Threat from the Net

Need to deploy multi-layered security controls to protect smart grids

Cyberattacks on smart grids can disrupt the entire power sector. The risk of cyberthreats extends to all interconnected components across the generation, transmission and distribution channels. Being constantly connected to the internet, a smart grid can be exploited by hackers. Cyberattacks in the form of sniffing, eavesdropping, spoofing and injecting malicious data into the grid can cause damages ranging from minor power cuts to a major grid collapse. Smart grid security is crucial to providing uninterrupted power supply and minimising losses due to power cuts. To maintain a secure smart grid, utilities world over are taking initiatives such as implementing a multi-layered security mechanism, running awareness and training programmes and conducting cyberrisk assessment studies. Apart from this, they are exploring emerging technologies such as blockchain for enhancing grid security.

Types of cyberattacks

One of the most common cyberattacks on smart grid is sniffing and eavesdropping. This is undertaken by hackers to steal information or acquire the technical specifications of a network. Such information could be used to craft further attacks, or achieve any other objective. Denial of service is another smart grid cyberattack, which penetrates into the underlying communication and computational infrastructure, and renders the resources temporarily unavailable. In another type of cyberattack on the smart grid, malicious data is injected into the grid. An attacker may leverage the vulnerabilities in the configuration of a smart grid infrastructure and inject malicious data that will misrepresent the state estimation process. Through this, attackers can not only change the results of state estimation, but also modify the results in a predicted way. In spoofing, a malicious party impersonates another device or user on a network. Successful spoofing attacks may result in incorrect calculation of clock offsets leading to erroneous estimates of the actual power load. Meanwhile, high-level application attacks on any component or application in the system will cause unexpected physical damages. These applications provide an interface for communicating with the physical infrastructure such as management consoles and end-user web portals. The attacks impact power flow measurement, state estimation, energy management, etc. in smart grid.

Maintaining a secure smart grid

One of the emerging solutions for maintaining grid safety is developing a smart energy management system based on blockchain. Blockchain is a distributed data processing technology, which enables all users participating in the network to distribute and store data. Applying blockchain technology to the smart grid will ensure secure management of energy data, and contribute to the development of the future smart energy industry. The primary initiatives to protect smart grids against cyberattacks include enhancing defence capabilities to mitigate the possibility of an attack. The traditionally proven defence-in-depth principle can be adopted, in which multiple layers of security controls are put in place. Under this, the risk is distributed across various layers so that if one layer of defence is penetrated, the other layer prevents further damage. Another security measure against cyberattacks is cybersecurity risk assessment. This involves evaluating various information assets to identify the underlying vulnerabilities and threats. In addition, there is a need to create awareness and undertake training programmes to maintain grid safety. Effective training programmes need to be designed based on individual roles and responsibilities. Incident response is another vital aspect of protecting smart grids from cyberattacks. In the absence of an effective incident management plan, an incident can completely disrupt vital business functions. To conclude, a smart grid cybersecurity strategy needs to be designed to manage the prevention, detection, response and recovery processes, and counter any existing and potential threats.


Enter your email address