D.

Nandini-EEE
Tirupati
SriVenkateshwara college of
engineering
nandinandini6@gmail.com

The

grid

use

grid. Power System Communication

integrate

more

measurements

Reference Model,
Characteristics and
implementation
As one of the enabling technologies, a
fast, reliable and secure communication
network plays a vital role in the power
system management. The network is
required to connect the magnitude of
electric devices in distributed locations
and exchange their status information
and control instructions. The current
capabilities

technology

increased monitoring and control of the

SMART Grid -

communication

Smart

of

the

controllers.

accurate

and

Since

intelligent

several

power

control systems have been procured

with openness requirements, cyber
security threats become evident. Now
the vulnerability of the power system is
not mainly a matter of bulk power
electric system or physical system, is
every day more a matter of Cyber
security. A market participant unable to
see accurately the market or a SCADA
unable

to

control

properly

some

facilities could be as disastrous as a

terrorist attack to some key power
plants or transmission lines.

existing power systems are limited to

small-scale
implement

local
basic

regions

that

functionalities

for

system monitoring and control, such as

power-line communications and the
Supervisory

control

and

data

acquisition (SCADA) systems, which

do

not

yet meet

the

demanding

communication requirements for the

automated and intelligent management
in the next-generation electric power
systems.

POWER SYSTEM
COMMUNICATION
With the addition of renewable energy
sources, bi-directional dynamic energy
flows are observed in the power grid.
To effectively manage this complex
power

system

that

enormous

number

functional

devices,

communication

involves
of
a

an

diversely
co-located

infrastructure

is

required to coordinate the distributed

functions across the entire power

system.

Smart Grid
A smart grid is an electrical grid
that

uses

information

and

communications technology to gather

and act on information, such as
information about the behaviors of
suppliers

and

consumers,

in

an

automated fashion to improve the

efficiency, reliability, economics, and
sustainability of the production and
distribution of electricity. In the smart
grid,

many

distributed

renewable

energy sources will be connected into

the

power

distribution

transmission
systems

as

and
integral

components.

Accommodates all generation

and storage options

Enables electrical markets

Optimizes assets and operates

efficiently

The Smart Grid will be selfhealing.

This means that it can redirect and
adjust the flow of electricity in the
event that an electrical transmission
path is interrupted. This is done by a
continuous

self-assessment

of

the

state of the power system. As a result,

this can reduce the frequency and
duration of major blackouts. It is
estimated that the August 14, 2003
blackout in the U.S. and Canada had a
societal cost of $10 billion. Reducing
the number of major blackouts and

Characteristics

their severity will reduce the economic

Self-healing

blackouts.

Motivates

losses our society incurs during these

and

includes

consumer

Resists attack

Increases power quality

the

The Smart Grid will motivate

and include the customers.
There is currently minimal interaction
between customers and suppliers in
the electrical power system. The Smart
Grid provides customers with more

information and options about their

threat lowered. This lead to design

electrical power. In theory this will

changes that were less concerned with

allow

better

security and more with form and

decisions about their power usage that

functionality. Then towards the end of

will not only save them money, but will

the Roman Empire these aqueducts

also promote competition between

became

power suppliers. This is done by

invading forces because of the design

enabling

changes.

customers

to

two-way

between

energy

make

communication

military

Attacks

targets

against

for

Roman

and

aqueducts had major social impacts

suppliers. The Smart Grid can also

because they had become a critical

interact with electrical appliances in a

system that the Romans depended on.

customer's

interaction

The electrical power system is a

allows appliances to schedule their run

critical asset that we rely on, and it

time when electricity is at the cheapest

needs to be resilient to all forms of

price.

attack.

The Smart Grid will be resilient

to attacks and natural disasters.

