the system to stay secure and running.

Defense in Depth relies on the following concepts:

  1. Multiple layers of defense: Security ends up layered, so if an attacker gets by one layer, another layer will defend against the attack
  2. Differentiated layers of defense: Each layer of security is slightly different than the other, so if an attacker gets past one layer, they don't necessarily have the ability to get past the remaining layers of security
  3. Threat-specific layers of defense: Each layer ends up designed for the threat, whether it's computer malware, angry employees or identify theft.

It's not possible to completely prevent all attacks. But you can quickly detect attacks, isolate them and control them so they don't have an impact other areas of the substation network.

Since electrical substations evolve over time, it is necessary to conduct maintenance tasks in order to protect the network. These include changing device passwords on a regular basis, implementing upgrades to fix bugs and maintaining regular antivirus software updates.

Heather MacKenzie is with Tofino Security, a Belden company. Germán Fernández is the vertical marketing manager for the power utility industry at Belden. Click here to view Heather's blog. This content originally appeared on ISSSource. Edited by Joy Chang, Digital Project Manager, CFE Media, jchang@cfemedia.com.



No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Controller programming; Safety networks; Enclosure design; Power quality; Safety integrity levels; Increasing process efficiency
Additive manufacturing benefits; HMI and sensor tips; System integrator advice; Innovations from the industry
Robotic safety, collaboration, standards; DCS migration tips; IT/OT convergence; 2017 Control Engineering Salary and Career Survey
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This article collection contains several articles on how automation and controls are helping human-machine interface (HMI) hardware and software advance.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Future of oil and gas projects; Reservoir models; The importance of SCADA to oil and gas
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me