The first step to becoming a smart nation: Protect the grid
By Arun KunduSingapore is making headway in developing its own smart grid infrastructure. State-owned energy utility Singapore Power (SP) is currently involved in a project to upgrade and renew the country’s ageing grid infrastructure.
Concurrently, SP is in partnership with national energy regulator Energy Market Authority (EMA) to evaluate and develop the Intelligent Energy System (IES) pilot to modernise electricity transmission and distribution networks with new information, communication, and sensor technologies.
However threats, specifically cyberthreats, are evolving at a greater rate than the grid can keep up with. Developed before cyber-security was a concern, the primary risk factor for the power grid in the 80's and 90's was physical security threats.
Although physical attacks continue to be a serious threat today, cyber-attacks pose an even greater threat. In fact, with today's evolving cyber-threat landscape, it is even more imperative for Singapore to focus on safeguarding the critical energy infrastructure.
"Energy and utilities systems are increasingly web-connected. From consumer portals that track online billing to core infrastructure and management tools, the industry is expanding," said Robert Jennings, Manager, Critical Infrastructure Protection and Cyber Security, Verizon RISK Team.
Currently, the industry is adopting the use of IP networking, computing, and other technologies that enable two-way communications from devices such as smart meters, smart routers, and smart consumer devices.
The IES pilot comprises two phases – the first focuses on developing the infrastructure that will enable the two-way communications and smart metering networks, while the second will focus on consumer-side applications revolving around this infrastructure.
As new technologies drive more efficient use of the grid, it is increasingly being adopted in everyday operations. Utilities will need to focus on risk mitigation to thwart potential cyberattacks capable of creating a devastating series of cascading events.
According to Verizon's "2014 Data Breach Investigations Report," 83 percent of attacks facing the energy and utility sector were web-app attacks, crime-ware, and denial of service.
Here are some recommended steps to protect the infrastructure:
• Use two-factor authentication
The report indicated that weak and stolen credentials remain the number one method to access information – resulting in two out of three data breaches. This makes a compelling case for two-factor authentication such as using soft tokens and biometrics.
• Consider switching to a static CMS
Instead of executing code to generate the content for every request, pre-generate pages to reduce the opportunity for exploits.
• Enforce lock-out policies
Locking accounts after repeated failed login attempts will help to thwart brute-force attacks.
• Patch anti-virus and browsers
This could block many attacks, and can be configured automatically as part of a managed-device solution.
• Segregate key assets
Keep the most important systems on a separate network circuit so that they won't be compromised by an attack targeting other servers.
With proper cyber-security measures in place, businesses and consumers alike can stand to benefit from the capabilities of the next-generation smart grid without having to worry about compromising personal and private information. Securing the grid is the first and most essential step for Singapore in becoming a smart nation by 2025.