Electrical Grid Stability Relies on Balancing Digital Substation Security

With a central role in modern electrical systems, digital substations are of particular interest to cybercriminals. Their use of Ethernet communications to transfer information between substations and utility enterprise systems makes them more vulnerable to attacks, giving hackers the ability to disrupt operations at banks, gas stations, and emergency services. From January through August 2022, there were 101 cyberattacks nationwide on equipment that delivers electricity.

Utility systems and substations, which have a key role in today's electrical infrastructures, can be vulnerable to cyberattacks without proper security measures and protection. Because coordinated cyberattacks can cause highly disruptive outages, substation cybersecurity is essential and should be based on concepts that include defense-in-depth, cyber kill-chain mapping, and intelligence-driven cybersecurity.

New Cyber Threats Force Electric Utilities' Hands

Cybersecurity was not a priority for many electric utilities until recently, prior to national regulatory standards. Advanced threat groups using Pipedream, a malware kit specifically developed to disrupt industrial processes, have attacked critical infrastructures and industrial control systems. Other cyber incidents, like the 2021 ransomware attack on the Colonial Pipeline's IT system — which also raised fears that ransomware would threaten its operational technology (OT) system — have brought to light the threat of cyberattacks, highlighting the importance of cybersecurity for electric energy OT.

In enterprise environments, data theft and manipulation are the primary concerns. Attacks are usually financial and related to productivity losses, repair costs, or the theft of sensitive information. But attacks on electrical supply systems can have a major impact on customers and critical infrastructure.

In the United States, the Biden administration has committed to improving the security of critical infrastructure in banks, electric utilities, and hospitals against cyberattacks with the release of a new National Cybersecurity Strategy. A major component of this is the US Department of Energy's National Cyber-Informed Engineering Strategy. It proactively manages cyber-risk throughout the development of new energy infrastructure, rather than developing a patchwork of security controls after these connected devices are widely deployed. The strategy seeks to guide energy sector efforts to incorporate cybersecurity practices into the design life cycle of engineered systems to reduce cyber-risk.

While regulation is a good starting point for implementing baseline protections and good hygiene practices, it is not enough to ensure the security of our electrical grids. Continuous security strategy improvement, including real-time monitoring and detection capability, is necessary.

Stick to the Basics and Adjust Accordingly

When establishing a cybersecurity architecture, utility companies should establish baseline policies for protection and create standard control systems. Cybersecurity is about risk management, and understanding the consequences of these risks is paramount. The systems' cybersecurity requirements and interfaces should be based on best practices and consequence-driven risk assessments.

Utilities need to focus on three main areas to develop a successful cybersecurity program:

While developing the appropriate security architecture, companies need to be nimble enough to adapt to new approaches and strategies as new threats emerge.

Balance Between Reliability and Security

Because digital substations are critical elements of electrical systems, they are a prime target for sophisticated cyberattacks. To create a solid cybersecurity strategy, organizations should begin by defining the essential elements and functions of the system. Their strategy should anticipate new threats and adapt, while ensuring ownership across its operations.

The security architecture must also meet the goals of the utility's cybersecurity policies without affecting performance. It must protect critical assets but include communications infrastructure that permits the flow of information. All cybersecurity solutions must help an energy company operating digital substations maximize protection without sacrificing operational reliability.