As the need for reliable, real-time data communication in mission-critical SCADA systems continues to increase for monitoring and control distribution automation as part of the "Smart Grid," electric power utilities are looking for new and better ways to improve their communication infrastructure, making it more reliable and secure.
Wireless Technology for a Secure Smart Grid
Matthias H. van Doorn | FreeWave Technologies, Inc.
We can compare what’s happening on the distribution side of the electric power industry to the gold rush of oil and gas. Oil prices exploded, and companies wanted to get more out of the ground, which required hiring more people. Eventually, they ran out of resources to continue hiring, so they had to focus on automation. Today, the same thing is happening in the electric power industry. Most of the functions in substations used to be done manually. A field technician would make all the mechanical adjustments. Fast forward to today, and they just don’t have the people anymore. So, again, for economic reasons they must look at automation.
Wireless Technologies’ Role in the Smart Grid
Traditionally, wired communication systems offered a reliable method for data transmission. However, the deployment cost for fiber or copper, trenching or running conduit, and maintenance costs can quickly add up. As the demand for distribution automation continues to increase, wireless technologies have stepped up to the plate. With most substations remotely located, operators come across many communication challenges. In order to communicate with a substation, operators can quickly run out of choices with wired communication, as the cost for wire placement to remote locations is extremely high and sometimes it’s simply not plausible to run a wire to a remote location. As a result, many people are finding that they must rely on wireless.
Wireless technologies, such as public cellular networks or standards-based technology for private networks (WiMAX, Wi-Fi), can be faster and less costly to deploy, yet open up the possibility of targeted cyber attacks. In addition cell phones, WiMAX and Wi-Fi are built for downstream traffic. However, there’s another capacity going upstream. For example, when searching the Internet a person receives pictures and large pages that were loaded downstream, while very little goes upstream. That’s how these technologies have been built. For example – an evideo connection at zero is about 2.4 MB/S downstream and only about 153-154 KB/S going upstream.
Now, a class of wireless data transmission radios exists that is proven to be both cost-effective and secure. These long-range radios offer a high throughput, both upstream and downstream. As far as communication technologies, distribution automation is a time-sensitive application. A lot of the equipment requires very low latency – meaning the time it takes for control signals or packets to travel across the link and cause the action you intend. These wireless radios especially have high throughput and very fast latency – so they are more suitable for automation for SCADA applications.
Keeping the Grid Secure
The electric grid has been recognized as a prime strategic target for attacks since back in World War II, when allied bombing raids on power plants, substations and electric transmission lines attempted to reduce the industrial capacity and output of the enemy by depriving them of the much-needed electricity to run those factories.
It was during this same period that Hedy Lamarr (yes, the famous movie star) birthed the concept for a “Secret Communication System,” using frequency-hopping (the basis for modern spread-spectrum communication technology) for the radio control of torpedoes, so the signal could not be jammed by an enemy. This concept eventually revolutionized wireless technologies and led to the modern Frequency Hopping Spread Spectrum (FHSS) systems -- a crucial defense to the cyber threat of “Denial of Service” (DoS), otherwise known as Jamming.
FHSS wireless systems are very resilient when it comes to attacks, like interference (deliberate or coincidental) and “jamming.” Other effects can be observed when wireless signals travel through space, such as the “multipath” phenomenon, simply because they use only very small amounts of radio spectrum at a time and don’t dwell (or remain) at that frequency long, and instead “hop” to another frequency quickly. This makes Denial of Service (DoS) attacks on FHSS systems very difficult, albeit, if not completely impossible.
Today, the evolution of cyberspace has made the electric grid more attractive and more vulnerable to exploitation. There has been an increase in attacks, stealing, corruption, harm and destruction to our systems. In fact, the actual threat of hackers attacking critical infrastructure from communication networks to financial institutions or even the electric grid has become very real.
With threats to the electric power infrastructure and data communication networks (including wireless SCADA networks responsible for critical infrastructure) increasing in frequency and sophistication, several organizations, and even branches of the government, are looking at addressing the issue with new policies and security standards. With the ever-increasing threat of cyber terrorism, communication networks and infrastructure that monitor and control assets of the electric power grid need to be protected, as evidenced by NERC’s (North American Electric Reliability Corporation) Critical Infrastructure Protection (CIP) standards and a new cyber security bill (“Cybersecurity Enhancement Act of 2009”) that currently is being passed by legislature. It is essential for utilities operators to find the most reliable and secure communication technology available.
