NERC CIP v5 goes a long way toward improving the security of some of our country’s most critical infrastructure, but still gaps will remain. As a utility, you have the challenge of meeting NERC CIP v5 requirements and ultimately in securing all your cyber assets against attack.
In 2013, over 200 attacks against utility companies were identified and reported. While none of those attacks resulted in anyone losing power, experts believe it is not a question of “if” a successful attack will turn off the lights, but “when?”
The substation is a unique environment for providing security. Many devices inside the substation typically communicate with serial communications. Those that have an IP address are often limited to communicating only with other devices inside the substation. Routed protocols will pass traffic back up to the Data Center and system updates may be passed from the Data Center back to the substation, but all those communications are protected… right?
Unfortunately, there are a number of scenarios where the substation can be compromised. Take the following real life examples:
An employee was duped into using a compromised USB thumb drive. The drive was then used to update control systems with malware.
A vendor’s website was compromised and firmware updates were exchanged with infected versions of the same software. The infected versions implemented a “time-bomb” that would cause the systems to shut down simultaneously.
Upon entering a substation, a malicious user could plug into the network switch and scan active devices on the network. An HMI device with an old version of the operating system would be easily compromised.
An authorized user at the data center could potentially compromise systems in the substation by making unauthorized changes to the network configuration.
These are just a few examples of how a substation could be compromised. Unfortunately, until just recently, the hardware to support identifying and solving these issues was not available. Today, Thomason Technologies delivers the TTL1000 to provide cyber security to the substation. Equipped with a Next Generation Intrusion Prevention System, a Next Generation Firewall and network intelligence, the TTL1000 provides the badly needed extra security that is not only identified in NERC CIP v5, but that goes beyond the compliance requirements to meet the true security needs of the substation.
Photo By:Satoshi KAYA