The Smart Grid will provide an

increase in electrical power
quality.

home.

consumers

easy

This

The Smart Grid will not only be

resilient to physical attacks, but also

Electricity is not only required to be

cyber attacks. The electrical power

available at all times from the power

grid is a complicated system that is at

grid, but it must also maintain a

the root of most U.S. economic growth.

constant voltage. Some manufacturing

This makes the electrical power grid a

processes are very sensitive to voltage

critical asset, and damage to it can

variations. A dip in voltage lasting less

have

our

than 100 milliseconds can have the

society's welfare. Parallels are drawn

same effect as power loss for several

between the electrical power grid and

minutes or more on some industrial

the Roman aqueduct system in. Over

processes. These voltage fluctuations

time the Roman aqueducts underwent

are estimated to cause productivity

design

Roman

losses in commercial facilities ranging

Empire grew, the level of perceived

from thousands to millions of dollars

devastating

changes.

affects

As

the

to

per event. It is estimated that by 2011,

will be explored. The Smart Grid will

16% of the electrical load will require

be able to support these new energy

digital quality power.

sources along with the traditional

The
Smart
Grid
will
accommodate all generation
and storage options available.

power sources.

The Smart Grid will enable

electrical markets.

The integration of renewable energy

Electrical markets in the Smart Grid

sources into the electric power grid

will

has several complications. The current

power suppliers. This competition will

electric power grid is a broadcast

promote power suppliers to develop

model that is designed to only allow

cheaper and more efficient means of

the one-way flow of electricity from a

power generation. This will drive down

one-generation

many

the prices of electrical power for

energy

customers as suppliers compete for

geographically

their business. The Smart Grid will

source

to

consumers.

Renewable

sources

often

are

separated

from

traditional

power

also

encourage

competition

support

distributed

among

power

sources, and when they are integrated

sources. This opens the door for new

into the power grid it is as distributed

electrical

power sources. Since the electrical

electrical service providers to enter the

power grid was designed for only a

electrical market. The electrical market

single power source and not multiple

will broadcast current electricity prices

distributed power sources, this causes

based on a supply-demand model.

complications.

has

Electricity will be more expensive

to

when the load or demand is high, and

problems in their electrical power grid.

it will be cheaper when there is surplus

Customers using solar panels could

electricity. Customers can use this

overload the electrical power system

information to schedule tasks that use

when surges of power come from the

large amounts of electricity at a time

solar panels .Fossil fuels are not a

when electricity is cheaper.

experienced

Germany
issues

related

sustainable energy source, and as a

result new alternative power sources

power

suppliers

and

The Smart Grid will optimize

assets and operate efficiently.
The features that will make the Smart
Grid self-healing can also be used for
asset management. The Smart Grid
will be able to automatically assess
equipment

condition

equipment

and

manage

configuration.

This

management automation can be done

at substantially lower costs compared
to

manual

management.

The

automation of equipment management

will

also

reduce

equipment

failure

the

chance
since

of
the

degradation of equipment can be

tracked. The Smart Grid will also
incorporate new technologies that will
reduce energy loss during electrical
transit. This reduction in energy loss
will increase the electrical power grid's
efficiency by eliminating excess power

Bulk generation
Electricity

is

resources

like

generated
oil,

by

coal,

using
nuclear

emission, flowing water, sunlight, wind,

tide, etc. This domain may also store
electricity to manage the variability of
renewable resources such that the
surplus electricity generated at times
of resource richness can be stored up
for redistribution at times of resource
scarcity. The bulk generation domain is

waste.

connected to the transmission domain.

Smart grid reference model

domain through a market services

In the smart grid, many distributed

renewable energy sources will be
connected into the power transmission
and distribution systems as integral
components.

It also communicates with the market

interface over Internet and with the
operations domain over the wide area
network. It is required to communicate
key

parameters

like

generation

capacity and scarcity to the other

domains.

Transmission

The generated electricity is transmitted

and

to the distribution domain via multiple

capability.

substations and transmission lines.

The transmission is typically operated

sensors

with

communication

Operation

and managed by a RTO or an ISO.

This domain maintains efficient and

The RTO is responsible for maintaining

optimal operations of the transmission

the stability of regional transmission

and distribution domains using an

lines

the

EMS in the transmission domain and a

demand and supply. The transmission

DMS in the distribution domain. It uses

domain may also support small scale

held area and wide area networks in

energy generation and storage. To

the transmission and distribution

achieve

and

domains. An illustrative framework of

situational

next-generation power grid, where A is

of

a wind power plant, B is a large hydro

information will be captured from the

power plant, C is a coal-?re power

grid

control

plant, D is a geothermal power plant, E

centers. The control centers will also

and F are houses with solar-electricity

send responses to the devices in

generation, G and H are houses with

remote substations.

