Industrial Internet of Things (IIoT) networking technology and wireless Machine-to-Machine (M2M) communications solutions are critical to the daily operations of an increasingly connected and industrial world. With a greater dependence on providing reliable and secure high-speed connectivity to personnel, smart devices, machinery and many other geographically dispersed assets, electric utility operators require powerful, yet flexible, communications solutions for their business demands.
The overall value proposition that these technologies bring is important for decision-makers to adopt and integrate into their smart grid infrastructures. Some of the main benefits are:
- Optimising resources for increased efficiency
- Increasing visibility into potential failures and key operational factors through real-time information
- Reducing costs and environmental impact through monitoring/control across large geographic regions
- Automating safety and security measures to reduce critical event response time
- Centralising policy management to create greater adherence and more uniform enforcement of regulatory and compliance factors
- Enabling flexibility, scalability and mobility of networks to increase agility to changing market demands
Because electricity transmission and distribution grids are only as efficient, reliable and safe as the equipment and technology used, wireless communications equipment and technologies used in these grids must follow suit.
In addition, as utility operators continue to look for ways to improve their transmission and distribution networks, wireless M2M communications is a critical component because of rapid network installation, lower operational costs, high data throughput and secure end-to-end transport. To achieve these benefits, wireless data networks must be aligned to specific and ranging requirements of the energy grid (generation, transmission, distribution and consumption) in which the wireless communications are utilised and exploited. Wireless IIoT networks transport vast volumes of information from a myriad of smart grid applications. IIoT is the glue that holds, binds and delivers the smart grid.
In fact, electric utilities are at the forefront of IIoT with complex and comprehensive wireless networks for advanced metering infrastructure, energy management, distribution and substation automation. In its report titled "Transforming Industries: Energy and Utilities" published in 2014, Ericsson estimated growth in IIoT applications for utilities and energy industries will increase from 485 million devices in 2013 to more then 1.5 billion devices by 2020. This growth in wireless networks, smart sensors and devices, and automated systems requires utilities to address, implement and monitor the security of their data networks because these are the networks providing command and control of critical smart grid infrastructure.
As technology has evolved, so has the intelligence and sophistication of cyber terrorists and their tactics. In 2013, 40 per cent of the cyber-attacks handled by the Department of Homeland Security were against companies in the energy sector; one of the 16 Critical Infrastructure Sectors.
Industrial Internet Threats to Electric Power Grid
According to the Federal Communications Commission (FCC), the two most common threats to wireless networking and communications technologies are denial of service (DoS) and intrusion.
Denial of Service. DoS is an attempt to make a computer resource or network unavailable to its intended users. DoS attacks could be as simple as jamming an electric or electromagnetic signal or as sophisticated as saturating a system or network with data traffic intended to overwhelm and make the network unavailable. The consequences of DoS attacks range from being simply irritating to destructive. For example, a valve controller does not receive a command to open a valve to provide cooling oil to a distribution transformer, which allows the transformer to overheat, resulting in power outages.
Intrusion. Penetrating and intruding into a network or computer resource requires a different level of sophistication. Consequences can range from simply spying or stealing information to corrupting data or maliciously and intentionally causing harm or destruction by taking over networks or computers and control systems or both. Intentionally penetrating energy management system networks to disrupt and even cut off or redirect the delivery of power to and from substations is an example of intrusion.
Other threats include:
- Sophisticated command and control attacks
- Packet spoofing
- Hijacking of sessions/interception
- Replay attacks
- Use of worms
- Trojans and remote controllable (Back Orifice) trojans
- Viruses and anti-forensic techniques
- Attacks on domain name system (DNS) infrastructure
These threats are not limited to wireless communication technologies and need to be addressed as part of a comprehensive cyber security strategy. Organisations also must plan for human error or deliberate attacks from internal sources or both.
Wireless M2M Technology and Resiliency
To harden a wireless M2M communications network and further make IIoT networks and their connected assets less vulnerable to cyber threats, organisations need to implement a multi-layer security strategy that includes robust networking equipment, hardened communications equipment, network access control and data encryption.
Hardened Communications Equipment. The first line of security is "trusted" networking equipment. Trusted equipment goes far beyond buying a recognised or favorite brand. Trusted equipment should have the following characteristics:
- Enclosure should have a physical indicator that the mechanical enclosure has not been opened. This can be as simple as tamper tape or more complex potted solutions.
- The equipment should have a secure bootloader, which resides in secure memory so that it cannot be altered or replaced. In addition, the secure bootloader validates the executable software image prior to loading it into memory. If the software image is not validated, the device is considered compromised and does not boot or boots with minimum functionality.
- Software images should be encrypted and keyed. This enables the secure bootloader to validate the software image prior to execution and prevents the software image from being copied for malicious purposes.
- Equipment must allow data ports to be enabled and disabled so unused ports are unavailable to persons in the proximity of the network equipment.
Utilities should consider networking equipment that is Federal Information Processing Standard (FIPS) 140-2 Level 2 validated. FIPS 140-2 validation consists of four levels of increasing security:
- Level 1 (lowest)-Basic security requirements are specified for cryptographic module.
