ISSN 2515-0855 doi: 10.1049/oap-cired.2017.0936 www.ietdl.org Cyber security – security strategy for distribution management system and security architecture considerations Sukumara T. 1 ✉ , S.D. Sudarsan 2 , Janne Starck 3 , Timothy R. Vittor 1 1 Distribution Automation, Electrification Products Medium Voltage, ABB Inc., Florida, USA 2 Corporate Research ABB GISL Ltd., Bengaluru, India 3 Distribution Automation, ABB Oy, Vaasa, Finland ✉ E-mail: sukumara.t@us.abb.com Abstract: We cover some practices and methods in creating effective cyber security architectures for substation and distribution automation systems and products which are robust enough to withstand cyber-attacks and resilient enough to recover in the event of security compromise and keeping device functional and executing its core functionality even during attack. This is achieved by a defence-in-depth strategy starting from product design, a dedicated security test centre, secure system architecture, patch management and security audits. Understanding practices and processes helps in handling cyber security in a holistic manner with an explicit focus on operational performance. 1 Introduction The recent cyber-attack on the power grid in Ukraine resulted in half the homes in Ivano-Frankivsk region with a population of 1.4 million being without electricity reportedly for 6 h. Reports say on 23 December 2015, Kyivoblenergo utility company provided public updates to customers, indicating an unauthorised intrusion that disconnected 7 transmission substations (110 kV) and 23 (35 kV) distribution substations leading to an outage for >80,000 customers [1]. The attack was conducted mainly through distribution supervisory control and data acquisition (SCADA) system computers along with a denial of service attack to the phone systems. Computers running the SCADA human-machine interface (HMI) software and related SCADA servers, mainly based on Windows operating system, were infected using booby-trapped macro functions and malwares embedded in Microsoft Office documents. The industrial control systems used to supply power to millions of people could be infected using such a simple social-engineering ploy of tricking the users to click on attachments. In this case, the utility operators resorted to turn the system to ‘manual mode’ of operation in order to restore the power system back into operation. Also another suspected cyber security incident in Ukraine reported on 19 December 2016 and this time it is in a transmission level substation. Cyber security once considered a non-issue has gained traction and become main stream as information technology (IT) networks get integrated with operational technology (OT) networks. This is highlighted by several cyber security incidents including the one mentioned above. Concepts such as remote configuration/parameterisation, monitoring, remote SCADA communication, remote diagnostics and firmware updates are becoming important requirements for relays and control systems. This leads to inherent requirements of integration of IT and OT networks. This in turn necessitates ‘availability’, ‘integrity’ and ‘confidentiality’ of information and data in substation automation systems and distribution automation networks. While electric utility systems and processes having responsibility of creating and maintaining secure power system networks consistently provided some of the highest levels of reliability and security in the world by virtue of being isolated stand-alone networks that are often proprietary which limits interoperability. Performance-based standards like NERC CIP, IEC 62443, ISO 27000, EU NIS directive require utilities and end-users to implement a comprehensive security program and submit to regular compliance audits which makes only power utilities and other end-users to be NERC CIP compliant. Vendors can provide technical features that support the utilities or end-users to be NERC CIP compliant and support utilities and end-users to know how they can optimally secure their devices by adopting best practices and also build up awareness. The key challenge is in our ability to support end-users in creating a converged IT–OT network without compromising on security aspects. 2 Challenges related to security measures for distribution system Internet of things (IoT) coupled with integration of IT–OT networks is changing the landscape including utilities. Utilities are currently installing large numbers of modern relays in their substations, not only to replace legacy protective relays but also for metering and equipment monitoring. These devices provide valuable information that can be put to use to improve reliability and reduce operating costs while throwing up new cyber security challenges. At the outset, systems are becoming cyber-physical. Isolated physical access controlled systems can now be controlled using logical access from cyber-space. Substation and feeder equipment like protection, automation and control relays, and smart meters are being deployed with advanced communications networks which make them more vulnerable to cyber threats. Threat landscaping and identifying threat vectors is a key challenge to be dealt with to provide appropriate logical access control mechanisms. Modern protection and control relays/sensors are the first-level intelligent devices close to primary equipment, playing a critical role in substation protection, control and monitoring functionalities. Relays being at the bottom of the hierarchical communication network having first-hand access to power system, not only play the role of protection which isolates the faulty section of subsystems from the rest of grid but also play an active role in post-fault power restoration and self-healing with the help of supported communication network. Yet these systems have limited resources and hence most vulnerable in a connected world, especially the relays in the distribution systems unlike relays placed in secured network inside substations and generation plants. For example, most of the re-closer relays are installed on the poles 24th International Conference & Exhibition on Electricity Distribution (CIRED) 12-15 June 2017 Session 6: Challenges for DSOs in new business environments CIRED, Open Access Proc. J., 2017, Vol. 2017, Iss. 1, pp. 2653–2656 2653 This is an open access article published by the IET under the Creative Commons Attribution License (http://creativecommons.org/licenses/by/3.0/)