Category Archives: Cyber-security

Cyber-security of critical infrastructure

Smart Grid Cyber-Security: Where’s The Business Opportunity?

Cyber-Security – Part II: Characterizing the Market Opportunity in the Power Sector

80x80-Logo-SG-1-and-2-and-IX-LOGO-e1363114874895-150x150

 

Dom Geraghty

 

Summary

  • Vulnerability of the power system to cyber-attacks is increasing
  • It isn't yet clear how the market structure for cyber-security products and services will evolve for the power sector
  • Two important national programs that address the vulnerability of critical infrastructure of the power system to cyber-attacks have been underway at NERC and NIST
  • The market opportunity is large, estimated variously at >$1 billion per year
  • Large mature cyber-security companies from other sectors are now active in the power sector, with strong expertise in physical-and IT-related cyber-security protection products and services
  • There may be less competition in the area of specialized power engineering for protecting distribution management systems, and equipment upstream of the distribution system
  • There are a number of significant industry-specific market barriers for cyber-security businesses
  • There is an unresolved cultural issue in utilities regarding the allocation of responsibility for IT-related versus power engineering-related cyber-security measures

Background

For our initial SGiX cyber-security business case dialog, we presented “Cyber-Security – Part I: Simulation Results for the Costs of a Coordinated Attack on a Regional Power System” (link). In Part II of the business case dialog, we discuss the market for power systems cyber-security products and services.

Cybersecurity (ongoing)

Cybersecurity (ongoing)

Industry’s Potential Vulnerability to Cyber Attacks Is Increasing

There is considerable and visible concern within the electric power industry and among government policy-makers and regulators about the possibility of a coordinated cyber-security attack on the U.S. power system infrastructure, and the extent to which the system is vulnerable to such an attack.

Today’s power system is vulnerable to cyber-attacks for a number of reasons.

As the power system transitions into a smart grid, by definition its elements are becoming more inter-operable, providing new access pathways into utility operating systems for hackers.  In addition, the deployment of Advanced Metering Infrastructure (AMI) significantly increases the number of the outer “attack edges” of the power system, making it more vulnerable to a multiple-point, coordinated cyber-attack at its edges. AMI itself creates vast amounts of granular data, providing another rich source for would-be hackers.

The system is also vulnerable because it consists of a mixture of communications and control systems of different vintages (“legacy systems” designed before cyber-security was an issue) -- it is in the middle of a transition from these legacy systems to smart grid systems with more protection, but it is far from completing that transition.

Adding to these risks is the increasing sophistication of cyber-attack teams and individual hackers.

Is There a New Business Opportunity for Smart Grid Cyber-Security? Continue reading

Costs of a Cyber-Security Attack on a Regional Power System

Cyber-Security – Part I: Simulation Results for the Costs of a Coordinated Attack on a Regional Power System

80x80-Logo-SG-1-and-2-and-IX-LOGO-e1363114874895-150x150

 

Dom Geraghty

 

Summary

  • Cyber-security comes in three forms: physical, IT-based, and industrial control systems-based
  • There is mounting concern about the vulnerability of the electric power system to cyber-attacks
  • Protection can take the form of investments in cyber-security or by increasing the level of contingencies planned for
  • A cyber-attack is a high-impact, low-frequency event, i.e., it has a low probability of happening but its consequences can be costly
  • The cost of successful cyber-attacks can be calculated using sophisticated power system simulation models that are integrated with ISO market protocols
  • Four scenarios of a coordinated cyber-attack on the PJM system has been simulated and the costs estimated
  • The costs are substantial and can include substantial amounts of costs associated with unserved energy; for example, a 31-bus, 1-week outage increased costs by $436 million, of which $285 million was related to unserved energy
  • How much should we be willing to pay to increase the resiliency of power systems to cyber-attacks?

Business Case Challenges Continue reading

Cyber-Security – Archive

For "BizCase Challenges" document, see here.

