The growing rate of energy usage with diminishing natural resources has highly pressurised the power sector and the energy producing identities. To tackle these problems a new concept of ‘smart grids’ has been evolved which holds out hope for enhancing the effectiveness and dependability of the electrical system. This technological advancement in the way of smart grids can be a major boost to the struggling power sector which would minimize the usage of natural resources and depend highly on modern technology as well as renewable sources. But with the technological advancement, comes the issue of cyber security. Power sector in the recent years has been hit with multiple cyber-attacks which not only prove to be dangerous for the big corporations but also to the general public and their privacy. The author has examined a number of significant cyber-attacks on the smart grids to identify any potential flaws and gauge their impact. The author has also suggested various recommendations as a way to deal with breaches, defend against cyber-attacks, and implement suitable remedies.
The rapid urbanization, advanced living standards and the modern day technologies have paved the way for scarcity of the energy resources available. This has pressurized the power sector adversely and the level of electricity consumption is at all-time high. This had led to the development of a new Electricity producing network called ‘Smart Grid’. The Smart Grid is a structure for supplying energy that makes the use of digital communications. The existing conventional Grid system is unable to provide services to the required standards, but the next-generation Smart Grid power system will ensure the adequate supply of electricity. Smart grids are designed to decrease the expenses associated with electricity usage, minimize the carbon footprint, and assure the continuous flow of the power supply. Affordability is one of many benefits of the smart grid technology. This is due to the smart grid’s usage of the internet for transmission. However, accessing the internet exposes the smart grids to various cyberattacks. A major cyberattack on the country’s vital information infrastructure might cause it to come to a complete stop.
Smart grids vis a vis the power sector is at the centre of the critical information infrastructure and any disruptions there would have a devastating effect on the country. The Critical Information Infrastructure has been identified by theSection 70 of the Information Technology Act as “those computer resource, the destruction of which, shall have debilitating impact on national security, economy, public health or safety“. Additionally, since the smart grid technologies share important data, theft or manipulation of this data could breachconsumer privacy. These flaws have made the smart grid a prime target for hackers, drawing the concern for the government and the industry.
The Smart Grids– An Overview
India being the third largest producer of electricity, has an installed capacity of403.759 gigawatts as of June, 2022. The smart grids combine cutting-edge digital technology to efficiently and safely manage the transfer of energy from multiple sources of generation, including wind, solar, coal, and nuclear power. Thus, prioritizing the form of energy, such as giving renewable energy sources priority over non-renewable sources, helps to reduce environmental effect and operating costs. Additionally, it maximizes system stability, transparency, and uniformity.
Smart grid is an advanced system that handles power supply in a safe, dependable, and cost-effective way. It is based on a robust network and allows for the incorporation of all related devices and components. It incorporates smart metres, sources of renewable energy and energy-saving infrastructure.
Advantages of Smart Grid
- In the foreseeable future, the growing use and transition onto renewable sources of power is evident. The primary distinction between smart grid and traditional grids would be that smart grid is bidirectional, enabling more effective distributed generation of power in a sustainable way. Smart grids receive extra power produced at the peak, including from roof solar panels, windmills, or pumped hydropower. Improved flexibility and hi-tech technologies allow better integration of the renewable energy sources, such that their economic potential grows even without the inclusion of power storage. This allows them to maintain a consistent production at all instances. A smart grid renders the power generator more robust and quickly able to respond to catastrophes including storms, quakes, terrorist attacks, and huge solar flares, among others. The self-diagnosis and self-healing mechanism of smart grids enables automated reconfiguration in the event of equipment failure or disruptions. This technique identifies and eliminates disruptions before they become widespread.
- One of the major problem concerning the electricity sector is the power theft. In India,27 percent of the total electricity produced is lost either due to the dissipation of wires or theft. However, such a situation can be prevented in the case of smart grids, since they are monitored remotely and can trigger immediate action in case of any attempt of theft.
- A smart grid’s primary characteristic is its intelligence; for instance, it guarantees that power is restored promptly and intelligently after an incident, prioritising various emergency services. When utilising this innovation, the user has extra functionality.
- A monthly bill summary is no longer required to determine how much power was consumed. With smart metres and other devices placed as part of a smart grid system, one can clearly see how much power he consumes, and the price can be read on the web or mobile apps.