Threats to the Smart Grid
Two of the most common threats to data communication networks today are Denial of Service (DoS) and Intrusion.
Denial of Service is an attempt to make a computer resource or network unavailable to its intended users. Denial of Service could be as simple as jamming an electric or electromagnetic signal or as sophisticated as saturating a system or network with communication and data traffic intended to overwhelm and avoid legitimate data to get through and be processed. The consequences of DoS attacks can range from being simply irritating, for example, when services are unavailable or slow to respond – to dire – such as when critical control signals don’t reach the intended destination.
Today, wireless data radios have proven to protect mission-critical data from Denial of Service attacks, interception of data traffic or even intrusion into networks by using Frequency Hopping Spread Spectrum (FHSS). Additional security is provided in the form of privacy for the transmitted data through encryption, which assures that only the intended recipient will be able to decode and read it, even in the event that the transmission is intercepted.
Penetrating and intruding into a network or computer resource requires a different level of sophistication. Consequences can range from simply spying or stealing information to corrupting data or maliciously and intentionally causing harm or destruction by taking over network and/or computers and control systems. For example, intentionally opening valves or controlling pumps in a wastewater system resulting in contamination or pollution or remotely opening pressure valves on a pipeline, allowing oil or gas to escape into the environment.
By no means is this a complete list of threats and potential attacks, after all, there are many published cases of disgruntled employees causing all sorts of security breaches and havoc in the workplace.
How Wireless Protects the Smart Grid
Access Control is one of the most important security features to prevent unauthorized access and intrusion, and some FHSS spread spectrum radio manufacturers have incorporated this security measure into their products. The goal of access control is to only allow network access by authorized devices and to disallow access to all others. Access should be authorized and provided only to devices whose identity has been established (authenticated) and whose placement on the network is approved in accordance with network plans, designs or policy. The verification of identity, or Authentication, is based on the presentation of unique credentials to that system. The unique serial number of a wireless device, for example, (that hopefully can neither be “spoofed” nor counterfeited) may be such a unique credential.
“Industry Standards” wireless, such as Wi-Fi and WiMAX, have several positive features. However, a negative aspect is that the only requirement to connect this wireless device is an “off-the-shelf,” standards-based device -- compatible with the ones used in a specific wireless network -- for access. For example a Wi-Fi card, purchased for less than $50, is all someone would need to try to gain access to the electromagnetic waves emitted by my neighbor’s Wi-Fi Access Point and Internet connection. And if they did not protect it, that’s all they would need to get “free” Internet access through his Wi-Fi network. FHSS radios make it much more difficult to access the spectrum, as the intruder would have to have the same frequencies and the same hopping pattern at the same time, just to access the radios base.
Data that is “in transit” needs to be protected as well. Even if an unauthorized device manages to gain access to the network, it doesn’t necessarily gain access to the actual data without passing yet another layer of security. Today, the Advanced Encryption Standard (AES) is “the” industry standard for encryption and offered by some FHSS wireless radio providers. As a Federal Government standard, and even used by the NSA, it can be trusted to protect sensitive information and maintain data privacy.
Using secure communication technologies for distribution automation can save time and money on the operator’s end. The Smart Grid is a potential target not only to physical attack, but cyber attacks as well. Today, there are wireless technologies available that not only offer reliable communication to remotely located substations, but that are less vulnerable to DoS and Intrusion type attacks. When looking for a wireless automation solution, a provider has many options. FHSS wireless data radios provide secure, hardened wireless communication that has been proven in mission critical applications.
Matthias van Doorn is the Product Manager for Ethernet and licensed radio systems at FreeWave Technologies Inc. He has more than 15 years experience in the telecommunications industry and previously has worked for companies, such as CalAmp Corp., ADC Telecommunications, Digi International and Siemens. Mr. van Doorn holds a B.Sc. degree in electrical engineering and an MBA in international business.
This post does not have any comments. Be the first to leave a comment below.
Post A Comment
You must be logged in before you can post a comment. Login now.