Best References

Pike Research Cleantech Market Intelligence: "Utility Cyber-Security - Seven Key Smart Grid Security Trends to Watch in 2012 and Beyond", Q4, 2011

GreenTechMedia Research: "The Smart Utility Enterprise 2011 - 2015: IT Systems Architecture, Cyber-Security, and Market Forecast", August 2011

NERC: "High-Impact, Low-Frequency Event Risk to the North American Bulk Power System", June 2010

Ernst & Young: "Attacking the Smart Grid", December 2011

Ernst & Young: "Bringing IT into the Fold -- Lessons in Enhancing Industrial Control System Security", January 2012

Ernst & Young: "Countering Cyber Attacks", March 2011

American-Statesman.com: "Threats of Cyber-Attacks on Utilities Growing, Rep. McCaul Says", Laylan Copelin, 5/24/12

SmartGridNews: "Sound the Alarm! Cyber-Attacks Up Eight-Fold", Jesse Berst, 3/15/2012

SmartGridNews: "PJM CEO Speaks Out on Cyber-Security and Resilience", Andy Bochman, 1/3/12

Weiss, Joseph, "Protecting Industrial Control Systems from Electronic Threats", Momentum Press, 2010

Deb, Rajat: "Generation Reserves:The Grid Security Question", Public Utilities Fortnightly, January 2004

European Workshop on Industrial Computer Systems: "Electric Power Systems Cyber-Security: Power Substation Case Study", January 2006

Unserved Energy Cost Estimation

Khosrow Moslehi (ABB), RanjitKumar (ABB), and Peter Hirsch (EPRI), "Valuating Infrastructure For a Self-Healing Grid", January 2006, ABB

George Gross, "Electricity Resource Planning -- 17. Reliability Economics", Department of Electrical and Computer Engineering University of Illinois at Urbana-Champaign

Cyber-security – BizCase Challenges

Estimating the Costs of a Coordinated Cyber-Security Attack on a Regional Power System

Background

There is considerable concern within the electric power industry about the possibility of a coordinated cyber-security attack on the U.S. power system, and the extent to which the system is vulnerable to such an attack.

Today’s power system is vulnerable to cyber-attacks for a number of reasons. As the power system is transitions into a smart grid, by definition its elements are becoming more inter-operable. For example, the deployment of Advanced Metering Infrastructure (AMI) increased the uniformity of the end-user “edges” of the power system, making it more vulnerable to a multiple-point, coordinated cyber-attack. But it is also vulnerable because it is a mixture of different vintages of technology, some of which was designed without cyber-security protections. Meanwhile, hackers have become much more sophisticated in their methods of attack.

NERC and NIST Programs

In the past five years or so, a great deal of work has been done to analyze the physical-, IT-, and industrial controls systems-based vulnerability of the power system to cyber-attacks, focusing on its critical assets. NERC, under a Federal directive to protect critical national infrastructure from cyber-attacks, has issued nine auditable Critical Infrastructure Protection Standards (“CIPS”) and mandated eleven “responsible entities” to implement the CIPS in the bulk power market.

In parallel, NIST is leading a voluntary, phased initiative involving stakeholders across the electricity sector that has developed detailed draft communications and control standards for the smart grid as a whole. These include cyber-security provisions. NIST’s Smart Grid Interoperability Group (SGIP) has been a leader in these efforts (link).

In parallel to these activities, smart grid vendors are adding cyber-security to the functionality of their products.

Characterizing a Cyber Attack Event

A cyber-security attack is characterized as a “high impact/low frequency event” (“HILF”). To calculate the expected cost of the impact of a successful attack, two parameters need to be estimated: (1) the size of impact of the attack on the system (“S”), and (2) the probability (“p”) that such an attack will be successfully carried out. The “expected” cost of the attack would then equal the product: “S x p”. Note that we can consider quantitative and qualitative costs, with the latter being more subjective. As a start, we can make an estimate of the probability for a generic attack, since it is difficult to define an attack scenario.

It is widely believed that the probability of a successful, coordinated attack is quite small, and that therefore, “p” is perhaps less than 1%, perhaps much less.

How much money should you spend to protect yourself against an event which might occur, but most likely will not? You already know that you can never achieve 100% protection.

Costs of Protection/Mitigation/Remediation

Various cyber-security vendors offer cyber-security packages to the power sector. From these offerings, we can get some idea of the costs of different levels of protection. The costs of various levels of cyber-security protection have been estimated, and in many cases, they are not trivial. Utilities, at a cost, can mitigate their risks by increasing the levels of their contingency planning to increase the flexibility of their power systems. Remediation costs depend on the cyber-attack scenario and the extent to which it is successful.

And what is the potential impact of a successful cyber-attack, in terms of costs, business disruption, and societal impacts? What potential costs are you avoiding by spending money on protection?

