Editor’s Note: This article was created with expertise from Germán Fernández, our vertical marketing manager for the power utility industry.
The adoption of new technologies in electrical substations has improved communications, but it has also made these networks more vulnerable to cyber threats.
In the past, electrical substations were designed to be safe, easy to use and reliable. Security wasn’t a concern. As the substations have become more complex in their design, cyber security became a priority.
A substation with lax security is more likely to fail or have issues – and these failures can be expensive. So, it’s necessary to have a security policy in place that can help minimize or contain threats.
A good cyber security policy focuses on these three objectives:
Typical wisdom is that in IT networks, confidentiality is the main objective. However, in industrial networks, availability is usually considered the critical design parameter. (For an alternate view on why integrity is the most critical objective for control networks, see this article.) Gas-insulated switchgear (GIS) and bay control units in a substation.
It’s important to note that cyber security is not a static process. As conditions and threat sources change, you may need to upgrade systems and update your policies. Regardless of the source of the threat, an effective cyber security policy contains the following five levels of security:
In the past, a cyber security policy would often have a single point of defense. However, as substations become more complex, it’s now necessary to have a cyber security policy with several defense points. A policy based on Defense in Depth is a practical and cost-effective solution.
Defense in Depth involves using multiple, overlapping layers of protection and includes both policies and procedures, as well as the physical network security. A multi-layered security approach allows you to control or manage an attack more efficiently, while allowing the protected portion of the system to stay secure and running.
Defense in Depth is based on the following concepts:
It’s not possible to completely prevent all attacks. But you can quickly detect attacks, isolate them and control them so they don’t impact other areas of the substation network.
Since electrical substations evolve over time, it is necessary to conduct maintenance tasks in order to protect the network. These include changing device passwords on a regular basis, implementing upgrades to fix bugs and maintaining regular antivirus software updates.
Belden can help you choose the architecture, security policies and devices to create a robust cyber security policy. Belden’s staff of experts stays up to date on the latest trends in substation networks, and Belden’s portfolio of products is designed to meet the most demanding cyber security standards.
In North America, Belden offers a free Industrial Ethernet Infrastructure Design Check-Up that includes security evaluations. To arrange, call 1-855-400-9071 or email firstname.lastname@example.org.In Europe and other countries, the Belden Competence Center provides cost-effective solutions for high-performance networks. To learn more about their services, visit www.beldensolutions.com/en/Contact/index.phtml.
Where are you in your efforts to secure your electrical substation? I look forward to hearing from you.
Belden Products for Cyber Security in Substations