January 15, 2013
The consulting-specifying engineer should be familiar with encryption schemes for all devices connected to the substation. Encryption has become standard practice in other verticals that depend on online data transfers, such as online banking and shopping. In fact, due to the ease with which encryption can be accomplished and the low cost of the semiconductors that enable it, encryption will become a universal expectation. So it is today with power.
The substation owner and/or utility involved may be presented with an operational liability if encryption isn’t applied to data generated by sensors and controls. The use of “clear text” is simply too risky. (That operational liability could well become a legal one if operational data was breached by a malevolent actor and used to damage property or inflict harm on human life.) The encryption of information output from or to intelligent electronic devices (IEDs) or traveling between them falls under IEEE 1711™ “Trial-Use Standard for a Cryptographic Protocol for Cyber Security of Substation Serial Links.”
Encryption, fundamentally, is a cyber security issue. Encryption is applied specifically to avoid the unauthorized access to data, which could thwart an intentional attack or protect against the unintended consequences of mistakes made by authorized personnel.
Be aware, however, that encryption of data adds “overhead,” or latency, to its transmission over the substation communication network.
And the CSE should be aware of technical solutions which are available, such as the encryption of data on serial links, such as RS-232 and RS-485 communication channels. These are non-network channels are commonly used for remote access to a substation by operations engineers or the interconnected utility tapping into the SCADA system and/or an energy management system (EMS). (IEEE 1711 provides cryptographic protocols for the addition of cyber security on serial links.)
Today we’re seeing a vast number of these communication links on the grid for protective relays and remote monitoring systems, via a “bump in the wire” retrofit, rather than the impractical swap-out of existing IEDs for the sole purpose of adding encryption to heighten security.
This works in the following manner: unencrypted data is sent from a device out a serial port where that “bump in the wire” really is a box that applies encryption. Another such “bump”/box is placed at the recipient’s end to decrypt the data.
This application is particularly useful when communications must use public infrastructure such as a leased line from a local telco or a radio system – whenever the client does not have complete control over both ends of the data exchange.
Whenever two of anything – in this case, “boxes” – are involved, multiple vendors are likely, and those boxes must play well together. The U.S. Department of Energy has completed work on a three-year project, which ended last fall, known as the Lemnos Interoperability Security Program. Lemnos sought to define a set of configuration parameters to ensure a standard approach for the encryption and decryption of networked data by different devices. (Lemnos also provides an interoperability and testing framework for other security protocols.)
Various IEEE groups are now considering Lemnos’ results for an IEEE standard. The IEEE Power & Energy Society Substation Group would be a logical choice and it may in fact end up being the lead on this effort. It might conceivably become part of IEEE 1711, like 1711.1 or something like that.
The consulting-specifying engineer would be well-advised to keep tabs on these efforts, as the CSE may be called upon to evaluate encryption boxes as they determine the appropriate level of encryption (and thus security) needed in any given circumstance.
Although with the growth of the encryption industry, these “bumps in the wire” boxes don’t add much if any latency, there are exceptions to keep in mind. This is particularly true in the case of the high-speed communications needed for protective relays, where the CSE must take into consideration the timeframes needed for the function in question. Latency must not interfere with response time, for instance, in the case of protection devices.
Sam Sciacca is an active senior member in the IEEE and the International Electrotechnical Commission (IEC) in the area of utility automation. He has more than 25 years of experience in the domestic and international electrical utility industries. Sciacca serves as the chair of two IEEE working groups that focus on cyber security for electric utilities: the Substations Working Group C1 (P1686) and the Power System Relay Committee Working Group H13 (PC37.240). Sciacca also is president of SCS Consulting.