wind-electricity generation, I is the

by

balancing

self-healing

enhance

between

functions

wide

area

and

control,

awareness
and

sent

to

the

lot

power transmission infrastructure, J is

Distribution

the communication infrastructure, and

The dispatch of electricity to end users

KQ

in

is

domains that are bulk generation,

implemented by making use of the

transmission, distribution, operation,

electrical

market,

the

customer
and

infrastructures

that

domain

communication
connect

the

are

the

customer,

the

This

monitoring,

includes

distribution

constituent

and

service

provider, respectively information of

transmission and customer domains.

domain

seven

power

system

activities

control,

like
fault

feeders and transformers to supply

management, maintenance, analysis

electricity.

and

It

interacts

with

much

different equipment, such as DERs

Customer
Customers consume, generate (using
DERs), or store electricity. This domain
includes

home,

commercial

or

industrial buildings. It is electrically

connected to the distribution domain
and

communicates

with

the

distribution, operation, service provider

and market domains. The customer
domain also supports the demand
response process.

Service provider

metering.

Service providers manage services

like

Distributed

functions

across

entire

power system

communicates

with

the

operation

and for situational awareness and

This domain

consists

of

retailers

who supply electricity to end users,

suppliers of bulk electricity, traders
who buy electricity from suppliers and
sell it to retailers, and aggregates who
combine smaller DER resources for
between

management for utility companies. It

domain to get the metering information

Market

sale.

billing and customer account

Effective
the

bulk

communications
producers

of

electricity, the DERs and the market is

essential to match the production of
electricity with its demand.

system

control.

communicate

with

It

must

HANs

also
in

the

customer domain through the ESI

interface to provide smart services like
management of energy uses and
home energy generation.

Open
Systems
Open

Communication

communication

systems

used extensively because

are

1.

Hardware

and

software

are

relatively inexpensive

and

2. Installation relies on familiar tools

and techniques
3.

Fifth and last, on-going maintenance

Existing

communications

infrastructure can often be used

operation

costs

are

reduced

because many in the industry are

familiar with Ethernet and the Internet.
Open communication systems are a
necessity because they keep costs
down, but as the name implies these

4. Open protocols cut integration

systems are much more vulnerable to

costs

cyber attack than their proprietary and

5. Qualified personnel are widely

systems

available

more closed alternatives. Proprietary

not

only

have

fewer

connections to other systems, they are

First, open systems cut purchase costs

because

communications

hardware

and software based on Ethernet and

the Internet are much less expensive
than their proprietary alternatives.

also

less

familiar

to

professional

hackers, creating a possible security

through obscurity defense. On the
other handcommunication systems
based on Ethernet, TCP/IP protocols,
the Internet and widely used operating

Second, installation is eased because

of a widespread familiarity with these

systems such as Windows invite attack

from

literally

millions

of

types of systems among contractors.

worldwide.

Third,

VULNERABILITIES

existing

communications

hackers

infrastructure can be used in many

cases,

dramatically

reducing

will

installation and other related costs.

Fourth,

integration

connecting

different

components

are

Ethernet

used

is

expenses

for

smart

grid

reduced
as

Although effective attack responses

because
common

communications hardware protocol.

become

important

for

the

continued operation of the grid, the

mitigation

of

grid

cyber

security

vulnerabilities remains critical and is a

responsibility
utilities,

and

of
the

manufacturers,
government.

Achieving this task will increasingly

1. Large number of interconnections

require the electric sector to protect its

creates multiple vulnerabilities

IT

and

telecommunications

infrastructure As the grid modernizes,

the growing prevalence of information
and communications technology in the
system and the large numbers of
personnel with access to it will create
an

ever-evolving

situation,

where

cyber

security

the

relative

importance of specific vulnerabilities

changes continuously as new types of
attacks emerge. In particular, the
introduction of the Internet to grid
operations has introduced additional
vulnerabilities to the power system,
especially

where

corresponding

security controls have not been put in

place. Cyber security vulnerabilities
can

arise

from

weaknesses

in

personnel, processes, technology, and

the physical environment. Security
issues occur because of actions taken
by outside hackers and attackers, and
also by disgruntled employees. With
their

insider

knowledge,

these

individuals may instigate significant

damage.

