January 31, 2011
Regarding ‘Cyber-attacks now the most feared EU energy threat‘:
Recent comments by European Commission officials concerning ‘cyber-attacks on critical infrastructure’ are superficial and fail to address key issues. Furthermore, discussions on this subject seem to occur only when budget allocations are being made.
In 2003 PWR produced a report on this subject (Vulnerabilities of Critical Network Infrastructure) for a G8 government. Our qualifications to produce this report? I used to run power networks for a UK DNO (Distribution Network Operator) and have worked inside power stations and regional control centres.
In the case of nuclear, I speak on a regular basis to a senior software engineer for one of the main global providers of nuclear power systems. Cyber attacks are one topic that is guaranteed to reduce him to fits of laughter.
His comments mesh quite nicely with those of TSOs (Transmission Systems Operators) such as RTE (interviewed for the cyber-attack report). Their composite message: if you don’t want to be vulnerable to a cyber attack, don’t connect your systems to public networks. Why would you want to do this? – see below.
Engineers running the power network in London mentioned the pressure they come under to provide more information to ‘management’ (= the men in suits) on network status, use of assets, etc. via the company intranet (which of course is linked to the Internet). This information was not necessary for operational purposes and at the time of writing the report, the engineers were holding the line against the suits.
At this point it is worth identifying a particularly unpleasant group of terrorists that have a history of disrupting power networks. In September 2003 they caused the loss of one day’s GDP in Italy due to the loss of power across the country for nearly 12 hours. The terrorist group responsible is known by the collective name: trees. It is a growing group and unless rigorous tree cutting is undertaken causes regular problems. Parties concerned with cyber attacks are invited to point to similar losses in Europe caused by cyber attacks (answer: none – so far).
Security in any network requires a layered approach. The first step, as we have seen, should be no connection of control systems to public networks (i.e. the Internet), the second should be ‘don’t use communication protocols that are in widespread use’.
Sadly this latter point is being overtaken by a lemming-like rush to adopt Internet protocols among TSOs and DNOs. Standardisation is one of the causes of this. The TSOs and DNOs fondly imagine that standards will somehow or other protect them from supplier lock-in. In the case of DNOs this illusion is shattered the first time they try and move from one vendor’s DMS (distribution management system) to another.
A topic that PWR is currently developing (and relevant to cyber security) is resilient network topologies and the role of unit protection schemes in electrical power networks. In summary, network topologies exist which require a minimal communications infrastructure and little in the way of protocols. This makes them both highly reliable and highly resistance to cyber attack since, by definition, there is almost no communications network to attack.
There is one place on earth that has implemented such systems on a regional scale: Merseyside. That only one network of this type exists says much about mind-sets within the power industry and the role of ‘conventional wisdom’ (or would that be ‘group think’) with respect to network design and network security.
Furthermore, and as a matter of record, the MANWEB urban network is the most reliable in terms of loss of supply to urban consumers in the UK. Discussions with other DNOs on the subject and mentioning the MANWEB network leads to a range of comments that can be grouped under the general heading ‘cognitive dissonance’.
The current trajectory of the power industry with respect to both cyber protection and the move towards active networks (‘smart grids’ for the non-professional) is a way of guaranteeing infinitely escalating spending on IT systems (great news for the IT industry).
To summarise, the risk of cyber attack is reduced by:
- Ensuring there is no connection between control systems for power systems and the Internet;
- Using communications protocols on power networks that are not in widespread use.
- Using network topologies that are resilient and which minimise the need for complex control systems.
On each point the power industry, for various reasons, is heading in precisely the opposite direction with actions only addressing the symptoms (of vulnerabilities) not the causes. The case of Council of Ministers and their idea of a centralised cyber agency falls into the same class. If there are minimal vulnerabilities then the opportunities for cyber crime are reduced, ergo much lower the need for an agency.
Sadly this is not how the world works and, after all, people need a job.
PWRAuthor : Letters to the EurActiv editor