A bulk power system
|“||includes electrical generation resources, transmission lines, interconnections with neighboring systems, and associated equipment, generally operated at voltages of 100 kilovolts or higher. The bulk power system generally does not include distribution system facilities, which are regulated by state or local authorities.||”|
|“||refers to (1) facilities and control systems necessary for operating the interconnected electric transmission network and (2) the output from certain generation facilities needed for reliability.||”|
"It is a highly-complex interconnected system. The critical strategic assets that make up the power grid include rotating machinery, transformers, circuit breakers, protective devices, transmission and distribution lines and towers, control centers, and substations. The bulk power system is highly redundant and planned with sufficient resources to accommodate expected loads, including a contingency/reserve margin to meet balancing and regulating needs."
The distributed nature and diversity of the system, while providing a degree of protection in itself, presents important defense challenges to both the public and private sector. Varying levels of security surround bulk power system assets, ranging from heavily guarded and monitored generators to geographically remote substations with little to no physical protection. Installing additional protection elements around these assets comes with an important set of tradeoffs. Fences, for example, may provide a deterrent to access by a malicious actor, but also make it more difficult for personnel and emergency workers to access the substation in an emergency. Lights may discourage subversive activity, but also provide better visibility to those who would attack the station from afar.
Supply chain vulnerability
The bulk power system is dependent on long supply chains, often with non-domestic sources and links. Throughout the sector there is an increased reliance on foreign manufacturers, with critical components and essential spare parts manufactured abroad, and a trend toward lower overall inventory levels. Furthermore, spares may be stored in close proximity to operating assets due to difficulty in transportation and installation, increasing the probability that both the operating asset and the spare could be destroyed in a single event. The supply chain itself represents an important potential vulnerability.
Cyber vulnerability presents a growing and increasingly sophisticated threat to the bulk power system. As the industry has taken advantage of the benefits of automation and remote monitoring and control in recent years, the power grid has become increasingly dependent on the use of digital, communicating controls and systems to operate. The increased use of IP networks for Supervisory Control and Data Acquisition (SCADA) and other operational control systems, in particular, creates potential vulnerabilities. Executives with SCADA/ICS responsibilities reported high levels of connections of those systems to IP networks including the Internet — even as they acknowledged that such connections create security issues. Sector experts express grave concern about the security implications of this development, and security specialists stress the need to address this threat.
Cyber vulnerability extends far beyond the control room into communicating devices across the bulk power system and distribution systems. Roughly 85% of all system relays are now digital. Other potentially vulnerable devices can include remote terminal units, circuit breakers, static var compensators, capacitor bank controllers, demand response systems, meters, plant control systems, plant emission monitoring systems, and Energy Management Systems (EMS) within major facilities. Vulnerabilities can be inherent to the products industry purchases and installs, highlighting the importance of ensuring a holistic approach to protection: vendors and equipment manufacturers must ensure products are secure prior to purchase. The industry, for its part, should include security requirements in purchasing specifications and decisions.
Smart grid devices
New smart grid devices create another potential path for cyber vulnerability. The smart grid represents an important innovation in grid management that may ultimately benefit reliability and grid operations. These systems may enable increased grid reliability with better measurement and execution of energy efficiency initiatives, enable demand response, and facilitate the integration of distribution-level assets, such as rooftop solar panels, local wind generation, and plug-in hybrid electric vehicles. The mass deployment of these assets redefines the nature of the traditional protection perimeter with respect to cyber security by extending the network into homes and businesses. The concern is not with the attack or manipulation of a single smart meter or device — as one might imagine billing fraud — but the potential for sabotage of an entire smart meter network or a significant portion thereof. While individually these assets may not have an impact on bulk power system reliability, in aggregate the system may control a significant amount of load. The potential for remote disconnect and manipulation of demand response programs needed for reliability is of most concern, followed by the provision of additional access points to distribution and [[transmission] systems via communications channels. Similarly, manipulating data stream from Phasor Measurement Units (PMU) may have significant impact on bulk power system reliability.
All of these communicating devices have enabled unprecedented situation awareness and efficiency gains in system and market operations. These efficiencies have enabled the electric sector to optimize the reserve-carrying requirements of the system and overall infrastructure redundancies over the past 15 years. While these advances have resulted in many benefits to the reliability and economic efficiency of the smart grid, they have presented an important trade off from a security perspective: redundancy can reduce vulnerability by increasing the number of viable assets.
- NERC, Glossary (full-text).
- Critical Infrastructure Protection: Actions Needed to Address Significant Cybersecurity Risks Facing the Electric Grid, at 1 n.2.
- Stewart Baker, Shaun Waterman & George Ivanov, "In the Crossfire: Critical Infrastructure in the Age of Cyber War" (McAfee 2009) (full-text).