Vulnerability to malicious cyber attacks
There are over 3000 electricity providers in the United States, encompassing investor and publicly owned utilities as well as electric cooperatives. There has been ongoing trends to increasingly automate and provide remote control and monitoring of electric energy delivery systems.
The deployment of computer network technologies has increased the efficiency and reliability of electric power infrastructure. However, the increased use of digital communications has also increased the vulnerability to malicious cyber attacks.
In 2004 the National Research Councils (National Academies) formed a committee of specialists to address these vulnerabilities and propose possible solutions with an objective to prioritize the R&D needs for developing countermeasures. The committee addressed many potential concerns in the electric power delivery system and classified them based upon different criteria and presented recommendations to minimize the gap between the academic research directions and the needs of the electric utility industry.
Accordingly, any incident such as the occurrence of a fault or disturbance in this complex network cannot be deferred and should be resolved within an order of milliseconds, otherwise there is risk of large-scale outages similar to the occurrences in India and the U.S. in 2003.
There are three main vulnerabilities in supervisory control and data acquisition (SCADA) systems commonly identified: physical vulnerability, cyber vulnerability and personal vulnerability.
In terms of cyber threats, SCADA systems are the most critical elements in the electric power grid in the U.S. Unauthorized access to a SCADA system could enable/disable unexpected equipment (such as disable the protection system or a circuit breaker) which could cause large scale disruptions of electric power delivery.
This paper provides an overview of power system SCADA technologies in transmission substations (Section 2) and summarizes the best practices for implementing a cyber security program. After introducing SCADA system operations in Section 2, a description of the security challenges for SCADA systems is presented in Section 3.
In Section 4, NECRC Critical Infrastructure Protection standards CIP-002 through CIP-009 are summarized. An overview of industry best practices is presented in Section 5.
SCADA’s Historical Background and Definition
A supervisory control and data acquisition (SCADA) system is the network that provides a capability of real time-remote monitoring the state of an electric power and as well as the ability to remote control its operation. The first attempts to control and monitor systems remotely began as early as the 1890s when more patents started to be issued.
These efforts were translated into real applications in the early of 1900s when different remote control and monitoring techniques were developed. The first SCADA platform, which was developed by John B. Harlow in 1921, had two main functions: detecting the system status remotely and then updating the control center automatically.
In the 1980s, the development of remote terminal units (RTU) by using microprocessor-based electronics and intelligent electronic devices (IEDs) increased the flexibility of the SCADA system in terms of functionality and capability.
|Title:||Architecture and Methods for Substation SCADA Cybersecurity: Best Practices – Hamdi Albunashee, Muthanna Alsarray and Roy A. McCann at Department of Electrical Engineering, University of Arkansas|
|Download:||Right here | Video Courses | Membership | Download Updates|