Cyber Security Considerations for Private LTE Networks in Utility Grid OperationsPosted to Electric Power Research Institute (EPRI) in the Digital Utility Group
image credit: © Michael Borgers | Dreamstime.com
- Aug 25, 2020 6:30 pm GMTAug 21, 2020 9:40 pm GMT
- 699 views
For utilities, what’s the weakest cyber security link in private LTE networks used for utility OT or industrial control environments? Amongst the known unknowns of private LTE cyber security a good suspect is the air interface between utility User Equipment (UE) and Evolved Node B (eNB) base stations logically situated at cell towers.
It’s a significant attack vector. Exploitation of security gaps here – particularly creation of rogue UE (devices) or base stations can give an attacker the entry point to access WANs, substation LANs, or FANs and the applications used by utility control centers and OT cyber security resources. Private LTE WANs carry SCADA and EMS data needed by utility control centers to monitor and manage grid performance and asset health. Substation LANs transmit data to monitor access to remote assets and perform a variety of critical grid operations. Utility FANs carry data from sensors and FLISR applications for improved situational awareness of distribution grids. Even when the data traveling over a private LTE is encrypted, it’s not immune from a cyber attack. How? Because encryption merely keeps data private, it doesn’t keep it immutable. OT environments put an emphasis on data availability and integrity over confidentiality. Encrypted data can be altered, compromising data availability and integrity. That data may be unusable in OT environments. Stingrays, devices used by law enforcement agencies around the world, emulate base stations and gather data about mobile devices. What if a Stingray type of device was used to compromise data availability or integrity in OT environments? The consequences of such attacks could range from asset damage and service disruptions to imperilment of human health and safety.
Understanding the full scope of cyber security risks of the UE/eNB interface is complicated by two realities. First, utilities that have deployed or are deploying private LTE networks typically have hybrid networks comprised of multiple technologies – in other words, these are not pure private LTE networks. Second, the security stance across these hybrid networks is only as good as the best mitigations to the worst security gaps. For instance, many legacy SCADA systems were originally deployed without security considerations at all, so the “bolt-on” security solutions and practices could have some weak points.
Utilities can begin to answer private LTE security concerns by exploring potential attack paths in their own networks to assess and prioritize vulnerabilities, and then develop mitigation plans for them. However, production environments cannot be used for investigation, so research must be conducted in laboratory settings using network simulations that model multiple attack scenarios and identify and test security mitigations. Understanding and mitigating the weakest cyber security link in private LTE will give utilities the confidence that data availability and integrity for production environments is not compromised.