What are the Benefits of Cyber-Security Protection?

Let’s define benefits in terms of the avoidance of all of the costs of a successful attack. We need to calculate these costs, in order to make a business case.

Very little work has been done on calculating the size (“S”) of the impact in a real-life power system situation.  A real-life situation is very challenging to simulate because: (1) it requires a highly granular and up-to-date operating equipment database for the power system, and (2) it is very difficult to simulate and co-optimize, with high fidelity, the simultaneous interactions between power systems and power markets under the complex protocols of regional market operators.

The UPLAN Power System and Market Simulation Model

LCG's UPLAN (Link) software suite and its accompanying databases are capable of such simulations. The following is a description of a UPLAN simulation of a coordinated cyber-security attack in the PJM (Pennsylvania, New Jersey, and Maryland) regional power system – one that simultaneously disables a number of transmission sub-station transformers.

Defining Cyber-Security Attack Scenarios

The scenarios run by UPLAN were as follows:

  1. Base Case (no cyber-attack)
  2. A 10-bus cyber-attack-based outage of 8 hours (10 transmission substation transformers attacked simultaneously)
  3. A 20-bus cyber-attack-based outage of 8 hours
  4. A 31-bus cyber-attack-based outage of 8 hours
  5. A 31-bus cyber-attack-based outage of 1 week

All scenarios were simulated with coordinated attacks for both summer and winter peak seasons; all scenarios were run for 2012; the PJM system was selected for all simulations (UPLAN has current databases for all generation units, and transmission lines and substations throughout the U.S.).

Transformer substations were chosen for the attack because of the potential for long outages given that high voltage transformers are no longer manufactured in the U.S., and have therefore an extended lead time for replacement equipment (quoted by NERC as being in the range of a 6 - 12 month delivery time).

In order to create an "envelope" around the potential impact, an 8-hour outage was first simulated (similar to a severe weather event). In all of the 8 hour scenarios (10-bus, 20-bus, and 31-bus), the contingency plans in place in PJM (N-X, depending on the bus) took care of the outages by dispatching additional, more expensive units and re-routing the electricity flows -- there were higher total costs, but there was no un-served energy.

Next, a scenario for an extended outage, i.e., a one-week long outage based on a 31-bus coordinated attack, was simulated. This could not be remediated by the in-place PJM contingency plans, and there was a substantial amount of un-served energy.

Total costs as defined in the UPLAN model are comprehensive -- all of the production costs associated with each scenario, including energy, ancillary services, T&D losses, etc.

The incremental costs of the cyber-security attacks in the winter peak season were, as expected, less than those in summer peak season, and are not included in the results below.

Results (All For the Summer Season)

Scenario Definition

Incremental Cost Relative to the Base Case ($millions)

Un-Served Energy (GWh)

10 bus - 8 hr

9

0

20 bus - 8 hr

24

0

31 bus - 8 hr

46

0

31 bus - 1 week

151

19

Estimating the cost of un-served energy is an area of significant locational variability and difference of opinion. In this scenario, we used an average of the costs of un-served energy as estimated  in a number of jurisdictions (e.g., PG&E, PJM, Ontario Hydro) for residential, commercial, and industrial customers (progressively more costly) : from $2,700/MWh (residential only) to as high as $24,000/MWh (PJM) (all-customer average) -- see references here, under "Un-served Energy Cost Estimation").

Based on this, the estimated cost of un-served energy for the final scenario above is between 19 x $2,700,000 and 19 x $24,000,000, or, using an average cost of $15,000,000/GWh, the un-served energy cost is $285 million).

Conclusion

The total cost of a 1-week outage of 31 busses in PJM caused by a coordinated cyber-security attack is substantial, estimated for this analysis to be about $436 million.

Furthermore, if the transformer sub-stations are damaged irreparably, then the outage could be extended by from 26 weeks to 52 weeks (the time needed to manufacture replacement units). This would create costs in the many billions of dollars, i.e., for a greater than a one-week 31-bus outage, it is not unreasonable to multiply the total costs, and the un-served energy, by the number of weeks of outage, as a first approximation of the total cost impact.

Business Case Question

Given these potential costs, but still having to estimate the probability of their occurrence, what should we be willing to spend to avoid them – i.e., what is the business case for cyber-security and/or mitigation investments? Who should pay? Who benefits?