Open System Vulnerabilities

The vulnerabilities are caused by

2. Armies of professional hackers are

familiar with open system protocols
3. Browser-based Internet servers and
clients create entry points
4.

Windows-based

systems

invite

attack
5. Vulnerable TCP/IP software stacks
are used across multiple platforms
6. Older closed protocols lack security
when

ported

to

open

like TCP/IP

Cyber security issues

protocols

The problem is that PLCs and SCADA

systems

were

designed

without

security in mind. Designers implicitly

assumed that these systems would be
isolated,

no

connected

to

other

systems, and also assumed that only

authorized people would have access
to the system, and it is not a good
assumption today. The fact is that
every day more and more employees
have been replaced by automated
controls at substations, pipelines, etc.,
and now thousands of these facilities
are

being

systems

controlled
linked

by

to

SCADA
networks.

Nowadays, many SCADA systems

carry some data through Internet in
order to avoid more expensive private
lines. In addition to this, almost all
Categories of cyber threats to power

RTUs (Remote Terminal Units that

system

coordinate a facilitys automated field

SCADA system
security

and

SCADA

security measures work well in IT

environment, but it is not always
possible to implement in industrial
systems.

Network enabled and often times we

use these features.

Application of conventional network

control

devices) or control systems are Web or

These

systems

assume that devices are competent to

answer a password and identify it, but
most PLCs cant answer passwords.

Also some breakers, switch gears and

pumps have its own connections and
can be managed through telephone
lines.

Many

power

plants

and

substations have many modems, being

another

easy

target

to

hackers.

Hackers find these modems dialing

phone numbers sequentially and once

related to the operation of the grid, a

they are connected they can map the

massive routing attack could have

system and spy for passwords. More

consequences on some of the power

secure systems use dial back modems

system applications, such as real- time

(they respond to a password by dialing

markets, that rely on them.

confidential

phone

number

for

confirmation) this system are hacked

Intrusions

by

Wireless

trying

sequentially

passwords.

Nowadays

different

many

field

devices, designed to do specific tasks

are still based on low cost micro
processor such as Intel 8088 and they
cant

run

encrypted

authentication

schemes fast.

systems

are

especially

vulnerable to attacks. Some people

use these systems in their networks
and feel secure because they think
firewall

would

protect

them

from

unauthorized access, and therefore

some

people

dont

use

security

features of the wireless equipment. In

Protocol attacks

fact, if you are close to a wireless

The protocols used in the power

system and you have a directional

system, such as ICCP, IEC 61850,

antenna such as Pringles Antenna

DNP3, could be potentially exploited to

(look at Google to know how to build

launch cyber attacks if they are not

an antenna with a can of Pringles), you

secured properly. This calls for secure

can go into the network without need

versions of these protocols that not

to overcome the firewall.

only provide security guarantees, but

security standards are easily defeated,

also the required latency and reliability

wireless

guarantees

802.11b and it has serious security

needed

by

the

grid

applications.

Routing attacks
This refers to cyber attack on the
routing infrastructure of the Internet.
Although this attack is not directly

transmitters

use

Wireless
IEEE

flaws. Simply using free software, such

as AirSnort and NetStumbler, a hacker
can have enough tools to crack
wireless codes within 15 minutes. After
they get the wireless encryption key,
they

can

use

freebie

protocol

analyzer like Ethereal or Sniffit to spy

on the network. At this point, they can

typically

see

different

resource exhaustion attacks that flood

example

the communication network or the

Programmable Logic Controllers PLC),

server with huge volumes of traffic or

and since people tend to repeat

spurious

passwords, they probably could log

service to legitimate users.

people

login

equipment's

into

(for

into other PLCs and network.

created

through

workloads,

thus

massive

denying

Insider threats

Malware

An insider abuses their current

This refers to malicious software that

system

exploits

to

perform

in

system

malicious action. This form of threat is

programmable

logic

perceived as a source of concern in

controllers, or protocols. The malware

recent years as identified in many

generally

federal documents.

software,

vulnerabilities

privileges

scans

the

potential

victim

specific

vulnerabilities

machines,

network

machines,

replicates

in
the

for

exploits
those
malware

payload to the victims, and then selfpropagation. In recent years, malware

attacks are growing in numbers and
sophistication, and this has been a
source of major concern for critical
infrastructure systems (e.g., Stuxnet)
including the power grid.

