#White Papers
Implementing Cyber Security Measures in Electrical Substations
Editor’s Note: This article was created with expertise from Germán Fernández, our vertical marketing manager for the power utility industry
In the past, electrical substations were designed to be safe, easy to use and reliable. Security wasn’t a concern. As the substations have become more complex in their design, cyber security became a priority.
A substation with lax security is more likely to fail or have issues – and these failures can be expensive. So, it’s necessary to have a security policy in place that can help minimize or contain threats.
A good cyber security policy focuses on these three objectives:
Confidentiality: Preventing unauthorized access to information
Integrity: Preventing unauthorized modification or theft of information
Availability: Preventing denial of service (DoS) and ensuring authorized access to information
Typical wisdom is that in IT networks, confidentiality is the main objective. However, in industrial networks, availability is usually considered the critical design parameter.
Five Levels of ICS Security
It’s important to note that cyber security is not a static process. As conditions and threat sources change, you may need to upgrade systems and update your policies. Regardless of the source of the threat, an effective cyber security policy contains the following five levels of security:
Preventive security controls prevent an incident from occurring. Examples include using strong passwords and preventing external USB drives from accessing open ports.
Network design security minimizes vulnerabilities and isolates them so they don’t affect the rest of the network.
Active security blocks traffic or operations that are either not allowed or not expected in a network. Examples include encryption, Layer 3 firewalls and antivirus software.
Detective security controls identify an incident in progress or after it occurs by evaluating activity registers and logs. Examples include log file analysis and intrusion detection system monitoring.
Corrective security limits the extent of damage caused by an incident and includes both a configuration parameter backup policy, as well as firewall and antivirus software updates.
How to Create a Good Industrial Cyber Security Policy
In the past, a cyber security policy would often have a single point of defense. However, as substations become more complex, it’s now necessary to have a cyber security policy with several defense points. A policy based on Defense in Depth is a practical and cost-effective solution.
Defense in Depth involves using multiple, overlapping layers of protection and includes both policies and procedures, as well as the physical network security. A multi-layered security approach allows you to control or manage an attack more efficiently, while allowing the protected portion of the system to stay secure and running.
Defense in Depth is based on the following concepts:
Multiple layers of defense: Security is layered, so if one layer is bypassed, another layer will defend against the attack
Differentiated layers of defense: Each layer of security is slightly different than the other, so if an attacker gets past one layer, they don’t necessarily have the ability to get past the remaining layers of security
Threat-specific layers of defense: Each layer is designed for the threat, whether it’s computer malware, angry employees or identify theft
It’s not possible to completely prevent all attacks. But you can quickly detect attacks, isolate them and control them so they don’t impact other areas of the substation network.
Since electrical substations evolve over time, it is necessary to conduct maintenance tasks in order to protect the network. These include changing device passwords on a regular basis, implementing upgrades to fix bugs and maintaining regular antivirus software updates.
