SecuritySolutionsVulnTracker

Why We Created a Mobile App Dedicated to Power System Cybersecurity

By November 6, 2017 September 10th, 2019 No Comments

The New Grid

Every aspect of the modernized electric grid relies on a cyber asset. From microprocessor-based protection relays to microwave communication equipment, today’s electric grid is evolving at an astonishing rate. This trend will continue as technologies become even cheaper and the desire for an energy efficient grid exists.

The objective of VulnTracker to help our clients and partners track cybersecurity vulnerabilities, news, and standards specific to the electric utility industry

WHY

The following points outline the primary motivation behind the app and why we are making it available for FREE!

Reason 1 – Shifting the Focus: If you work in or around the electric utility industry and hear the words ‘cybersecurity’, what comes to mind? For most, the first and only thing is NERC-CIP. With VulnTracker, users can access the wealth of other power system cybersecurity standards and industry best practices. Though compliance is important, a more sound approach is to first implement the technical standards and industry best practices and let compliance be the by-product. A goal of VulnTracker is to bring awareness to these publications via easy in-app viewing and sharing.

Reason 2 – Moving Past the Fear: Sadly, fear seems to be the primary impetus for implementing cybersecurity. This fear could be fear of a NERC-CIP violation and the associated $1 million/day per violation that follows or the fear of having a company’s name in the press. By focusing on engineering best practices and shedding light on the latest NIST recognized vulnerabilities affecting the grid’s constituent devices, VulnTracker helps asset owners move beyond the fear.

Reason 3 – Risk Managment: Operating and maintaining the power grid is often quoted as being an exercise in risk management. However, this endeavor is often placed on teams who may not understand the operating characteristics or role of say a protection relay or remote terminal unit. One textbook definition of risk is: RISK = (THREAT) x (PROBABILITY) x (IMPACT). Determining if a threat can be carried out requires an understanding of the OT environment. Additionally, to determine the impact of a cyber-event targeting the power grid requires input from power system engineers. By listing the vulnerabilities and providing a description of each, VulnTracker helps engineers and IT professionals promptly gauge the cyber risks for power system environments.

Reason 4 – News Filter: From election hacking to taking out a nation’s power grid, cybersecurity is a hot-button topic for the media. Often these news events are sensationalized and even twisted just to attract mouse clicks. With VulnTracker, we only share news from credible and original sources. This information can be found under Extras and is divided into two categories: Cybirical News and Industry News.

Reason 5 – IT/OT Bridge: With cybersecurity becoming more of an issue, the question is who and what department is responsible for the implementation and maintenance of cybersecurity in power systems. Often this burden is left solely to an IT department forcing them to place restrictions on those engineers who are responsible for designing, implementing, and maintaining a reliable system. The graphic below shows how this has been known to create an adversarial relationship between the IT and OT departments. The first example describes an engineer who actually kept a computer secret from his IT department because he wouldn’t be able to do his job if they knew he had the laptop. The second example describes the current state of several power system devices including relays, remote terminal units, automation controllers, etc. By explaining and organizing applicable cybersecurity and power system related terms and concepts, VulnTracker functions as a pocket reference to help bridge the IT/OT divide.

Last Modified: 11/06/2017

Note: VulnTracker is an evolving project to help asset owners address the cyber challenges of the modernized grid. As more features are added to the app over time, this article will be updated to describe the motivation behind those features.

Download FREE App Today!

About Nathan Wallace, PhD

Dr. Wallace is a CoFounder of GridIntel. He has a Doctorate in Engineering Cyberspace from Louisiana Tech University and leads multiple standards initiatives in the IEEE-PES technical committee on Power System Communications and Cybersecurity (PSCC).

Leave a Reply