Introduction
Power utilities use a broad range of Industrial Control systems (ICS) to manage their operations in their zones: Power Generation, High Voltage (HV) Transmission System operation (TSO), Medium Voltage (MV) Distribution System operation (DSO), MV Distributed Generation, Low Voltage (LV) power delivery and LV Distributed Generation. Each zone includes mechanical assets, computers, and communications, some of which perform local control within their zone and others that communicate with other zones. This power grid structure is in line with the deployment of the smart grid, distributed generation, and the Industrial Internet of Things (IIoT). These IIoT-type ecosystems enhance the control capability on the one hand but also increase the cyber-attack surface.
The communication among these utility sections must be firmly secured to prevent manipulation of reports on actual conditions in each zone, which, if it happens, might cause a severe shutdown of the entire power grid. Β This paper aims to briefly outline the power utility structure, which, if targeted by an attacker, might cause an operation outage and a series of damages. The illustration below shows the main components of a power architecture, including the six zones listed above.
Cyber secured operation of utilities.
Zone 1 β Power Generation Plants
Most power utilities have many types of generation plants, each one controlled by its own Distributed Control System (DCS). The central Energy Management (EMS) system coordinates the operation of all these plants. The data communication between each DCS and the EMS must be highly secured to prevent any Man in the Middle (MitM) attack, which might manipulate the operation of the entire power utility.
Zone 2 β HV Transmission Grid
The HV level TSO does not have automation, except for switching stations where manual or automated circuit breakers can interrupt the power grid in case of a severe incident, mainly to prevent risk to lives and damages. The position of this switchgear is monitored by the Distribution Management System (DMS), which controls the MV grid, to allow quick reconfiguration of the grid when an incident occurs.
Zone 3 β MV Distribution Grid
This MV grid has the highest importance, as most power outages are related to this zone controlled by the DMS. Each of these DMS must be securely connected to the EMS, assuring a sufficient electrical power generation level, matching the demand in each region. In case of an unexpected incident, the DMS computer and the operators in the control room will restructure the MV grid. The communication network between the DMS and the EMS must be highly secured to prevent a MitM-type attack, which might manipulate the information on loading conditions reported to the central EMS.
Zone 4 β MV Distributed Generation
Nowadays, many stand-alone distributed-generation (DG) plants use solar, wind, gas, and biochemical resources. Most of them supply low energy in the range of 1-10 MW, which does not affect the EMS's coordinated scheduling of the big plants. These plants communicate with the power utility related to reporting on the produced energy and settling the tariff paid by the utility to each plant owner. The communication channel must be secured to prevent intervention that might cause financial losses.
Zone 5 β LV Power Delivery Grid
The LV grid provides power to houses and small businesses. It operates as a stand-alone grid and does not report directly to the EMS or the DMS control computers. However, modern power meters send the metered data to the Demand Site Management (DSM) computer to report the consumed power in kilowatt-hours (kWh). That communication channel must be secured against manipulation and MitM-type attack, which might alter the reported data and cause incorrect billing of customers.
Zone 6 β LV Distributed Generation
In recent years we see installations of private solar panels to generate power during the high demand period during the day and to reduce the monthly bill. These small size solar stand-alone plants are reporting to the power utility on the generated energy for financial settling of the bill. As power utilities pay the owner a higher price for each kWh than what they charge customers, the plant controllers and communication channels must be protected against cyber-attack or manipulation.
Conclusions
Modernized power utilities deploy a broad range of renewable technologies to improve the power generation efficiency and granular monitoring of the power grid for optimizing the loading condition. All these technologies rely on communication among the various power utility zones to update the connected computers with real-time data. However, deploying these technologies increases the attack surface and allows more pathways for an attacker to penetrate malwartized code to the network.
To mitigate these risks, power utilities must carry out periodic vulnerability detection actions according to internal policies and procedures, conduct cyber security training for their employees on risk and solutions, and deploy state-of-the-art technologies for maintaining a robust cyber security posture. To be always at least one step ahead of the attackers, power utility management must allocate the needed resources for all these activities and, through these actions, comply with the applicable cyber security regulations.