The security of facilities and data has always been an important consideration for the electric utility industry. However, cyber security has become far more important than anyone might have imagined only a few years ago. Regulators, utilities and vendors are rushing to meet an entirely new taxonomy of challenges in the management and operation of supervisory control and data acquisition (SCADA), energy management systems (EMS) and distribution management systems (DMS).

A Thorny Issue

One especially difficult challenge falls squarely on the shoulders of the electric utility SCADA/EMS/DMS system operator, or the dispatcher. Traditionally, system operators have been recruited from the field operations side of the utility, but few have an information technology (IT) background. They primarily have been concerned with ensuring the safe, reliable and efficient operation of the electrical grid. However, in today’s world, the system operator is on the front line in the event of a cyber attack. Unfortunately, few system operators are likely to have the IT knowledge and experience required to recognize and respond to such an incident. This is an especially thorny problem for small- to medium-sized utilities without the luxury of 24/7 on-site IT support staff.

Not surprisingly, situational awareness is perhaps the single most important asset in responding to a cyber security incident. But comprehensive situational awareness in a complex control system is not an easy thing to provide. Business requirements of modern control systems make these systems quite complicated. Control systems may have dozens or even hundreds of client and server computers, historians, communications servers, networking devices, security monitors and log managers. Assuming each of these has excellent security monitoring capability, it is still exceedingly difficult to provide a system operator with the comprehensive and up-to-the-minute situational awareness necessary to detect a cyber attack, much less effectively respond to it.

DOE Development Funding

In 2011, Siemens’ Smart Grid division received a grant from the U.S. Department of Energy (DOE) to develop a tool called Cyber Security Manager (CSM). The goal of CSM was to monitor control system components and the system’s networks for signs of intrusion or other security-related problems, and to communicate its observations to operators in terms they would understand.

Furthermore, CSM would be able to suggest corrective actions operators could take. The DOE required Siemens to work with a team of industry advisors to ensure the project would consider the very real needs of electric utility control centers. The project recruited advisors from CenterPoint Energy, Omaha Public Power District, Sacramento Municipal Utility District, New York Power Authority and Westar Energy. Additionally, cyber scientists and analysts from Pacific Northwest National Laboratory (PNNL) participated. Development of the product is nearing completion and a companion demonstration project on a live customer-owned control system is well underway.