- Using the smart grid innovation, one can conserve more energy by selling excess power to the grid, thereby allowing peak load to be curtailed and contributing to a more standardised distribution of electricity.
Cybersecurity Dangers that Co-Exist with Smart Grids
There are several possible concerns associated with Smart Grids, which might not only harm corporations but also general users. These vulnerabilities may represent substantial dangers to the personal privacy of individuals, for instance, the potential for critical customer data to be hacked or the firm to cease operations permanently. These dangers are not exclusive to Internet use; they also impact consumers at home, where attackers may obtain individual data.
1.PHISHING– Phishing might be the easiest component in exposing both clients and businesses at risk since it is so simple to perform. With this knowledge, the hacker would utilise social engineering to obtain vital knowledge of the company. On the contrary hand, the worker may face additional hazards within the firm, such as fraudulent emails or communications that appear to be legitimate emails in which the worker may provide confidential info that might lead to being hacked. These hazards may harm a Smart Grid customer’s emotional and financial well-being as a result of providing data to suspicious links and without knowing the ramifications of these dangers. However, this is a major problem when addressing security measures against phishing attempts.
2.DENIAL-OF-SERVICE ( DoS)– DoS is a premeditated attack, and If a (Dos) assault happens on the Smart Grid, it will incur enormous losses. The DoS attack will have the effect of clogging the network and is a frequent method of attacking the network topology and Data-link layer of the grid model. An externally designed attack typically aims to take down a sizable chunk or possibly the entire targeted infrastructure. The hackers may alter the medium access control (MAC) to get backdoor access to the network, allowing them to hack machines with ordinary network requests. If a (DoS) attack happens in the Smart Grid, it can prevent the communication system from responding to various devices. It is possible for a Denial-of-Service cyberattack to be launched against the Smart Grid because the primary technologies for Smart Grids are accessible.
3.MALWARE PROLIFERATION– Malware proliferation poses the greatest threat to the Smart Grid. The hackers are capable of developing spyware that can infiltrate both the organization’s systems and equipment. By transmitting spyware, an attacker is able to control the functioning of devices or systems, gaining access to sensitive data.
Significant Cyber Attacks across the Globe
On December 25, 2015, a cyberattack outbreak occurred in the midst of a civil conflict. A cybercrime was launched on an electrical energy station in the Ukrainian city of Ivano-Frankivsk, exposing eighty thousand (80,000) individuals at danger by leaving them in the dark, while one million four hundred thousand (1.4 million) people were impacted.
The cyberattack was conducted employing spear-phishing emails and the “BlackEnergy” Trojan horse virus. This malware was known of erasing data, destroying hard drives, and seizing control of afflicted machines. The cyberattack intensified when the attacker conducted a synchronized Denial-of-service (DoS) assault against the company’s utility infrastructure, disabling the power station’s support phone line. As a consequence, customers were unable to connect the power station due to the failure (DoS attack).
Stuxnet, a harmful computer worm, attacked the Supervisory Control and Data Acquisition system (SCADA). Stuxnet was discovered for the first time in 2010. Nevertheless, it has been under development ever since at least 2005. (Denning, 2012). The Stuxnet was believed to have been generated by the United States and Israeli security organisations and it attacked theNatanz Nuclear facilities in Iran. The Stuxnet worm was inserted into the Natanz computer network and remained dormant until a particular set of circumstances were satisfied. It automatically started to change system codes while transmitting signals that gave the impression that everything was functioning regularly. The Stuxnet malware made it possible for outsiders to take over the facility.
The malicious malware WannaCry Ransomware prompted a worldwide cyberattack on global companies, like Renault and FedEx, and crippled the machines of countless of working people. The WannaCry ransomware was created on May 12, 2017.
Upwards of 200,000 computers were attacked with WannaCry Ransomware, which demanded a fee to decrypt the victim’s contents. The attackers asked that bitcoins worth $300 be delivered to a given location in order to unlock the whole server, and if users did not comply within the allotted time, the overall system data would be erased forever.
Cyber-Attacks in India and the Issuance of Cyber-Security Guidelines
- InMarch 2021, it was reported that a Chinese hacking team apparently attacked the IT systems of electricity generating and distribution plants in the various Indian states including Maharashtra, Assam, Delhi, and Tamil Nadu.