Denial of service attacks

Any attack that denies normal
services to legitimate users is often
called denial of service. This could
also mean denial of control in the
power grid context. These attacks are

CYBER SECURITY
Cyber

security

must

address

deliberate attacks such as internal

breaches, industrial espionage and
terrorist strikesas well as inadvertent
compromises

of

the

infrastructure

due

to

equipment

failures

information
user
and

errors,
natural

disasters.

Objectives
Availability. Availability is the
most important security objective. The
availability of the electrical power grid
is its most important factor. The critical
real-time systems in the Smart Grid

have an estimated maximum latency of

the Smart Grid where confidentiality is

more

milliseconds.

These

systems

important.

The

privacy

continuously monitor the state of the

customer

electrical power grid, and a disruption

corporation information, and electric

in communications can cause a loss of

market information are some examples

power.
Integrity. Integrity is the next important
security objective in the Smart Grid.
The Smart Grid uses data collected by
various sensors and agents. This data
is used to monitor the current state of
the

electrical

power

system.

The

integrity of this data is very important.

Unauthorized modification of the data,
or insertion of data from unknown
sources can cause failures or damage
in the electrical power system. The

information,

of

general

Steps to Cyber Security

1.

Understand

existing

regulatory

requirements
2. Understand the nature of cyber
threats
3. Identify non-compliance areas and
vulnerabilities
4. Create and enforce company-wide
security procedures

electricity in the power grid not only

5. Install hardware and software to

needs to always be available, but it

ensure

also has to have quality. The quality of

vulnerabilities

the electrical power will be dependent

on the quality of the current state
estimation in the power system. The
quality of the state estimation will rely
on many factors, but integrity of input
data is very important.
Confidentiality.

The

compliance

and

protect

6. Continuously monitor as technology

and regulations evolve
Cyber

security

must

address

deliberate attacks such as internal

breaches, industrial espionage and

final

security

objective is confidentiality. The loss of

data confidentiality in the Smart Grid
has a lower risk than loss of availability
or integrity. There are certain areas in

terrorist strikesas well as inadvertent

compromises

of

the

infrastructure

due

to

equipment
disasters.

failures

information
user
and

errors,
natural

As outlined, there are six steps to

procedures. A large percentage of

protect utility T&D systems from cyber

security

breaches

are

caused

threats. The first is understanding

simple

mistakes

such

as

regulatory

password

requirements.

Industry

selection

or

by
poor

use

seminars can help, as can good

unauthorized

consultants and the right suppliers.

Eliminating these types of elementary

Discussions with peers at industry

errors will go a long way towards

events are also a good way to glean

improving cyber security.

information about the most relevant

aspects of regulation.
Much

of

the

storage

of

media.

The fifth step is to install hardware and

software that will protect against cyber

information

attacks. For existing systems, retrofits

gathering path can be taken towards

and replacement of components on a

the second step: understanding the

selective basis is the common path.

nature of cyber threats. As outlined in

For

the sidebar, SCADA Systems and

facilities, systems can be designed

Cyber

from the ground up with cyber security

Attacks,

same

threats

are

now

expanding from attacks on general

purpose computer systems to attacks

new

substations

and

in mind.

on hardware and software platforms

Actions

commonly used to perform real-time

Denial-of-service defense.

control

and

monitoring

of

power

systems.

other

All the information availability

interfere

with

the

attacks
normal

The third step is to identify areas of

information exchanges by injecting

non-compliance

vulnerabilities.

false or useless packets into the

This is most often accomplished by a

communication networks. The false

system audit, typically by engaging a

information

technical services firm specializing in

recipients in recognizing the correct

this area of SCADA security.

information.

and

The fourth step is to create and

enforce

company-wide

security

confuses
The

the

useless

packet
packets

consume a significant share of network

bandwidth such that the legitimate
traffic is knocked out in the network.

