About the Author
Dr Zoya Pourmirza, is a postdoctoral research associate at Newcastle University within the School of Electrical and Electronic Engineering. She was awarded her PhD in The Information and Communication Technology (ICT) Architecture in the Smart Grid from University of Manchester. Her research expertise includes Smart Grids ICT networks, cyber-security, communication energy efficiency, and data compression.
Zoya carries out a wide range of research for CESI in the area of cyber-security on energy systems.
The Smart Grid has three main characteristics which are, to some degree, antagonistic. These characteristics are the provision of good power quality, energy cost reduction and improvement in the reliability of the grid. The need to ensure that they can be accomplished together demands much richer Information and Communications Technology (ICT) networks than the current systems available. The addition of the ICT to the legacy grid raises concerns among various stakeholders such as consumers, utilities, and regulators. Cyber security is emerging as an important and critical element of modern energy systems that could jeopardise the availability and reliability of energy systems if compromised.
Risks and vulnerabilities associated to cyber-security in Smart Grids
The modern cyber-physical energy system that couples the communication networks to the legacy grid introduces more cyber risks and vulnerabilities, which can seriously affect the energy systems in terms of operation and reliability. While dependability against relatively rare physical failures can be argued on a “one out of n” basis, cyber-attacks have the potential to damage “n out of n” systems simultaneously, because security vulnerabilities can be exploited in parallel. This is particularly worrying as the physical dimension of energy systems is prone to cause a cascading effect in case of targeted failures.
Some of the critical vulnerabilities of smart energy system have been identified as:
- Physical vulnerabilities
- Platform vulnerabilities
- Policy vulnerabilities
- Interdependency vulnerabilities
- Information and Communication Technology (ICT) system vulnerabilities.
The full extent of these impacts is, however, hard to grasp due to their highly complex and interdisciplinary nature, and the interdependencies between energy systems and a fast-changing ICT landscape. Any attack on the ICT of the energy system will, therefore, have negative impacts of varying severity on energy system operation. There is a wide range of possible attacks against the ICT of the energy systems. According to the US National Institute of Standards and Technology (NIST), those targeting the availability, integrity, and confidentiality of the ICT are of the highest importance. Such attacks are usually undertaken to:
- Mislead the operation and control of the utility provider
- Manipulate market and misguide the billing systems
- Compete with other utility service providers
- Disturb the balance between demand and supply
- Carry out terrorist activities to damage local and national power infrastructure
- Convey distrust between people and government
- Increase or decrease the cost of energy consumption and energy distribution
Are we more vulnerable than before?
A number of cyber experts have already expressed their concerns about the digitization of legacy grids. While some say the energy industry is ignoring the risks associated with the smart energy system, some go further and argue that the security of the country is at stake, due to the possibility of cyber-attacks on digitized energy systems. This trend is transforming cyber security complications from a problem to a hype. However, the truth lies somewhere between these two extremes. Currently, there seems to be a lack of evidence in the form of particular incidents suggesting smart technologies can be held exclusively responsible for compromising the operation of energy systems. Traditional energy systems are already exposed to a range of cyber threats. Although smart technologies are not yet embedded in a large scale in energy systems, their deployment can increase the risk of vulnerabilities and introduce new ones. This is more likely to be associated with increased connectivity between various assets and with the internet.
Over past few years, a number of incidents have been reported in which legacy energy systems have been compromised due to their partial dependence on smart technologies. Based on these recent incidents it is envisaged that similar types of attacks could increase in numbers as smart technology deployment increases introducing additional access points (cyber and physical) for infiltrators. Potential attacks in equipment could lead to financial loss and disruption of services for buildings and households and possible safety concerns both for the owners/occupants and the broader network depending on the power ratings and role of the asset attacked.
In order to address the diverse cyber-security issues related to the smart energy systems, there is an increasing need for experts in multidisciplinary fields to work jointly in the identification and treatment of these. Newcastle University has recently launched a multi-disciplinary team comprising cyber security, and smart grid experts co-funded by EPSRC and working with other stakeholders from industry and academia offering a powerful collaboration of electrical power systems, ICT architecture and cyber-systems expertise to tackle this pressing problem.