Defense in Depth: A Holistic Approach to Cyber Security

Keeping both internal and external cyber security threats in mind, it’s important to establish preventative processes for any potential risk that could lead to network downtime. These risks include devices, configurations, internal security policies and employee and contractor training. Recovery strategies for protecting network uptime are also important to consider, as it’s impossible to prevent every risk that threatens the network.

Electrical substations, in particular, present a variety of security challenges. The adoption of new technologies for automation networks and wide area network (WAN) communications between substations has opened these networks up to increased cyber threats, compromising the reliability and safety of substation and grid operations at all levels. Therefore, taking a holistic view of cyber security is the only way to successfully combat against both intentional and unintentional network attacks.

Five Levels of Security

Protecting substations against cyber attacks can’t be a static process. As conditions and threats change shape, systems and policies need to be updated accordingly to avoid major service disruptions and significant financial losses. A holistic approach to cyber security includes five levels:

1. Preventative Security: Intended to prevent incidents from occurring and reduce the number and type of risks and vulnerabilities. Examples include strong password policies and preventing external USB devices from accessing open ports.
2. Network Design Security: Minimizes vulnerabilities and isolates them so an attack doesn’t affect other parts of the network. A “zones and conduits” method can help limit the number of connections between network zones, lowering the risk of an attack spreading across the network.
3. Active Security: Active measures and devices block traffic or operations that aren’t allowed or expected on a network. Examples include encryption, protocol-specific deep packet inspection, Layer 3 firewalls and antivirus use.
4. Detective Security: Identifies an incident in progress or after it occurs by evaluating activity registers and logs, including log file analysis and intrusion detection system monitoring.
5. Corrective Security: Aims to limit the extent of any damage caused by an incident, such as configuration parameter backup policy, and firewall and antivirus updates.

How to Implement Defense in Depth in a Substation

The electrical grid is an easy target. Single point-of-defense mechanisms are not going to save them. Rather, a carefully constructed security strategy is the most effective and practical solution.

Defense in Depth secures critical infrastructure based on three core concepts:

1. Multiple layers of defense: If one is bypassed, another layer is able to provide defense.
2. Differentiated layers of defense: If an attacker finds a way past the first layer, they can’t get past all the subsequent defenses, since each layer is slightly different than the one before it.
3. Threat-specific layers of defense: Designed for specific risks and vulnerabilities, these solutions defend against a variety of security threats the electric power system is exposed to, such as computer malware, angry employees, denial of service (DoS) attacks and information theft.

Although complete prevention of all attacks and issues is not possible, it’s essential to manage hostile entities or internal errors by quickly detecting, isolating and controlling them, limiting their impact on the other areas of the network. Therefore, it’s important to prioritize, securing mission-critical systems first and avoiding the temptation of a one-size-fits-all solution across the entire IT and supervisory control and data acquisition (SCADA) system.

True Security Requires Diligence

To fully secure the network, precise knowledge of the topology, protocols, and type of traffic involved are essential. Electrical substations evolve over time, often making documentation outdated. Any new device connected to the network should be validated by an administrator and trigger a documentation process review.

Maintenance tasks are also critical, as the threat of cyber attacks means that responsible network administrators should change device passwords regularly, implement upgrades, fix bugs and maintain regular antivirus updates.

Though it may seem daunting to realize that a successful cyber security approach requires vigilance against both accidental and intentional threats, it’s helpful to remember that an entire network can be protected by segmenting the network into smaller virtual local area networks (VLANs) with limited access points. A Defense-in-Depth model creates a comprehensive security mechanism with multiple layers of security protocols to control networks more effectively and ensure failures or breaches result in limited damage.

To learn more about cyber security mechanisms and the Defense-in-Depth approach, view the whitepaper, Cyber Security in Electrical Substations.