Post

Private Broadband to Support a Cyber-Secure Grid

Posted to Anterix in the Digital Utility Group
image credit: © One Photo | Dreamstime.com
Carlos L'Abbate's picture
Chief Technology & Engineering Officer Anterix

Chief Technology OfficerCarlos L’Abbate joined the company as Chief Technology Officer in February 2021 and leads the company’s technology and engineering vision to enable successful customer...

  • Member since 2021
  • 1 items added with 388 views
  • Apr 27, 2022
  • 389 views

This item is part of the Special Issue - 2022-04 - Cybersecurity 2022, click here for more

Electricity is essential to modern life, so a successful cyberattack on the grid could cause significant disruption.  So far, we’ve been lucky:  despite successful ransomware attacks on a major U.S. gas pipeline (Colonial), the world’s largest meat distributor (JBS Foods) and an IT services provider that infected over 1,000 companies around the world (Kaseya), [1] one headline we’ve been spared is this one:  “Millions in U.S. without power in wake of utility cyber attack.”  To continue to successfully avoid/repel cyber incursions, utilities will need to employ an ever-evolving suite of cyber security tools, beginning perhaps with a modern and secure communications platform.

Cyber-attacks are evolving, becoming increasingly sophisticated.  For utilities with legacy networks for critical communications, the question is whether those networks can satisfy industry’s changing operational and security requirements.  The vast proliferation of data-generating devices on the grid and the need to communicate that data immediately to enable smart grid applications necessitates both the capacity of broadband and the low latency of modern cellular technologies.  Even as these requirements increase, many legacy communications networks—generally proprietary, single-function, and narrowband, are nearing end-of-life.  Simultaneously, commercial cellular service, while broadband and well suited for many non-critical uses, does not provide utilities the control necessary to implement the security that will be required.  For utilities’ critical communications networks, doing nothing is no longer an option.

Get modern.  An initial, major step a utility can take to secure its wireless communications network is simply to migrate its applications from legacy and public networks to private broadband networks, like LTE and 5G.  LTE is a cellular standard with a strong built-in focus on cyber security; 5G is built on LTE.  In addition, the 3GPP international partnership of standards bodies constantly reviews and revises LTE and 5G to address new and emerging cyber threats.[2] 

Go private.  By adopting private LTE—ensuring unfettered control over the network—a utility can go several steps further.  Importantly, LTE and 5G include a range of cyber security features, but only some of them are required for compliance with the standard.[3]  Other, optional features could provide stronger cyber protection, but implementation is left to the discretion of the network operator.  Because some of these optional features can be burdensome on users and/or operators, deciding whether to implement them requires balancing that burden against the security benefit.  Thus, while a commercial carrier serving the mass market may not be willing to impose overly inconvenient security requirements on their mass market subscribers, an electric utility can choose to apply a different calculus.  The utility can require the implementation of more rigorous—and perhaps more burdensome—LTE and 5G security features without considering the preferences of any other entity.[4]

Benefit from the marketplace.  Another cyber security benefit of private LTE and 5G is that, as in other areas, a vibrant ecosystem for equipment and applications is driving innovation and expanding options for utilities that adopt these network technologies.  Within the Anterix Active Ecosystem program, for example, we have formed the Security Collective, bringing together a team of cyber-physical solutions developers to provide sector-specific knowledge and collaboration to help drive secure solutions in connection with the deployment of private LTE and 5G in Anterix’s 900 MHz spectrum.  We selected the initial membership of the Security Collective to represent cyber-physical security companies that are well-positioned to enhance utility defenses in the context of 900 MHz private LTE and 5G networks. 

Separate for security.  A utility adopting a private network can also implement one particularly valuable protection that really has nothing to do with LTE or 5G.  As a quick review of the headlines will reveal, many attacks on critical infrastructure systems are launched remotely over the internet.  A logical approach for critical infrastructure companies to counter such attacks could be to isolate from the internet networks used for mission-critical grid communications.  This measure could be implemented in a private network scenario.

The practice of separating critical communications networks from the internet gains increased importance in light of a utility’s need to extend data communications to DERs and microgrids that in some cases may be owned and operated by third parties outside the utility’s control.  Utility private broadband networks must be hardened to accommodate the integration of such third-party resources onto the grid without creating new cyber vulnerabilities.

Get physical.  Finally, in addition to cyber security, a utility must also consider the physical security of its network.  Even with a tightly controlled network, cell sites require fencing, surveillance, and other measures to protect against physical attack.  Utilities have long been the nation’s model for physical security of critical assets; because a private communications network will be such an asset, a utility will apply its well-developed physical security standards and practices to its private broadband infrastructure.

In the struggle to secure the grid from cyber attack, there is no silver bullet.  But as the grid grows increasingly reliant upon data-centric systems, one key thing utilities can do to help protect those systems is to deploy private, modern broadband communications networks that are designed with cyber security at the forefront.  The modern grid requires modern communications.


New York Times (May 11, 2021) (reporting the Colonial Pipeline hack) (available at https://www.nytimes.com/2021/05/11/business/colonial-pipeline-shutdown-latest-news.html); Vox (June 10, 2021) (reporting on the JBS Foods attack) (available at https://www.vox.com/recode/2021/6/1/22463179/jbs-foods-ransomware-attack-meat-hackers); Gizmodo (July 2, 2021) (on the Kaseya breach that impacted managed service provider customers around the world) (available at https://gizmodo.com/a-large-ransomware-attack-may-have-ensnared-hundreds-of-1847222405).

For information on how 3GPP operates, see https://www.3gpp.org/.

For example, see 3GPP cyber security standards TS 33.210, TS 33.310, and TS 33.401 at https://www.3gpp.org/DynaReport/33-series.htm.

For a broader discussion of LTE cyber security features a utility may implement, see “Cybersecurity Benefits of a Private LTE Network,” a white paper from the Utility Broadband Alliance, at https://www.ubba.com/ubba-resources/cybersecurity-benefits-of-a-private-....

Connect with Anterix

Fill out this form to receive more information from Anterix.

Anterix
Anterix enables next-generation communications platforms that support grid modernization and cybersecurity strategies. Our 900 MHz spectrum supports secure, reliable, cost effective, and customized LTE solutions.
RECENT POSTS FROM THIS COMPANY
Carlos L'Abbate's picture
Thank Carlos for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member

Discussions

Spell checking: Press the CTRL or COMMAND key then click on the underlined misspelled word.
Julian Jackson's picture
Julian Jackson on May 5, 2022

Thanks for an interesting article. Are you suggesting that ideally there should be two or three layered networks?  Say, a mission-critical secured, closed system cut off from the general internet for mission critical functions; then a second layer where important "third parties" e.g. microgrids that are feeding into the network would interact (and necessarily be less secure, although hopefully using LTE or the like), and finally the web, where consumer facing staff would talk to customers, send emails etc, etc, but which a hacker could possibly gain access to, but would, in the worst case scenario, only be able to do a small amount of harm (compared to shutting down a power station, because it wouldn't be possible to access that network from outside).

Paul Korzeniowski's picture
Paul Korzeniowski on May 23, 2022

Good points. The reality is the bulk of the grid was designed long before the open, connected Internet age. Consequently,  its security is lackluster and in some cases non-existent. The problem is the bad guys prey on such systems. The biggest challenge is coming up with the funding to modernize and protect oneself. Do you have any suggestions for finding funding? 

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »