International Defense Security & Technology Your trusted Source for News, Research and Analysis
Related Articles
Energy sector has become one of the attractive targets for cyber attackers. Hackers already target the energy sector more than any other part of U.S. critical infrastructure, according to the most recent government report. There are more reported cyber incidents in the energy industry than in healthcare, finance, transportation, water and communications combined — and those are just the intrusion attempts that get noticed and reported. There’s been a sharp rise over the past two years in cyber attacks targeting critical infrastructure, including grids, and it’s also becoming easier for hackers to gain access to key equipment, according to Darktrace, a UK-headquartered security provider.
By exploiting vulnerabilities, hackers can prevent communities from accessing electricity, water, and sanitation, and close down businesses, hospitals, and transportation. Attacks see utilities lose revenue and have profound economic impacts on communities. Furthermore, customer data leaks attract large fines and loss of trust.
In a recent survey, over half of electricity utilities reported recent data breaches or system shutdowns, and a quarter suffered large attacks. Despite this, fewer than half of utilities rated their cybersecurity readiness as high.
A key player in the U.K. electricity market, Elexon has fallen victim to a cyber-attack in May 2020. Overseeing the payments in the energy market that exists between U.K. power station operators and the companies that provide the electricity supply to consumers and businesses alike, Elexon plays a vital role in ensuring the lights really do stay on across the country. According to The Telegraph, which was first to break the news of this cyber-attack, that amounts to some $2.07 billion (£1.7 billion) of transactions every year. The combination of high-value transactions with being a core part of the energy supply market makes companies such as Elexon a prime target for cybercriminals and nation-state hackers alike.
South Africa’s energy infrastructure is also facing security threats. There are numerous examples of attacks on critical infrastructure. These are typically cyber-related. But physical attacks such as sabotage also occur. The Institute for Security Studies argues that attacks on the critical infrastructure of developing countries, such as South Africa, could be “potentially devastating”. South Africa’s national security vulnerabilities, combined with the security risks to a monolithic state owned entity with no backup, could exacerbate the country’s power supply insecurities. Cyber attacks on Eskom’s critical infrastructure could lead to severe damage. The result could be corresponding losses of generation capacity and damage to the economy.
A number of recent cyberattacks reinforce the importance of robust cybersecurity. In India, May 2017 saw a ransomware attack on West Bengal State Electricity Distribution (WBSEDCL), while an attack in November hit the Tehri dam in Uttarakhand, although protective systems thwarted the attempt.
Some high- profile cyberattacks on Indian power sector include the November 2017 malware attack on THDC Ltd’s Tehri dam in Uttarakhand, the May 2017 ransomware attack on West Bengal State Electricity Distribution Co. Ltd (WBSEDCL), the February 2018 attack on a Rajasthan discom website, and the March 2018 attack on Haryana discoms in which the commercial billing software of the highest paying industrial customers was hacked, according to information reviewed by Mint. The National Critical Information Infrastructure Protection Centre also reported several vulnerabilities in the power utilities of states in May 2018.
Cyberattack on Nuclear grid
An even more serious attack in Energy sector is on Nuclear facilities. There have been over 20 known cyber incidents at nuclear facilities since 1990. This number includes relatively minor items such as accidents from software bugs and inadequately tested updates along with deliberate intrusions, but it demonstrates that the nuclear sector is not somehow immune to cyber-related threats. Furthermore, as the digitalization of nuclear reactor instrumentation and control systems increases, so does the potential for malicious and accidental cyber incidents alike to cause harm. The consequences of a cyber-based intrusion at a nuclear power plant could range from loss of confidential employee or business information to potentially causing a reactor shutdown or physical damage.
The Nuclear Power Corporation of India (NPCIL), a public sector undertaking admitted to a malware attack on one of the computers in Kudankulam plant. The DAE, which carried out the investigations at the plant had revealed that the infected computer belonged to a user who was connected in the internet network used for administrative purposes. Cybersecurity firm Kaspersky later identified the malware as Dtrack, which was previously linked to North Korea. While reactor operations at Kudankulam were reportedly unaffected, this incident should serve as yet another wake-up call that the nuclear power industry needs to take cybersecurity more seriously.