- Level 2-Adds requirements for physical evidence of tampering, as well as role-based user authentication.
- Level 3-Requires physical tampering resistance and stricter identity-based authentication.
- Level 4 (highest)-Adds even more physical security requirements and requires an even greater robustness to the platform to hold up against environmental attacks.
Network Access Control (NAC). NAC is an essential security feature for wired and wireless networks. It prevents unauthorised access and intrusion-external or internal-into managed networks. The result is that only the right users or devices have access to the right information.
NAC tools are centralised policy and role-based tools, offering combined permissions auditing and management solution for administrators looking to secure their networks against authorised and unauthorised access. As a centralised tool, policy and role base profiles are managed and rapidly deployed across networks of any size.
Policy and role based should include:
- Access restrictions for time of day, day of week and location
- Personnel or device role (e.g. admin, user, guest, process controller)
- Work group
- MAC address of device through which access is initiated
A proven M2M communications network security strategy must go even further and protect data "in transit" as well. Even if an unauthorised device manages to gain access to the M2M communication network, it isn't necessarily gaining access to the actual data without passing yet another layer of security.
Data Encryption. Data encryption is an essential part of any security strategy because it does not prevent unauthorised parties from intercepting a message, but encodes a message so only authorised parties can read it, which is a fundamental tenet for wireless networks.
Advanced Encryption Standard (AES) with three keys lengths of 128, 192 and 256 bits is the industry default and used worldwide. AES is a U.S. government standard and is even used by the National Security Agency. Wireless links should be encrypted using AES 128 at a minimum. For a higher level of trust, utilities should consider networking equipment that is FIPS 140-2 Level 2 validated. When a device is FIPS 140-2 validated, a known set of keys and test vectors are passed through the AES algorithm to validate the strength and completeness of the key generation and the encryption algorithm. Overall, incorporating encryption ensures data privacy and is yet another way to layer security for information being communicated wirelessly.
Options for Security Policies and Safeguards
The aforementioned access control and data encryption considerations create resilient and secure wireless networking and communication capabilities for critical infrastructure. An IIoT network security strategy, however, also needs to address and implement policies that serve as safeguards. These policies make it difficult to circumvent security measures and limit the potential impact of a security breach.
There are several safeguarding tactics and strategies worth considering and below are some, but not all, that are meant to provide a place from which to expand and adjust as needed:
Limitation of Permitted Activities. One method to implement safeguards is to limit permitted activities on the wireless network to those required only to perform or execute the assigned task. This is achieved by disabling ports not required such as TELNET, Port 23. As an example, a wireless network primarily used for sensor data collection and remote command and control of devices should not allow a hacker that compromised the network to gain access to financial or other critical data. Such a limitation of permitted activities can be achieved through various means of security measures.
Firewalls and Packet Filtering. Packet filtering and firewalls based on packet filtering (executed in Layers 4 and lower) are essential features for IIoT devices. IIoT devices typically do not have the processing power for more sophisticated firewall schemes that require packet inspection and are performed at Layer 7.
Virtual Local Area Networks (VLAN). VLANs are used to separate the wireless network infrastructure and its management from the production network, devices and/or communication endpoints. VLANs introduce another level of security, especially if combined with quality of service (QoS) mechanisms. Think of it as an emergency access to your wireless network infrastructure for remote management and control, in case a DoS attack overwhelms the actual payload and production network.
User Level Access. By implementing user-level access (password protected), network administrators provide maintenance personnel access to wireless network and devices. The access is limited to monitoring system health or performance without opening the system up to misuse because configuration and other privileges are reserved for a different user level and password.
Access Limitation of Local Ports. The ability to control who is allowed access from local ports (e.g. through MAC address filtering) or even completely turn off local port access when they are not in use, makes it essentially impossible (or at least very hard) for someone who gained physical access to your network infrastructure and devices to get connected and gain access to your private networks.
Going Forward with Confidence
Finally, to complete the M2M security approach, it takes vigilance. Today's M2M networks are not heuristic, self-healing, adaptive, self-optimising automatons. They require an educated observer who is looking for anomalies, aberrations, outliers, exceptions and flat-out failures. M2M requires standards based protocols for determining the health of the network, integrity of the links and performance of the overlying applications.
With the expected growth of the IIoT market over the next five years in sensors, communication equipment (wired and wireless) and the applications to enable ever increasing levels of automation, electric utilities and companies in the energy sector must upgrade existing networks or deploy new networks with security at the forefront. Upgrading or implementing higher levels of security in IIoT and M2M networks is a double-edged sword. On one side, it is difficult to upgrade devices on a production network because it would disrupt a process, but on the other side, a cyber-attack also would disrupt the production network.
Today, it is not a matter of if a cyber-attack is going to take place, but when. The path forward is clear. Develop a cybersecurity plan that secures your expanding IIoT network, but understand the threats that exist. Create the services and features that are needed from your IIoT devices and networking equipment to lock down communications, making them available to the right persons or devices when needed and make sure they can be managed as changes in policies, roles or processes dictate.