Assessing Cyber-Physical System Security
The electric power grid is a highly automated network, with a variety of communication networks interconnected to it in order to sense, monitor and control the electricity flowing through it. With that high level of automation, however, comes the challenge of protecting it.
In March, at the 2009 IEEE Power & Engineering Society Power Systems Conference & Exposition in Seattle, a panel sponsored by the society's Power System Analysis, Computing & Economics (PSACE) Committee brainstormed the research challenges and opportunities in the emerging theme of cyber-physical systems aspect of cyber security of power systems. Discussion encompassed attack/defense models, risk assessment methods, attack prevention, and real-time mitigation algorithms, capturing not only the vulnerabilities of the cyber-based control systems, but also the resulting impacts on the physical power system in terms of capacity loss and stability.
Bruce McMillin, a professor in the department of computer science at the Missouri University of Science and Technology, noted there were complexities involved in the integration of computation with physical processes (i.e., information security in cyber-physical power systems). Concerns included the fact that "computers are in one world, and the physical process in another world," according to McMillin, the complex and unpredictable interactions between cyber and physical processes, and the flow of information across cyber and physical systems.
"Modern infrastructures consist of cyber and physical components," he said, noting electric power, air transport, vehicle transport, smart structures, and environmental monitoring and control as but some examples. "All of them have an inherent commonality: physical actions." The advanced electric power system, he said, is the overarching system.
"We really need to understand significantly what the CPS (cyber-physical system) divulges is critical for its security," McMillin said. "We need to develop widely applicable security analysis techniques finding commonality among infrastructures, and theories that can bridge the cyber and physical worlds such that information flow and power flow are uniformly understood." To do this, he suggests cross-educating power engineers and computer information systems engineers.
Chen-Ching Liu, of the University College, Dublin National University of Ireland, took up the topic of cyber-security of SCADA systems. Three years ago, work began three years ago on a SCADA vulnerability assessment and mitigation study with Manimaran Govindarasu of Iowa State University. Liu challenged a student working with him, Chee Wooi Ten, to "come back in a week and prove to me you can hack into a SCADA system." True to his word, Ten returned with a massive compendium of information and proceeded to do just that. "I think the area has now gained enough attention that there is now serious attention being paid to this area," Liu said.
SCADA systems have evolved through generations from monolithic, to distributed, to networked (high connectivity). Critical cyber assets now include the EMS in the control center, the distribution management system, the process control system and the substation automation system. Liu says escalating cyber-security factors include the adoption of standardized technologies with known vulnerabilities, and the connectivity of control systems to other networks, to name but two. "Power plants' and substations' procedures are not so well set up as the control center, and therefore easier to get into," he said. Standard intrusion tools include war-dialing, scanning, traffic sniffing and password cracking, and access points include VPN, dial-up, wireless, and remote access.
As well, Jason Stamp, of Sandia National Laboratories' National SCADA Test Bed, discussed reliability impacts from cyber attack on electric power systems, and the work Sandia has done in this area. The approach his team, including Annie McIntyre and Bryan Richardson, took was to determine the ratio of reliability degradation resulting from cyber attack; evaluate "what-if" scenarios based on discovered vulnerabilities to gauge the impact to overall grid reliability; and estimate impact reduction for various mitigation approaches.
The study modeled risk in the cyber-physical framework, including the vulnerability of computer communication networks and potential loss of load in a power system, as well as the access point vulnerability. A comprehensive vulnerability assessment framework, he said, needs to include:
- Risk Modeling (integrated modeling of attacks and their impacts in terms of load loss, equipment damage, and economic loss);
- Anomaly Detection (relevant information from a geographically dispersed substation network about potential suspicious activities and intrusion, in terms of severity);
- Cyber-security Validation (comprehensive validating using both analytical and simulation, and test bed evaluations for directed and intelligent attacks); and
- Real-time Mitigation (real-time temporary and spatial correlations from the substation level and control center networks).
Grid security is high on the minds of the public and utilities alike, and work is ongoing to identify and mitigate cyber-security threats. While NERC-CIP standards have brought the industry a basic set of cyber-security must-haves, some analysts say they haven't gone far enough. Risk and vulnerability studies and approaches continue to be modeled to address new vulnerabilities, and lock off potential access points.