Iran will retaliate against any country that carries out cyber attacks on its nuclear sites, the head of civilian defence said in July 2020, after a fire at its Natanz plant which some Iranian officials said may have been caused by cyber sabotage. The Natanz uranium-enrichment site, much of which is underground, is one of several Iranian facilities monitored by inspectors of the International Atomic Energy Agency (IAEA), the U.N. nuclear watchdog. One of the officials said the attack had targeted a centrifuge assembly building, referring to the delicate cylindrical machines that enrich uranium, and said Iran’s enemies had carried out similar acts in the past. In 2010, the Stuxnet computer virus, which is widely believed to have been developed by the United States and Israel, was discovered after it was used to attack the Natanz facility.
Cyber warfare
Cyberwarfare
The world seeing a new form of conflict cyberwarfare where countries are using hackers to target critical information infrastructures such as power grids, of rival nations, all with potential results that are every bit as devastating as any bullet or bomb.
The Trump administration in March 2018, first time publicly blamed the Russian government for a campaign of cyber attacks stretching back at least two years that targeted the U.S. power grid, marking the first time the United States has publicly accused Moscow of hacking into American energy infrastructure. Beginning in March 2016, or possibly earlier, Russian government hackers sought to penetrate multiple U.S. critical infrastructure sectors, including energy, nuclear, commercial facilities, water, aviation and manufacturing, according to a U.S. security alert. 2019 threat assessment from U.S. intelligence agencies that said that China and Russia had the ability to use cyberattacks to, respectively, temporarily disrupt natural gas pipelines and electric distribution networks.
India’s power sector is facing cyberattacks, with at least 30 events reported daily as reported. A majority of the attacks originate from China, Singapore, Russia and the Commonwealth of Independent States (CIS) countries. As such, there are growing concerns that the country’s power infrastructure could be the next target of terrorists looking to cripple India’s economy.
2015 attack in Ukraine that disconnected eight substations led to outages affecting over 200,000 people, with utilities having to operate substations manually for several weeks. Other attacks in 2020 include a ransomware attack on Taiwan’s state-owned energy company, CPC Corp, and attempts to compromise Israeli water infrastructure. A Japanese telecommunications company reported theft of data from hundreds of customers
Analysis by the U.S. cyber security firm Symantec last fall that said a group it had dubbed Dragonfly had targeted energy companies in the United States and Europe and in some cases broke into the core systems that control the companies’ operations. The Department of Homeland Security and FBI said in the alert that a “multi-stage intrusion campaign by Russian government cyber actors” had targeted the networks of small commercial facilities “where they staged malware, conducted spear phishing, and gained remote access into energy sector networks.” The alert did not name facilities or companies targeted.
“Foreign cyberactors are probing Americans’ critical infrastructure networks and in some cases have gained access to those control systems said Admiral Mike Rogers, the commander of the U.S. Cyber Command and director of the National Security Agency in testimony before the House Intelligence Committee. Trojan horse malware that has been attributed to Russia has been detected on industrial control software for a wider range of American critical infrastructure systems throughout the country. This malware can be used to shut down vital infrastructure like oil and gas pipelines, power transmission grids and water distribution and filtration systems.”
In a coordinated assault, suspected Russian hackers penetrated Ukraine’s power grid, knocking out electricity for 225,000 people. The hackers flooded the customer service center with calls, causing technical difficulties and slowing the response.
With deliberate action, a remote individual had taken control of the operator workstation and was systematically opening breakers at 30 substations. Opening breakers doesn’t take much time; it was all over in 5 minutes. For the people disconnected, and the utility personnel deployed, recovery would take considerably longer. Kyivoblenergo wasn’t the only utility hacked remotely; two more control centers suffered similar compromises, blacking out a total of 225,000 customers for over 6 hours in cold weather.
Prior to opening the breakers, attackers reconfigured battery backup systems, disabling the automatic transfer functionality. Once the breakers opened, those backups failed to keep systems online, and placed operators in the same darkness. And while some details differ, a software component called KillDisk was also used to fully wipe the hard drives of corporate and control systems, requiring time-consuming reinstallation of the operating system and other important software.
John Hultquist, head of cyber espionage intelligence at iSight partners, a US-based threat intelligence company, said it was the first time the cyber security industry had seen a cyber attack result in the shutdown of power.
