In January, the U.S. Department of Energy (DoE) launched its new Building a Better Grid initiative. The DoE’s stated intention for the program is to create a more robust transmission system that will restore the nation’s electrical grid through expanded access and greater resilience. The initiative emphasizes supporting generation and distribution of clean energy, and hardening the grid to sustain against physical and cyber attacks, and increasing extreme weather patterns.

As new and more modern equipment is installed to meet these resilience requirements, that equipment will be enabled with more network-connected components.  Those connected devices will increase the data available from these sites, requiring cybersecurity that can both protect the facilities and allow the data needed to report on the status of the equipment to flow. That resilience should carry down to the substation and smart grid levels, which are the heart of local power distribution.

Smart(er) Grids Mean Greater Cyber Risks

The ongoing analog-to-digital evolution involves growing adoption of smart grid information technology (IT), which is quickly changing the grid landscape. Sensor-based Industrial Internet of Things (IIoT) devices are now being introduced to precisely monitor everything from power volume and quality to verifying correct transformer configuration. Those insights will result in greater troubleshooting efficiencies, improved predictive maintenance outcomes, and significant cost reductions. However, because these sensor-based devices may rely on 4G and 5G wireless network connectivity, they are far more vulnerable to cyber threats, escalating the need for strengthened defenses.

Those threats can be the typical planting of malicious code, or they may also be more subtle. For instance, a bad actor might change the value of how a particular substation asset is working so that it fails faster. This is akin to the 2021 hack of a water treatment plant in Oldsmar, Florida, where an attacker attempted (but thankfully failed) to manipulate a chemical component that would likely have gone undetected until people got sick. Or, an attacker might insert false information into a system in a way that doesn’t change the traditional monitoring view but yields inaccurate data. This diversity of threats necessitates a strong cyber posture and multiple layers of security.

Additionally, while power generating stations are well-equipped with physical “guns, gates, and guards,” the tens of thousands of substations placed around the country are not. Nor are alternative energy providers like wind and solar farms or large battery storage sites, whose generated power also feeds into the grid. These “lights out” facilities are traditionally monitored with cameras and operational technology (OT) measurement devices, but the inevitable installation of thousands of IIoT devices make cybersecurity and grid resiliency critical yet far more complex.

Three Steps to Building a More Cyber-Resilient Grid

Much of this is new territory for owners and operators, who are used to traditional OT environments. Following some fundamental steps will help them integrate the cyber defenses that are now essential to protecting the entire grid infrastructure.

Follow NERC Requirements. The North American Electric Reliability Corp. (NERC) offers guidance on how to tackle this formidable challenge. NERC maintains Critical Infrastructure Protection (CIP) requirements to guide asset owners in securing the bulk electric system and preventing intruders from accessing it. The CIP mandates adopting either rock-solid physical security or a combination of slightly less physical security with strong cyber security. Maintaining the right balance is already a tricky proposition for asset owners; the increasing adoption of networked IT will cause NERC to push stronger regulations all the way to the smaller and smaller substations.

Design Cyber into All Modernization Efforts. Owners and operators will be well-served to get a head start on cyber resilience as they undertake other modernization initiatives. For instance, as part of strengthening physical resilience against climate threats, utilities may relocate substation equipment to safer locations. This is already being done in places like New York City given flood events from increasingly severe hurricanes. Other cities are following suit. Such moves will obviously include upgrading to the latest connected technology. It only makes sense to factor in cybersecurity as part of the plan from the start.

Adopt Proven Solutions. There are reliable, time-tested solutions available that asset owners can adopt as they move forward. The following are two examples:

  • Security information and event management systems (SIEMSs) are designed to monitor the status of assets and help identify network intrusions. If a particular network asset is changed or disrupted, the SIEMS will collect data about that event, which can then be reported to utility staff monitoring in-field assets for further investigation.
  • Hardware-enforced security solutions that incorporate physical devices can provide a deeper protective layer. NERC provides guidance on how to adopt hardware technologies such as non-routable access points, which enable remote monitoring and sharing of specific system data. Such devices provide a physical boundary between the source network at a substation and the monitoring center where data is captured. Stripping away traditional open network protocols that are inherently insecure prevents bad actors who may breach substations from having electronic access to the broader grid.

The world is already witnessing the impacts new digital warfare can have, and how it can even be combined with a physical invasion. DoE’s Build a Better Grid initiative will keep pressure on grid providers to not let their guard down against the growing number of threats posed to critical infrastructure here at home. Asset operators and the nation will be well-served by seizing the opportunity to mitigate physical threats from climate change along with safely and sustainably hardening cyber resilience—both of which will keep the energy on which we all depend flowing.

Dennis Lanahan is a cybersecurity veteran with deep expertise in operational technology who serves as vice president for Critical Infrastructure Markets at Owl Cyber Defense.