Critical Infrastructures and Smart Grid Security

The electricity distribution system is arguably the most complex system ever build by human engineering. Due to changes in the way we use the power grid, In Europe alone, the distribution grid is managed by over 2400 independent companies serving 260 million households, which makes the implementation of the "Smart Grid" the biggest IT project in history

Considering the pure scale, safety requirements and legacy issues, this project is hard enough even before taking into account security, and many digitization projects are already struggeling in the integration phase. It is also a perfect blueprint for security of other critical infrastructures, demonstrating many of the issues and solution approaches in critical systems.

The challenges of IT in an OT system

Even though the track record of keeping critical IT infrastructures secure is sometimes questionable, securing critical processes is an even more daunting task. Such infrastructures have high real-time and safety standards with highly specialised software, which makes every software update a serious safety risk. Furthermore, processes have completely different requirements for availability - as opposed to an IT system, one cannot and divert customers to a backup server, and shutting down the process to mitigate a problem is often not possible or may require a controlled shutdown procedure that may last hours. Other fundamental differences stem from different system architectures (as opposed to an IT system, the most critical devices may be impossible to protect against physical attacks), legacy issues, as well as dealing with a multitude of very small, resource restricted devices.

How real is the threat?

In the recent past, both main threats to smart grid security have been seen to occur in reality. While he WannaCry ransomware was most likely not intended to tarket critical infrastructures, due to the difficulty of updating and patching a safety critical system makes such systems easy targets for collateral damage. This is in some sense worse than a highly qualified targeted attacker - since the attacker did not aim for the system they are attacking, they may damage processes far beyone what they intended. However, there also is a danger of ransomware deliberately targeting critical infrastructure to extract more money. A recent analysis of the Malware used for the attack on the Ukrainian power grid in Prykarpattyaoblenergo (which shut down 30 substations and left several hundred thousand people in the dark) has shown that the attack software used was part of a larger toolkit, which has the flexibility to take down other countries' infrastructure as well. The reasons why the attack could be mitigated rather fast was that the digitisation of the substations in question was quite recent, and the previously used manual procedures where still in place. With the digitisation pushing forward, there is a time window of 5 to 10 years until a manual rescue will no longer be possible.