Slovakian cyber-security firm ESET said the cyberattack was ever wider, with malware similar to BlackEnergy found in the networks of at least two other utilities besides Prykarpattyaoblenergo, which serves the region. Ukraine’s Computer Emergency Response Team said that late last year the KillDisk module of Malicious software BlackEnergy, was also used in a 2014 cyberattack on U.S. utilities. BlackEnergy also infected media organizations and led to the permanent loss of video and other content, according to Ars Technica.
The root cause teams concluded the original infection was via malicious Microsoft Word and Excel documents sent to employees of the utility via public email. When opened on corporate systems, the Office documents would install malware that would spy on users and report that activity to attackers on the Internet. That malware captured usernames and passwords from the corporate desktops of remote personnel, and attackers then used these stolen credentials to access the control system. Once on the control system, the attacker had full access—and used that access to great effect.
Energy sector is also a crtitical infrastructure and and a prime target for sabotage by adversaries. The starting point in serious cyber warfare may well be to trip the power stations which power the data centres involved with the core routing elements of the network. DDoS attack on the national grid could make it easier for hackers to neutralize the backup power and trip the system. DDoS attacks use multiple computers to flood a system with illegitimate connections, requests and traffic from many sources at the same time.
William Cohen, the former U.S. secretary of defense, recently predicted such a major outage would cause large-scale economic damage and civil unrest throughout a country. In a war situation, this could be enough to bring about defeat. Janet Napolitano, a former secretary at the U.S. Department of Homeland Security, believes the American system is not well enough protected to avoid this.
“I believe our advanced nation state adversaries have the ability to cause such damage. These nations lack a strong motive at this moment to conduct such an attack and are deterred only by the fear of U.S. retaliation. Our critical infrastructure networks are extremely vulnerable to such a damaging attack, and we can’t count on a deterrence if we’re already in an adversarial position with a nation like China or Russia. And we can’t count on the fact that less rational actors might also gain access to those critical systems.”
Vulnerability of power grid and impact of cyberattacks on power grid
Power grids are vulnerable to cyber attacks and to physical attacks (e.g., the Apr. 2014 attack on a California substation ). These attacks may cause large-scale failures, initiate cascades, and have devastating effects on almost every aspect of modern life.
The two main components of the power grid are
(i) the physical infrastructure of the power transmission system (power lines, substations, power stations), and
(ii) the Supervisory Control and Data Acquisition (SCADA) system responsible for monitoring and controlling the grid (referred to it as the control network).
Physical attacks target the former while cyber attacks target the latter. The effects of a physical attack can be mitigated, if the control center has accurate understanding of its impacts and acts quickly to compensate for failures. However, if physical attacks are accompanied by cyber attacks that make information about the status of the attacked zones unavailable, the control center cannot take effective action.
Since power networks rely on physical infrastructure, they are vulnerable to natural disasters, such as earthquakes, hurricanes, floods, and solar flares, or to physical attacks, such as an electromagnetic pulse (EMP) attack. Developing tools for identifying vulnerabilities is of utmost importance for network monitoring, strengthening, and modernization.
In Feb 2021, severe storm in Texas paralyzed almost every energy source, from power plants to wind turbines, because their owners hadn’t made the investments needed to produce electricity in subfreezing temperatures. The Ercot breakdown affected millions of Texans, many of whom resorted to desperate measures to stay warm. The outages shut down hundreds of stores and businesses, limiting supplies of food and water.
One, our adversaries are getting much more aggressive. They’re learning a lot about our industrial systems, not just from a computer technology standpoint but from an industrial engineering standpoint, thinking about how to disrupt or maybe even destroy equipment. That’s where you start reaching some particularly alarming scenarios, said cybersecurity expert Robert M. Lee, CEO of industrial cybersecurity firm Dragos, Inc.
The connection of Industrial Control systems to internet adds another vulnerability. In nuclear environments, [business networks and control networks are] airgapped—[i.e., computers on one network cannot talk to those on the other]—because of safety regulations. That is not true with other industrial infrastructures—electric energy, oil and gas, manufacturing, etc. You absolutely have [ICS] networks that are connected up.