- InJuly 2021, the Power System Operation Corp., or POSOCO, stated that, five regional load dispatch centres, and 34 state load dispatch centres reported at least 30 daily cybersecurity incidents.
- In the same month of previous year,India Today reported that U.S. threat intelligence firm identified various Pakistani hackers targeting power firms with a new virus.
In response to the various cyber assaults against power supply systems, India’s Central Electricity Authority (CEA) has released cybersecurity guidelines for power sector companies, ‘CEA (Cyber Security in Power Sector) Guidelines, 2021’. This was the first time when any guideline was issued specifically for the cyber-security in the power industry.
These guidelines were designed to safeguard OT systems, establish a cyber security structure, strengthen comprehensive risk assessment, strengthen emergency response and disclosure, and enhance cybersecurity expertise. The guidelines also mandated the appointment of a Chief Information Security Officer (CISO) and establishment of an Information Security Division.
These requires that the products should be obtained from known “trusted sources” and “trusted products”; otherwise, the product must be examined for spyware or malware trojans before being used in the power distribution system. The principles also applied to connected companies, such as technology providers, suppliers and distributors, and original equipment producers of software and components.
Security Recommendations for Smart Grid
1. Malware Protection- The Embedded Systems as well as general purpose system that are linked to the Smart Grid have to be safeguarded and secured from viruses, which is why the Smart Grid needs malware protection. A manufacturer’s key is necessary for the embedded system so that the device can be secured during software certification. The primary reason that embedded systems are safe is that they can only run applications that has been provided by the producer company which requires a manufacture key to authenticate the software. In contrast, general-purpose systems can facilitate third-party software’s and will constantly update anti – malware software’s.
2. Secure Key Administration- The security of the whole key management process, beginning with generation, continuing through distribution and, if necessary, upgrading, and ending with destruction is critical to the overall grid security. Connected devices to the Smart Grid must provide trustworthy cryptographic capabilities, including the ability to implement symmetric cyphers for authentication and/or encryption. Public-key cryptography may be supported in hardware by a cryptography co-processor or in software, so long as it is performed seldom.
3. Cybersecurity Risk Assessment- The purpose of a cyber security risk assessment is to examine various data assets in order to uncover inherent threats and vulnerabilities and estimate their potential effect in the event of a cyber-attack. The outcome of this determines the necessary safety requirements and the choice of security measures for the smart grid. Risk analysis should be implemented using top-down, bottom-up, qualitative, and quantitative techniques.
4. Efficient Training and Awareness programmes- Efficient training programmes must be established based on the functions and obligations of individuals in order to increase knowledge of pre-existing security flaws. Due to this grasp of security concerns, the smart grid would be more secure.
5. Incident Response Programme- Incident response programme is the capacity to restart regular processes in the event that Smart Grid activities are interrupted. The creation of incident-specific rules and processes to allow the smart grid to rebound easily and rapidly in the event of an occurrence is incident response management. In the dearth of an efficient incident management strategy, an event may impair the functioning of essential company services, such as ICT systems, personnel, and consumers.
Due to their environmental friendliness, extensive use of renewable energy sources, and increased production the smart grids are nowadays preferred over the traditional power generating system. However the smart grids have to face a few challenges when it comes to its security, especially the cyber security related attacks. The key cyber-attacks threatening the smart grid’s architecture, network protocols, and application have been thoroughly examined by the author in their complete overview of cyber-security in the smart grid. To address the cyber security related flaws, various suggestions have been provided to improve the network communication security, and safeguard customer privacy. In addition to offering sophisticated encryption techniques and security countermeasures, the computer network protocols must be modified to reflect the current communication position and for the effective protection against the cyber-attacks.
About the Authors
Mr. Naman Jain is a 4th year student at Gujarat National law University, Gandhinagar, and an Associate Editor at IJPIEL.
Managing Editor: Naman Anand
Editors-in-Chief: Jhalak Srivastava & Muskaan Singh
Senior Editor: Aribba Siddique
Associate Editor: Naman Jain
Junior Editor: Kaushiki Singh
Preferred Method of Citation
Naman Jain, “Emergence of the Smart Grids and the Issues related to the Cyber Security” (IJPIEL, 5 August 2022)