Cybersecurity Best Practices Create Trusted Environments

Anthony Ciccozzi, lead cybersecurity engineer, Eaton

In 2020, an estimated 31 billion devices will be connected to the internet. This level of connectivity is building a more intelligent energy infrastructure capable of not only detecting issues, but also predicting where a problem is developing. At the same time, connectivity also increases cybersecurity threats that need to be considered in lifecycle planning.

Microgrids are a proven solution for supporting community and organizational demands for more resilient, sustainable and affordable energy. They optimize whe, when and how electricity is sourced to ensure power continuity. The distributed and connected nature of these systems means cybersecurity is essential to the purpose of a microgrid.

How to ensure microgrid cybersecurity?

Eaton’s approach to cybersecurity is centered on the concepts of secure by design, secure by default, ongoing maintenance and swift incident response. We’ve applied that methodology to build microgrids with a scalable and open architecture designed to secure connectivity, secure access and enable cost effective cybersecurity maintenance throughout the system lifecycle.

The energy sources composing a microgrid will be augmented and changed over time and require integration of components from various suppliers. The cybersecurity of these individual components and how they are deployed in the system is a critical consideration. Eaton uses a Secure Development LifeCycle process (SDLC), to create trusted environments through its own cybersecurity program.

It is critical to note that cybersecurity, even when designed into technology, is dependent on how technology is applied as threats continue to evolve.

Standards organizations provide guidance for cybersecurity from the device to the system level. And the industry can benefit from measurable cybersecurity criteria for network-connected power management products and systems. Eaton has collaborated with UL in this arena. Eaton’s work with UL provides a third-party verification that Eaton has the people, processes and technologies to ensure cybersecurity is integrated into network-connected devices throughout their lifecycles, and these network-connected products include the substation and utility-grade components used in microgrid applications.

In order to provide the highest level of defense against cyber threats, cybersecurity in increasingly connected microgrid environments should be based around:

1. Secure architecture and design: The secure design of a system refers to the overall architecture and deployment of components. Many cybersecurity risks can be mitigated through the network topology, segmentation and physical distribution. For a microgrid, the distribution of the generating assets, physical security, external access, data flow and capability of the assets are the primary considerations for the secure architecture. Based on secure architecture principles including network segmentation (into trust zones), centralized policy management, functional isolation, boundary defenses, least privilege can be applied.
2. Secure boundary defenses: Boundary defenses control network traffic flow and detect malicious payloads traversing the various network zones. Firewalls can be deployed to restrict/control dataflow through the network and only allow traffic from specific devices and from specific network addresses (whitelisting). Intrusion detection capability can be added at the boundary with a less trusted network to provide additional packet analysis and malware detection.
3. Secure access and authentication: Authentication is designed to prohibit unauthorized access, apply least privilege and enforce separation of functions. Based on an analysis of the specific system needs, additional interactive user access controls could be applied including multi-factor authentication (MFA), session management (session idle timeout, concurrent sessions, etc.) and device authentication.
4. Secure configuration: Secure configuration of system components is critical and based on customer requirements and industry hardening best practices. A secure or hardened configuration is one that only allows ports and services required for operation, provides only necessary privileges, disables less secure protocols, disables unnecessary accounts and changes default accounts and credentials. Defined secure configurations are critical to configuration management and disaster recovery programs.
5. Malware protection: Malware prevention and detection are critical on all asset types. For a distributed system like a microgrid, several malware protection solutions are deployed including commercially available black-listing solutions (e.g. antivirus), whitelisting as well as general endpoint protection for servers, workstations, firmware signing and integrity monitoring solutions on embedded devices. Additional malware protection is accomplished through the deployment of intrusion detection solutions at network boundaries.
6. Secure maintenance and monitoring: The continuous maintenance and real-time monitoring of a microgrid are also performed to ensure continuous risk identification and remediation. Microgrid events and alarms can be configured for centralized collection, correlation and alerting from all asset types for a comprehensive view of system operation and potential intrusions. The continuous threat and vulnerability management of individual assets and as-deployed systems are also performed throughout the entire lifecycle. A maintenance schedule including bi-weekly, monthly and yearly activities is recommended as a best practice.

It is critical to note that microgrid cybersecurity, or any cybersecurity, even when designed into technology, is dependent on how technology is applied as threats continue to evolve. The way technology is applied and the software updates that a customer chooses for their system and environment impact cybersecurity. As threats evolve and vulnerabilities are discovered, customers must work with providers to  continuously evaluate, analyze, resolve and communicate risks. Ensuring customers are aware of these risks and resulting mitigation, remediation, updates and industry best practices is crucial.

It is also critical that microgrid device manufacturers provide secure products, secure deployment guidance and cybersecurity focused maintenance recommendations — all based on industry standards and best practices.

Anthony Ciccozzi is lead cybersecurity engineer at Eaton. 

Learn more about a holistic approach to cybersecurity: tune into this Eaton and UL broadcast.