The chief of US Cyber Command has said it’s a matter of “when, not if” the US power grid is hit by cyber attackers. And a recent high-profile attack that shut down power in Ukraine showed it’s certainly possible. “We have power outages [in the United States] that last five or six hours that are regional in nature,” Thomas said. “You just don’t hear about them because they’re not that big a deal.” If hackers were to knock out 100 strategically chosen generators in the Northeast, for example, the damaged power grid would quickly overload, causing a cascade of secondary outages across multiple states. While some areas could recover quickly, others might be without power for weeks.
Robert M. Lee, a former National Security Agency cyber expert and current CEO of Dragos Inc., pointed to a new development that is a first in cyber attacks. A piece of malware called Trisis was used to sabotage an industrial control system of an electric company. But it was more than just an attack on electric power. “It was the first piece of malware specifically designed to kill people,” Lee said. The malware would allow hackers to access controls that could cause leaks or explosions, rather than simply switching off power to parts of the grid.
He added: “The goal of a cyberattack like that against the United States infrastructure from a nation-state … is going to be not just to turn the power off, but to keep it off for an extended period of time or an extended area impacting millions and millions of people.” The most damaging kind of attack, specialists say, would be carefully coordinated to strike multiple power stations. A prolonged outage across 15 states and Washington, D.C., according to the University of Cambridge and insurer Lloyd’s of London, would leave 93 million people in darkness, cost the economy hundreds of millions of dollars and cause a surge in fatalities at hospitals.
Attacks on power grids will have devastating economic and military impact and affecting millions and millions of people. “Stores are closed. Cell service is failing. Broadband Internet is gone. Hospitals are operating on generators, but rapidly running out of fuel. Garbage is rotting in the streets, and clean water is scarce as people boil water stored in bathtubs to stop the spread of bacteria. And escape? There is none, because planes can’t fly, trains can’t run, and gas stations can’t pump fuel.” This is the “nightmare scenario” that lawmakers have been warning you about, KATIE BO WILLIAMS and CORY BENNETT write in the HILL.
Most utilities accept cybersecurity is a priority, but implementing it effectively can be a difficult process. Most utilities accept cybersecurity is a priority, but implementing it effectively can be a difficult process. A 2015 report by the British think tank Chatham House found pervasive shortcomings in the nuclear power industry’s approach to cybersecurity, from regulation to training to user behavior. In general, nuclear power plant operators have failed to broaden their cultures of safety and security to include an awareness of cyberthreats. The Hague Communiqué of 2014 listed nuclear security culture as the first of its three pillars of nuclear security, the other two being physical protection and materials accounting.
Smart Grids
Digitalisation is essential for electrical systems, connecting assets to networks and providing visibility and control through high-speed communications. With the growth of smart grids and renewable energy, information technology underpins all parts of power delivery from generation to distribution.
Smart grids use a combination of AI and sensors to link, distribute, and conserve energy from a combination of legacy power sources—like coal plants—and renewable sources, like hydroelectric dams, solar farms, and even, eventually, individual vehicles or homes with surplus power.
However, while increased automation and integrated systems enhance data analysis and real-time control, they can leave the grid open to cyberattacks. As utilities turn to sources of renewable energy and add millions of other components like smart meters, they’re rapidly multiplying the number of connections and sensors along their networks, widening the potential for intrusions.
The trade-off is that hackers could have easier access to (typically) less-secure local networks. That means we’d likely see smaller but more frequent attacks with more smart-grid projects deployed, but spreading the risk could be worthwhile in part because it reduces the monetary incentive for attacks—holding an individual household’s network ransom is less lucrative than, say, leveraging an entire region’s infrastructure.
“It’s impossible to secure any industrial control system, because they’re so complex there will always be a bug that could be exploited,” Yury Dvorkin, assistant professor at New York University’s Tandon School of Engineering told Emerging Tech Brew. “With a decentralized system, if you hack into, for example, a residential household, you will only be able to control this household…if you launch an attack, your impact is going to be marginal.”
