Security and Resiliency at the Grid’s Edge
Protecting mission-critical infrastructure in today’s increasingly connected world
By Stewart Kantor
Between cyberattacks against both energy grids and election influence operations, nations are waging digital war now more than ever before. Earlier this year, power grid control systems in Utah, Wyoming and California suffered the first documented cyberattack known to have disrupted electrical grid operations in the United States with a distributed denial of service (DDoS) where the utility was overwhelmed by false web traffic.
DDoS and similar attacks make it abundantly clear that grid disruption is a legitimate concern for infrastructure professionals and consumers alike. A Tripwire study found that 96 percent of information technology security professionals expect cyberattacks on the industrial internet of things (IIoT) to increase, while only half feel prepared for those attacks. As security professionals work to safeguard networks and infrastructure against known cyber threats, new threats with the potential to seriously damage mission-critical infrastructure continue to emerge.
What Is Currently Being Done?
Recognizing these challenges, utilities have begun equipping the ever-growing mission-critical Internet of Things (MC-IoT) with secure and dependable networks. For years, utilities have operated private, licensed wireless networks and private land mobile radio systems (PLMR) to secure communications on the electric grid along with centralized generation stations, substations, circuit breakers, and motor-operated disconnect switches. All of this has created a greater need for security, as it is in the best interest of both the private sector and the public to protect our critical infrastructure. For this reason, collaboration is key.
For decades, electric utilities have relied on their own privately-owned and operated telecommunications networks for daily operations and emergency services. While most utilities have managed to keep their supervisory control and data acquisition systems (SCADA) secure and functional using these networks, increased cyber activity, data and computing at the grid’s edge all increase data demands. These low-data capacity networks struggle to manage increased data communications from MC-IoT technologies and stretch the capacity of many existing networks.
With so many people dependent on the power grid, electric utilities cannot compromise connectivity, yet existing networks were not designed to handle the increased data throughputs. The increase in distributed energy resources (DER) has left mission critical industries needing more stable, reliable and scalable network options capable of managing increased data throughputs.
Additionally, utilities face far more stringent operating requirements than other industries and must modernize without support from regulatory bodies like the Federal Communications Commission (FCC). However, the FCC has yet to designate a dedicated, nationally licensed spectrum capable of managing increased data traffic solely for mission-critical users.
Positive Steps to Secure Our Nation’s Backbone
Our national grid is becoming increasingly complex and as sensors collect more data at the edge, spectrum becomes too limited for operators to increase their networks’ capacity and security. Though the Department of Energy (DOE) and the Federal Energy Regulatory Commission (FERC) are both reformulating rules for utilities reporting usage and vulnerabilities to regulators, the FCC only allows the commercial shared use of 150 MHz of 3.5 GHz spectrum, using a hybrid framework that selects the best approach based on local supply and demand. This leaves mission-critical applications vulnerable with no urgent prioritization. Purchasing spectrum from the FCC is impractical since it can cost millions of dollars, making it extremely difficult for utilities to modernize securely with standardized, secure and widely available technologies.
Utilities understand their networks’ security, interference and accessibility, which is why many continue leveraging licensed spectrum. Though no existing standard technology can handle increased data traffic in utilities’ current narrow spectrum, utilities can implement proprietary technologies designed to expand narrowband spectrum capacity. This, however, presents significant longevity risks.
A proprietary technology depends on its developer, and if that developer disappears or discontinues a product, it may require significant investment or even an entirely new network. Infrastructure has long needed a standardized communications technology solution capable of handling increased data traffic in narrower channels, such as 160 MHz and 900 MHz bands.
The Introduction of a New Standard for Utilities
In 2017, the Institute of Electrical and Electronics Engineers (IEEE) approved the 802.16s wireless standard, a new solution for MC-IoT applications, particularly for electric utilities. A grassroots effort from electric utilities looking for a standard technology for narrow channel bands, the standard provides a higher degree of security, safety and control by limiting access to networks and establishing an air gap between private and public networks. Private networks leveraging licensed spectrum also ensure capacity and reliability, as they are owned and operated entirely by the entities deploying them.
The IEEE 802.16s standard establishes a framework for utilities to access technologies that work in a broader range of available, licensed channel sizes to support capacity and bandwidth needs. Developed with assistance from the Electric Power Research Institute (EPRI) and the Utility Technology Council (UTC), along with utilities and key vendors, the standard is designed specifically for the mission-critical private wireless market. It provides multimegabit throughput using relatively narrow channel sizes (between 100 kHz and 1.20 MHz) and long range (25 miles and beyond) to minimize spectrum acquisition and network infrastructure cost. The network can be built to ensure bandwidth availability to support data flow and speeds.
The standard also supports a multi-vendor ecosystem, providing a framework to build technologies to individual requirements. This eliminates reliance on proprietary technologies and ensures continuity in case of vendor events. Private, licensed and standardized network operations grant greater control and security to critical infrastructure and services. It provides a foundation for the new, intelligent applications required by today’s electric utilities.
What Utilities Can Expect in the Future
Utilities are the cornerstone of our critical infrastructure and as modernization covers more territory, many other mission-critical industries will continue upgrading technologies to improve security and operations. These industries require access to spectrum to expand and operate the private networks upon which our infrastructure relies. Using private licensed networks for mission-critical networks provides more certainty, making communities safer and more resilient.
The incorporation of MC-IoT and private wireless networks sets a lofty precedent for industrial applications. By establishing the ultimate goal of a secure, multi-vendor ecosystem across global critical infrastructure end markets, our mission-critical infrastructure will be on its way to achieving the cyber resiliency needed to create a safer, smarter grid that’s more dependable, efficient and secure. UP
The Author: Stewart Kantor is president, CFO and co-founder of Ondas Networks. Kantor has more than 20 years of experience in the wireless industry including senior-level positions in marketing, finance and product development at AT&T Wireless, BellSouth International and Nokia Siemens Networks. Since 2004, he has focused exclusively on the development of private wireless data network technology and services for mission-critical industries, including electric utilities, oil and gas, defense, and transportation.