Utility assets have traditionally been secured by proprietary communications links whose security depends on physical access control and operational obscurity.
Renewables, especially those located behind the meter, are often connected via the public Internet. While industry is moving to address the cybersecurity of renewables via standards such as IEEE 2030.5, it is widely hoped that integrating these secured internet standards with traditional utility control systems will support future needs. However, these efforts will inevitably be hampered by reliance on the internet’s underlying networking protocol suite and will quickly reach fundamental limits. At scale, complex security overlays such as VPNs and firewalls within intertwined IT/OT networks become overly burdensome and will negatively impact utility’s bottom line.
Humans are not machines
Network administrators instinctively look to traditional Information Technology (IT) suppliers for evolving operational technology (OT) challenges and deploy IT-developed technologies such as software defined networks (SDN) and virtual private networks (VPN). This approach frequently backfires since IT infrastructure was designed to connect humans to large-scale software applications, not industrial machines. Repurposing IT solutions into operational technology (OT) environments often results in overly complex and costly solutions that ultimately fail the security test.
Meeting the OT Challenge - It’s Time for Zero Trust
While representing a step forward, VPNs and SDN are not perfect since they bring administrative overhead and are vulnerable to attack. Both approaches rely on the concept of perimeter security that establishes a barrier between trusted networks, and all those outside that are assumed to be hostile. VPNs build secure pipes, one at a time, between a limited number of trusted zones protected by firewalls, while SDN technologies allow for a more complex fabric of such zones to be created and managed. Yet, perimeter security suffers from a fundamental flaw: It assumes anything accessing resources from inside the secure perimeter can be trusted. This is a bad assumption. There are as many internal threats as external ones, as evidenced by the myriad examples of malicious and negligent insider attacks.
For modern machine-based energy networks it makes more sense to employ an identity-based security strategy of trusting no one until authenticated. This approach is called a “Zero Trust Architecture” (ZTA), whose underlying principle is to not allow anyone or anything access to perform each and every action until they prove their identity.
Primary assumptions in ZTA:
- The network is always assumed to be hostile.
- External and internal threats exist on the network at all times.
- Network locality is not sufficient for deciding trust in a network.
- Every device, user, and network flow is authenticated and authorized.
- Policies must be dynamic and calculated from as many sources of data as possible.
In response to the major Solar Winds cybersecurity incident impacting multiple critical OT infrastructure systems, Executive Order 14028 was issued¹ directing substantial improvements to U.S. infrastructure cybersecurity, and including zero-trust architectures as a key component to be integrated.
Example - Utility ‘Last Mile’ Connection to Distributed Renewables
Communication protocols, such as Modbus and DNP3, have limited cybersecurity capabilities and rely on additional standards such as IEC 62351 to add security. This results in patchwork solutions that are difficult to administer and can never be economically viable when extended to distributed renewables outside a utility’s direct control.
Instead, with zero trust solutions utilities can economically deploy digitalization projects without sacrificing reliability or security. Thus, extending a utility’s existing communications networks out to the ‘last mile’ of connectivity can easily be supported.
Connect with Operant Networks for more information.
Resource:
¹ https://www.govinfo.gov/content/pkg/FR-2021-05-17/pdf/2021-10460.pdf