Impacts on Military
Increased reliance on intelligence processing, exploitation, and dissemination; networked real-time communications for command and control; and a proliferation of electronic controls and sensors in military vehicles (such as remotely piloted aircraft), equipment, and facilities have greatly increased the U.S. Department of Defense (DoD)’s dependence on energy, particularly electric power, at installations. Thus, ensuring that forces and facilities have access to a reliable supply of electricity is critical for mission assurance. However, most of the electricity consumed by military installations in the continental United States comes from the commercial grid—a system that is largely outside of DoD control and increasingly vulnerable to both natural hazards and deliberate attacks, including cyberattacks.
Energy enables nearly everything the military does, and the primary objective is mission assurance and decisive advantage on the battlefield. Energy security ensures powering of capable major weapons systems and communications infrastructure at the desired levels of performance, range, and readiness. Improved energy performance can reduce the risk and effects of attacks on supply lines and enable tactical and operational superiority. Solar photo voltaic (PV)-powered Distributed microgrid tech can secure the electrical grids at military bases to reduce the impact of cyber attacks, physical attacks from terrorists and natural disasters. Depending on geographical locations across the US, military installations get electricity from solar, wind, geothermal, waste-to-energy landfill gas and biomass. Renewable technologies, such as solar devices for servicemen, waste-to-energy, solar-powered unmanned aerial vehicles and other ways of using locally-sourced energy, are key to fuel diversification goals.
Security Measures
President Donald Trump signed an executive order in May 2020 prohibiting bulk power system equipment from foreign companies in the U.S. grid, citing security concerns. The U.S. Department of Energy noted that under the current rules, contracts are awarded to the lowest bidder when it comes to bulk power system procurement, and that creates a “vulnerability that can be exploited by those with malicious intent.” U.S. Secretary of Energy Dan Brouillette said that it is imperative that “the bulk-power system be secured against exploitation and attacks by foreign threats.” Analysts believe this means that the United States will set up a whitelist for the procurement of such equipment. Although the order did not name any specific country, observers say China and Russia are the two main countries most capable of posing a threat to the U.S. power grid. “It’s an important set of issues and similar to the debate that’s occurring around (companies like) Huawei, ZTE in 5G. Clearly you want to have visibility and confidence across your entire supply chain,” Frank J. Cilluffo, director of Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security, told VOA. He added that the move is a “prudent step” aimed at securing “the most critical of critical infrastructure,” because virtually all other infrastructure rely on the power grid to function.
Researchers are focusing on joint cyber and physical attacks and develop methods for recovering the information about the status of the power grid following a joint cyber and physical attack as well as on studying the resilience of different topologies and the resilience to different attacks.
Researchers are also studying the structural properties of the North American grids and developing algorithms for generating synthetic power grids (i.e., spatially embedded networks with similar properties to a given grid). This work is motivated by the fact that the development of algorithms for enhancing the resilience of the power grid requires evaluation with topologies of real transmission networks but such topologies are usually not publicly available.
There’s a sliding scale of [security measures] you can invest in. You have architecture—building it right from the beginning. Next is passive defense: vendor tools and security tools on top of the architecture. On top of that is active defense—people hunting inside the environment for threats. On top of that is intelligence, which is analysis of adversary campaigns and maybe even breaking into their networks. Then there’s offense, which is obviously some sort of attack, maybe to take down malicious infrastructure, said cybersecurity expert Robert M. Lee, CEO of industrial cybersecurity firm Dragos, Inc..
Our regulations and our industry trends have gotten our architecture to a pretty decent place. The passive defenses probably need some work, but we’re getting there. The piece that is completely lacking is active defense. There are less than 1,000 ICS cybersecurity professionals worldwide. We’ve got to focus on training the human. The only way to counter human adversaries that are flexible and funded is with trained defenders operating in defensible environments.
For safety of Nuclear reactors , the Nuclear Regulatory Commission has issued guidance for US operators on improving workforce development and performance assessment for cybersecurity at nuclear power plants. And the National Nuclear Security Administration includes cybersecurity in their security assessments at US and international facilities, along with technical exchanges and training programs. It also developed a course on cybersecurity for nuclear power plant operators in partnership with the International Atomic Energy Agency—which has published its own technical guides on computer security, and recently held its first cybersecurity course for nuclear power plant operators.