Both

types

of

deny

the

asymmetric keys. In order to establish

in

the

the encryption and decryption key

communication networks. Solutions to

pairs, key exchange protocols must be

defend against the denial-of-service

completed

attacks rely on a careful discretion of

integrity can be protected.

information

attacks

availability

the legitimate traffic from the attack

traffic. An effective solution must be

before

the

message

Authenticity enforcement

able to filter out the attack traffic to

Message origins must be verified in

protect

the

the

legitimate

information

exchanges.

networks

prevent

system

to

attackers

Integrity protection
To

power

prevent
from

communication
sophisticated
impersonating

legitimate power devices to transmit

messages

from

forged messages. The solutions to

during

guarantee message authenticity are

transmission, mechanisms are needed

built on top of the mechanisms that

for the message recipients to verify the

require message senders prove their

originality of the received messages.

identities. The identity proofs are

The integrity protection solutions rely

usually presented in the form of

on

demonstrating

unauthorized

the

between

changes

established

knowledge

of

certain secrets that are known by the

receivers on the use of message

message senders. The secrets used

encryption

message

for identification are usually the same

senders use the encryption keys to

message encryption keys used for

compute a message digest for each

integrity, protection and therefore the

message and the message receivers

authenticity

use the corresponding decryption keys

employ either the symmetric or the

to

the

asymmetric encryption and decryption

The

key pairs. Key exchange protocols are

encryption and decryption keys can be

necessary in order to establish the key

either identical or asymmetric. Usually

pairs.

received

identical

keys.

the

senders

the

and

verify

message

agreements

The

correctness

message

keys

computational

over-

digest.

have
head

of

lower
than

enforcement

Security policies

schemes

Password policy

Periodic

maintained as appropriate for the

changing

of

passwords,

of

on

default

newly

installed

Identification and Authentication

of Users

Periodic review of computer

Disabling

of

suspected

Implementation Issues
of these standards is the higher cost.
To increase the security standards in

of

costs and also requires important

investments. To start a new program of
considerable investment in a company

unauthorized

that operates in the market requires

many months, semesters or a year, in

accounts.

order to include this program in the

Secure E--mail protocols.

Intrusion detection.

Disabling of unused network

investment budget of the next year

(more equipment, software, personnel,
etc., usually require share holder

services and ports.

Secure modem connections.

Firewall software.

Install

updated

issue

is

the

where companies that are currently not

accomplishing
anti-virus

the

standards

are

allowed to keep operating in the

market without penalty in order to give

System Backup and Recovery

plan.

Operator logs, application logs, and

detection

second

implementation of a transition period,

software's.

intrusion

approval).
The

evidence

the system brings higher operational

accounts and access rights.

for

The first issue with the implementation

equipment.

and

unauthorized activity.

Replacement
passwords

purpose of checking system anomalies

logs

shall

be

them a reasonable time to improve

their security standards. Once this
period is finished the companies that
are not accomplishing the standards
should not be allowed to keep working

in the electric market because they

represent a risk for the whole power
system.

The

Other issue emerges when different

market participants merge in one, and
they have very different cyber security
systems and procedures and they may
not be easily merged with the ones of
the preexisting company. The lack of
transparency or a small delay in
process a requirement of data can
produce a problem of asymmetric
information,
valuable

since
not

information

only

for

is

market

participants but also for the whole

market. Every day the automated
systems are moving toward more open
architecture,

potentially

increasing

security vulnerabilities.
resilient electric requires substantial
research
methods to

CONCLUSION

efforts,

which

explore

development

of

an

attack

resilient electric grid is necessary

to address increasing concerns to
the security of the nations critical
infrastructure.

As

cyber

attacks

become more prevalent, attackers are

expanding

their

focus

to

address

industrial control system environments,

such as the electric grid. Additionally,
the

deployment

technologies

of

expand

smart

grid

the

grid

becomes increasingly dependent on

ICT

for

control

and

monitoring

functions which introduces greater

exposure

to

cyber

development of an attack

attack.

The

create a secure supporting infrastructure along with robust power applications.

The developing of a secure cyber infrastructure will limit an attackers ability
to gain unauthorized access to critical grid resources. Infrastructure security
enhancements require the expansion and tailoring of current cyber protection
mechanisms such as authentication, encryption, access control, and intrusion
detection systems. Unfortunately infrastructure level protection mechanisms
may not prevent all cyber attacks. The development of more robust control
applications will ensure the grid can still operate reliably during an attack by
leveraging information about expected system states and operating conditions.