What Grid Systems Need to Know about Cyber Attacks


The energy industry is experiencing an uptick in cyber threats as the digitalization of energy systems and growth of distributed energy resources increase vulnerabilities, making now the time for companies to concentrate on both the security of a physical grid and the digital layer that currently exists. Noam Arbel, CTO, mPrest, sheds light on the vulnerabilities of grid systems and how they can be more vigilant of cyber threats.

The landscape of the electric grid has been undergoing major changes in the last few years. In 2021 alone, there were many advancements within the renewable energy market that has led to rapid growth in the industry – specifically the increased deployment of existing and new classes of distributed energy resources (DERs). Momentum for DERs has driven the need for a faster transition to smart energy systems, such as distributed energy resource management systems (DERMS), and the overall digital transformation of electrical grids. 

While the evolution of the smart grid is addressing the inherent need for stability and flexibility amongst power systems, the digital transformation of the industry has now created a high focus on cyber security and the understanding of the vulnerabilities in both the electric grid and the global supply chain. Between the legacy and simple infrastructure used within most utility companies and a lack of prioritization in sophisticated security technology, energy systems have become a popular target for major cyber schemes. And as high-profile cyber attacks are now being used as tactics during political and civil unrest, now is the time for utilities to understand their vulnerabilities and how they can mitigate risks as the industry continues its path toward digital transformation.

What Type of Cyber Attacks Affect Energy Systems and Why? 

Unfortunately, cybercriminals have multiple gateways when they infiltrate a grid, which can be primarily attributed to the severe lack of consistency in security standards across the utility industry. Discrepancies in the rollout, scale, and details of security tools and protocols across different markets and regions have made it almost impossible for companies to introduce a more reliable security system. Additionally, cybercriminals find grid systems to be a prime target as they utilize DERs, which are simple devices running simple real-time operating systems (RTOSs). These systems are not able to run modern cyber security software (like a firewall or anti-malware software), providing hackers a large attack surface to work from. Utility companies also tend to wait to integrate a more advanced smart system (i.e., DERMS) that could hold this cyber software due to fear of disrupting service and concerns over having to learn a new system. 

What’s more, a recent reportOpens a new window has shown a new kind of malware is on the move. Hackers are beginning to pivot their resources to exploit an IoT device to secure access to an IT network. This access then directly impacts operational technology (OT) networks, such as energy systems. Attackers are taking advantage of the poor operational security practices found within OT systems and the rapid growth of convergence between IT and OT networks. 

In addition to full grid attacks, hackers are also starting to target individual DER devices. Criminals have shown they have the capability to disturb and disconnect someone’s individual service, understand their whereabouts and even pinpoint the entry into one’s network. These types of attacks can happen at someone’s home or a place of business.

For example, if cyber criminals were to gain access to a grid system that powers government buildings, they could easily compromise a country’s entire infrastructure by obtaining sensitive information found in those networks. Or, as we’ve seen recently, hackers can compromise an energy system that controls a primary natural resource for a country, causing a major disruption to that region. Unfortunately, these attacks are becoming more common and more sophisticated, causing most energy organizations to prioritize security measures to prepare for future threats. 

See More: How To Become Cyber Resilient Amid Increasing Threats

What should Grid Systems Focus on to Improve Security? 

While the industry is already beginning to integrate large-scale, IoT-focused solutions, utilities will need to start prioritizing integrating solutions that are adaptive to the network. Specifically, they will need to look towards solutions capable of anomaly detection and network awareness by utilizing AI and machine-learning analysis. 

While implementing these solutions will be crucial to the success of overall grids, power companies need to understand the inherent cyber risks associated with adopting these solutions and the use of DERs. The industry must begin focusing on the infrastructure required to quickly identify and isolate such devices and looking for DERMS that help integrate DERs into a grid and address the associated cyber risks. Cyber threats will always be a factor as the industry continues this adoption of advanced DERs, and if the utility industry does not start to account for them, grid security will be compromised. 

How to Protect Grid Systems Today and Tomorrow?

As these cyber attacks are becoming more troublesome and commonplace, policies and standards that support a more secure grid are emerging to help companies integrate and manage threats to their assets and customers. While introduced in 2005, the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIPOpens a new window ) standards have continuously been updated to regulate, enforce, monitor and manage the security of electrical systems in North America as threats evolve. Today, NERC CIP standards emphasize best practices for digital and physical security, personnel training and change management to help companies prioritize security and protection. 

While a lack of security standardization has been a significant issue in the past for power companies, the industry has recently started introducing protocols to help advance grid systems and enable them to support new and necessary cyber activity. A recent reportOpens a new window from the U.S.Department of Energy’s (DoE) National Renewable Energy Laboratory (NREL), “Cybersecurity Certification Recommendations for Interconnected Grid Edge Devices and Inverter Based Resources,”  details updated security and testing protocols for DERs and other assets capable of communicating with the grid. 

The industry is heading in the right direction to more standardized security protocols. Yet, government entities and industry leaders must continue to recognize the need to develop a strong cybersecurity position and adopt policies that make assessment and security practices accessible to all. Utility companies, system operators and technology providers must continue prioritizing security technology and putting these measures into practice now to lead to a permanent change in how the industry combats these new and long-term cybersecurity threats.

What needs to change to make grid systems and energy resources more secure? Share your thoughts on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window . We’d love to know!