India’s electricity grid operators will have to install firewalls and other measures used by companies to avert an attack on their information technology systems and check rising hacking incidents of power networks across the world. Grid operators and regulatory agencies will need to have a continuity plan handy in the event of a cyber attack, according to draft rules published by the Central Electricity Regulatory Commission. The move is part of a overhaul of the decade-old guidelines. India has established the Global Centre for Nuclear Energy Partnership as a forum for bilateral and multilateral cooperation in nuclear security that could be widened to include cybersecurity.
DARPA has launched the RADICS program with objective to develop technologies for detecting and responding to cyberattacks on critical U.S. infrastructure, with an ultimate goal of enabling cyber and power engineers to restore electrical service within seven days in the event of a major attack.
Three U.S. agencies announce Pathfinder initiative to protect energy critical infrastructure
In 2020, The U.S. Department of Energy (DOE), U.S. Department of Homeland Security (DHS) and U.S. Department of Defense (DoD) jointly signed a memorandum of understanding (MOU) to partner on a new Energy Sector Pathfinder initiative. The goals of this initiative are to advance information sharing, improve training and education to understand systemic risks, and develop joint operational preparedness and response activities to cybersecurity threats.
“Through this agreement, we will strengthen the partnership between DOE, DHS, and DoD to enable intergovernmental cooperation and bolster our ability to proactively address cyber threats to critical energy infrastructure, and to respond effectively should those threats materialize,” said DOE Assistant Secretary of Cybersecurity, Energy Security and Emergency Response Karen S. Evans. “The Department of Energy is committed to working with our partner agencies to secure U.S. critical energy infrastructure.”
“The lessons learned through this program will help inform the process to develop indicators and warnings across multiple national critical functions, enhance cyber threat information sharing efforts, and facilitate rapid response and improved resiliency across all sectors,” said Bryan Ware, DHS Assistant Director for Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA).
Central to the ability to defend critical infrastructure in the U.S. are the advanced, realistic exercises conducted by response assets. The Energy Sector Pathfinder program will facilitate collaboration on response playbooks that can be shared with all stakeholders, as well as exercises to stress-test the playbooks and to drive capability development.
Wan Security
Increased system integration and network connectivity, alongside the digitalization of power utilities, support the idea of migrating operational communication networks towards packet switched wide area networks (WAN). With Time Division Multiplexing (TDM), systems multiplex two or more digital signals, divide them into equal length time slots, and send them over the same channel. The receiver de-multiplexes these and reassembles them into their original format, which provides pseudo-security against cyber attacks
Using packet technology, especially through WAN, brings new challenges for power utilities because cyber security requirements are different in packet switched networks when compared to TDM networks. The new technology needs to guarantee the critical performance parameters of mission critical applications (such as jitter, wander, symmetry and latency) under any network condition, while also considering the changed cyber security requirements. Cybersecurity will cover application data from RTUs and relays, and protect network protocols such as IEC61850 GOOSE. Applications rely on accurate time of day information data, which hackers can target to shut down a grid.
While cyberattacks are possible at all levels of a utility communications system, Wireless Area Networks (WANs) are particularly vulnerable and can allow hackers to tap into data streams relatively undetected. Three main types of attack affect electrical systems:
- Confidentiality: A hacker compromises data security.
- Integrity: Attackers manipulate data to affect command sequences and cause trips, loss of function, or overloading.
- Availability: The simplest form of attack makes WAN systems unavailable through distributed denial-of-service attacks.
While it is possible to recover from some cyberattacks by rebooting, a concerted attack can overload components and cause physical damage
Naturally, electric utilities want optimal security for their systems that maintains high availability and bandwidth in difficult operating environments. Therefore, there is a strong need to ensure confidentiality and authenticity of data transmission in operational packet-based networks for power utilities. They can achieve this by using encryption and authentication of the relevant information.
Since many applications and end devices presently installed in power utility environments do not support data encryption, additional technologies need to be used to provide such functionality. One such measure is the IPsec network protocol, which encrypts packets of data to provide secure communication by sharing security attributes and rejecting unauthorised packets. The protocols support mutual authentication and use internet key exchange (IKE) to negotiate the cryptographic encryption key used during the session. Naturally, utilities want high levels of cybersecurity across all systems, but IPsec increases packet sizes by adding overheads to the data.
