Global site

ABB's website uses cookies. By staying here you are agreeing to our use of cookies. Learn more

ABB’s view to address the cyber security challenge in the smart grid


Substation Cybersecurity
By Bill Ray


Network security is not a new topic for utilities, but as automation networks become more interconnected, and adopt standard protocols, the risk of attack increases and defenses need to be ramped up. Unfortunately few utilities have the skills or experience to maintain an adequate cyber defense, despite often taking responsibility for securing systems once they've been delivered, so a new approach is needed.

Vendors need to share responsibility for securing the systems they sell. Delivering regular updates and security warnings, then working with utilities to ensure they're promptly applied, while the utilities need to adopt a layered approach creating security in depth, and understand that keeping the network safe is a journey, not a destination.

Environmental factors, storms, floods and so forth, remain the biggest threat to the utility network, but they are at least predictable to a degree. Winds, rains and snowfall can peak unexpectedly, but they don't get progressively more aggressive every year. Cyber attacks do. As miscreants learn more about the systems being used, and the systems grow in complexity to expose new risks alongside additional functionality, so the challenge of protecting them grows equally.

But we can't go backwards - the adoption of industry standards into substation automation has increased efficiency, and flexibility, not to mention creating a safer environment for workers and the general public - increased vigilance is the price we have to pay for the plethora of advantages offered by the digital grid.

That vigilance mostly consists of doing things which are already being done, or should be. Basic network maintenance can secure against the vast majority of attacks, involving nothing more than routine tasks including:

  • Listening to network alarms
  • Removing unused software
  • Disabling unused services
  • Removing old user accounts
  • Changing passwords
  • Verifying that updates have been installed
  • Installing anti-virus software


Legacy equipment might not have updates available, but throwing out perfectly good (and, quite possibly, perfectly secure) equipment if often impractical and unnecessary. In such circumstances the equipment may be encapsulated: protected by a dedicated firewall to limit communication with the rest of the network.

Software firewalls, installed on computers running network services, should also become standard practice. Firewalls at the perimeter of the network will keep out the majority of attacks, but should not be relied on exclusively - an attacker gaining access to the network, or an errant employee already within the network, has bypassed the perimeter but can be held at bay by firewalls running on network servers, while the logs from those firewalls will provide useful evidence of such intrusions so they can be traced and resolved.

All the firewall logs should be looked at regularly, where possible. They make for dull reading, but humans are peculiarly adept at spotted anomalies and an hour or two spent reading the logs, every week, will build up useful knowledge of what's "normal".

What is not normal, but surprisingly efficacious to the attacker, is phoning up and asking for network passwords.

Hackers have discovered this kind of "social engineering" is a great deal less effort than hacking into the (well protected) computers. The caller will claim to come from technical support or similar, and ask for passwords as part of a routine process, while users will often just hand them over on request. Spear phishing, where email messages are targeted at specific staff members to discover their passwords or other credentials, are standard practice these days.

Protecting against this kind of attach requires education - all staff with any kind of access password - from the night cleaner to the company CEO – must be made aware of the risk from such attacks.

Social engineering is certainly the most prevalent of attack vectors, but also one which serves to emphasize the need for a coordinated defense; involving vendors and staff just as much as it involves the IT department. Cyber security is an ongoing task, just as attackers evolve so the deference team need to apply new responses, ensuring the utility can experiences the advantages of the digital evolution without paying the price in compromised security.



Enjoyed this article? Download our free whitepaper: "Security in the smart grid"








Bill Ray


Bill Ray is an engineer turned scribe, now working for ABB as a Technical Writer. You can read more of his articles on ABB Conversations.


For the latest news, articles and Network content delivered straight to your inbox, simply enter your name and email address below:

Comment on this article

comments powered by Disqus

Contact information

What would you like to do?

Submit your inquiry

Please select country from the list below
Country
widgets-contact-location
For this country please use ABB's partner contact details
Name
Company
E-Mail
Phone
Zip code
Your message
Cancel

Thank you for your inquiry and interest in ABB.
We will get back to you as soon as possible.

Back

An error occurred and your inquiry could not be sent.
Please try again later.

Back

Your local ABB Sales Team

Your local ABB's partner contact

Your local ABB Sales Team

Your local ABB's partner contact

Name
Address
 
Phone
 
Fax
 
E-Mail
 
 

Please select country from the list

Close

Submit your inquiry

Please select country from the list below
Country
widgets-contact-location
For this country please use ABB's partner contact details
Name
Company
E-Mail
Phone
Zip code
Your message
Cancel

Thank you for your inquiry and interest in ABB.
We will get back to you as soon as possible.

Back

An error occurred and your inquiry could not be sent.
Please try again later.

Back

Your local ABB Service Team

Your local ABB's partner contact

Your local ABB Service Team

Your local ABB's partner contact

Name
Address
 
Phone
 
Fax
 
E-Mail
 
 

Please select country from the list

Close

Submit your inquiry

Please select country from the list below
Country
widgets-contact-location
For this country please use ABB's partner contact details
Name
Company
E-Mail
Phone
Zip code
Your message
Cancel

Thank you for your inquiry and interest in ABB.
We will get back to you as soon as possible.

Back

An error occurred and your inquiry could not be sent.
Please try again later.

Back

Your local ABB Emergency Team

Your local ABB's partner contact

Your local ABB Emergency Team

Your local ABB's partner contact

Name
Address
 
Phone
 
Fax
 
E-Mail
 
 

Please select country from the list

Close

Authorized Value Providers

Close
Contact Service unavailable