Cybersecurity in the power grid of tomorrow

The Innovations in System Control by 2030 (InnoSys 2030) research project is investigating novel approaches in system control for more efficient utilization of the power grid, including temporary relaxation of the strict principle of (n-1) security, which ensures an uninterrupted power supply even if any one component of the power grid fails. Above all, this means increasing the level of automation in operational network operation and control, and a resulting advance in networking with information and communications technologies (ICT).

This is where the transmission network operators face another critical challenge: ensuring ICT security against cyber-attacks directed at the power grid. The 2015 and 2016 cyberattacks against the Ukrainian power grid, which led to massive blackouts, underscored the growing cyberthreats to the grid as critical infrastructure. In Germany, too, the threat was driven home in 2018 by warnings from the Federal Office for Information Security (BSI) concerning targeted hacker attacks on German energy suppliers after attackers penetrated the office networks of various companies in the energy industry. Furthermore, the recently enhanced IT Security Act obliges operators of critical infrastructure to comply with stringent security requirements.

Fraunhofer FKIE is addressing this development in the InnoSys 2030 research project by taking ICT security into account and implementing it from the very beginning. This security-by-design approach means that ICT security has to be considered as early as the design stage for new concepts in system control. Moreover, as new concepts are developed, it is imperative that their interaction be continuously evaluated with regard to ICT security and, if necessary, that security measures be tightened up early on.

To enhance ICT security in InnoSys 2030, the concepts developed will be analyzed for potential weaknesses and new types of threats to reliable and secure system operation. The findings obtained in the threat analysis will form the basis for secure implementation of the concepts. These preventative measures will also be supplemented by the development and evaluation of detection methods for cyber attacks within the ICT network, where integrating contextual knowledge has been shown to be particularly promising in terms of enabling a rapid, targeted response in the event of unavoidable security incidents in the future.

ICT security requirements and specifications were defined as the basis for evaluating ICT security, particularly those from a white paper published by the German Association of Energy and Water Industries (Bundesverband der Energie- und Wasserwirtschaft e.V. (BDEW)). While many such criteria focus on implementation details or contractual agreements during the implementation phase, the focus of InnoSys 2030 is on design support via security-by-design to enable secure implementation of the measures and concepts developed.

Thus, ICT security was evaluated with special attention to those evaluation criteria that can be recorded as early as the design level, but at the same time are highly relevant to real-world implementation of ICT security. Concept descriptions, responses to a specially developed questionnaire, and discussions with those responsible for the concepts were used to assess the ICT security of the measures and concepts. With this as a basis, the evaluation of the measures and concepts with regard to ICT security was validated with those responsible for the concept and then reviewed later in the project on the basis of findings from demonstrators and field tests and, if necessary, adapted to the new insights.

In addition to these preventive security measures, InnoSys 2030 also looked more closely at methods for detecting cyber attacks to enable a rapid, targeted response to new threats. Different types of attacks were then simulated in a practical test setup to evaluate and compare the performance of various detection methods. This included both the relevant published detection methods and proprietary methods developed in-house.

The assessments and practical evaluations provide important insights for the ICT security of future power networks. In general, the aim is to minimize the amount of time-critical communication between systems so that in the event of a problem, such as an ICT security incident, there is time to initiate corrective measures. Adapted detection methods also play an important role here, so that new threats can be identified in sufficient time. Furthermore, all systems involved should be capable of recognizing manipulation, falsification and suppression of measured values and should also be able to distinguish these from technical faults, such as the inaccessibility of a system. After all, deterministic system behavior in the event of a fault is advantageous, such as the transition to a safe default state, since this enables all actors involved to better assess the current state and thus avoid negative interactions.

However, the core message from this analysis is that future design and implementation decisions will also have a significant impact on the ICT security of the overall system that results. For this reason, it is essential that ICT security continues to be accounted for throughout development and implementation of new measures and concepts, so that the power grids of the future are effectively equipped to deal with the expanding area of unknown threats.

Fraunhofer FKIE will assist power network operators in implementing their concepts, especially in the context of the InnoSys 2030 advisory board and the Fraunhofer Center for Digital Energy, in a confidential and scientific manner.