Accordingly, IPsec significantly affects network performance, and this downgrade influences real-time applications such as teleprotection, which are highly sensitive to delay. Because delay and jitters affect data quality, companies layer cybersecurity systems to focus on non mission-critical data. Lower layer communications, which provide basic functionalities, have extensive protocols and can provide particularly efficient protection.
Other currently used technologies for WAN security include MACsec and Link Layer Encryption, which are not always suitable for utility communication systems. MACsec lacks the security requirements and flexibility for mission critical networks, while Link Layer Encryption on Layer 1 is also a hop-to-hop solution mostly designed for datacentre connection with high throughput.
An innovative solution is to separate the packet engine for packet handling from the encryption engine used for encryption and authentication operations. This leads to a wire-like deterministic encryption and authentication packet transmission even through complex meshed networks. One recurring problem is that utilities often design cybersecurity according to the latest attack, which does not guard against sophisticated future attacks and compromises long-term protection. For example, encryption-based systems face a threat from powerful quantum computers that can quickly crack public key cryptography, rendering existing approaches obsolete. As new standards for Quantum-Safe networks emerge in the coming years, power-grids must start to prepare their devices and systems now.
AI and machine learning for cyber security
Artificial intelligence (AI) and machine learning can be trained to find attacks, which are similar to known attacks. Next generation Adaptive Machine Learning (ML) algorithms can collect intelligence about new threats, attacks and breaches and learn from them. AI can also automate processes for detecting attacks and reacting to breaches. In future, AI/ML can make cyber security fully automated.
Officials of the U.S. Nuclear Regulatory Commission (NRC) in Rockville, Md., issued a sources-sought notice (NRC-FFR-RES-2022-0001) in Jan 2022 for the Characterizing Nuclear Cyber Security Using Artificial Intelligence/Machine Learning project.
AI and machine learning technologies have the potential to provide tools for identifying, characterizing, and responding to cyber attacks at nuclear power plants, NRC officials say. For example, AI and machine learning may enable plant staff to monitor increasingly complex plant systems and detect and evaluate abnormalities resulting from a cyber attack.
Tasks would include identifying enabling technologies for cyber security in nuclear power; evaluating and choosing technologies that would demonstrate the value of AI and machine learning in nuclear cyber security; and carrying out this research with a small test case.
Enabling technologies would apply to detecting and distinguishing abnormal plant and cyber security states; considerations for accuracy and reliability; necessary machine leaning training data; how to identify and respond to a cyber-attack; identifying the risks of applying AI and machine learning to nuclear cyber security; and creating a technical report.
Quantum Technology as a Solution
One recurring problem is that utilities often design cybersecurity according to the latest attack, which does not guard against sophisticated future attacks and compromises long-term protection. For example, encryption-based systems face a threat from powerful quantum computers that can quickly crack public key cryptography, rendering existing approaches obsolete. As new standards for Quantum-Safe networks emerge in the coming years, power-grids must start to prepare their devices and systems now.
Key management generates the keys for the network encryption, assigns them, organizes exchanges between hosts, and revokes the keys at the end of the transmission. As quantum technology grows, it will increasingly jeopardize the security and strength of the public key cryptographic paradigm. The development of sufficiently large quantum computers could see hackers break the specific public key cryptography/asymmetric cryptography that underpin infrastructures and networks.
The encryption key is the secret element for any encryption and data protection and, going forward, generating strong keys based on true randomness will become the cornerstone of critical infrastructure security. However, quantum technology also provides the solution, because using a physical Quantum Random Number Generator (QRNG) as the source of high quality cryptographic key generation, alongside quantum-resistant algorithms (Post-Quantum Cryptography), will meet the long-term Quantum-Safe protection requirements.
Applying this to WAN systems using Multiprotocol Label Switching – Transport Profile (MPLS-TP) will enhance the security of utility networks as operators gradually adopt packet-based communications systems. Modern utility communication systems are compatible with legacy systems, are future proof, integrate with Internet of Things (IoT) technology, and are Quantum-Safe without compromising the real time capability.
References and Resources also include:
http://gpsworld.com/raytheon-darpa-developing-tech-to-protect-power-grid-against-cyber-attack/
https://thebulletin.org/2019/11/lessons-from-the-cyberattack-on-indias-largest-nuclear-power-plant/
