Cyber security for crucial power networks
The Union Minister for Power Sushil Kumar Shinde, through a video link, said that there is need for a system that can tackle the highest level of such attacks on power networks and smart grids.
A first-of-its-kind one-day seminar on ‘Cyber security for crucial power networks’, organised by city-based High-Tech Technologies (HTT) along with its foreign partner Fox-IT, was held in Mumbai. In view of the huge potential of cyber security, the company intends to expand its customer base using the latest technology of data-diodes which its foreign partner Fox-IT has pioneered and is introducing in India. The main objective of the seminar was to share the knowledge of experts from the power sector in India about the important components of the data-diode technology and explain its function and topology. Addressing the audience through video link and highlighting the need for cyber security in today’s changing world, chief guest for the seminar, Union Minister for Power, Sushil Kumar Shinde, said, “Today’s changing world and changing market dynamics has necessitated a more robust and secure system that can tackle the highest level of cyber attack on critical infrastructure like power networks and smart grids.” He also appreciated the efforts of Dr Dinesh Mhatre, CEO of High-Tech Technologies, for piloting the idea and bringing the latest technology in India.
Delivering the keynote address, Ramesh Chandak, MD and CEO, KEC International and President, IEEMA, said, “For a developing nation like India a cornerstone for the growth of the economy is going to be its ability to employ computers to transact businesses and operations of our infrastructure. Our dependence on cyber space means that the underlying infrastructure and network must be reliable and resolute. Cyber security is a universal issue and there needs to be coordination of public and private sector entities in combating cyber threat.” He observed that cyber attacks can be equated to terrorism and efforts must be directed to protect networks from deliberate attacks. While the power sector can be amongst the bigger casualties of cyber attacks other critical sectors like transport and healthcare too are vulnerable, he said. He also made a pertinent remark that it is not only large companies that need to protect themselves from cyber vandalism but even the SME sector can be affected and that any cyber attack on the SME sector can seriously disrupt the supply chain. The power sector is crucial to the economy and hence power networks need special protection from cyber threat. He cited examples of security breaches in smart grids of even developing nations like the USA. He said that right from power generation to consumption, power networks could be hacked. Cyber attacks can not only result in disruption of power supplies, but also cause widespread data corruption, leading to commercial losses of power utilities.
Underlining the importance of smart grids, he said that the Indian government has created a task force on smart grids and that IEEMA too has created a smart grid division. He said, “In a smart grid where there is two-way communication between the point of generation and the point of consumption, there is a possibility of cyber attack and vulnerability can occur due to back doors that are left open for intruders to attack at will.”
Underlining the timeliness of the seminar and in his detailed presentation, NS Sodha, Executive Director, PowerGrid Corporation of India, said, “Connectivity and data flow have increased manifold and more and more secured power networks are necessary in future.” He discussed the issue of cyber threat in the power sector and how upcoming power systems need to be equipped to handle malicious cyber intent. In the XII Plan period (2012-17), India will be adding around 80,000 MW of new power generation capacity that would be much more than the cumulative achievement of the past 15 years. Investment to the order of Rs 4 trillion will be made in the power T&D sector alone, he noted. In future, there will be Internet connectivity between the power generator and power consumer. Grid management centres are already interacting with market intermediaries like power regulators and power exchanges.
Speaking about the Indian market, Jeremy Butcher, CEO, Fox-IT, said, “India is the fastest-growing economy and has huge potential and presents numerous opportunities for growth. There is more entrepreneurialism and more willingness to innovate and this helps in getting customers willing to accept innovative solutions.”
He discussed at length the nature of cyber threats and gave examples from different parts of the world of how utility services were affected through cyber espionage. He even cited an example of a leading private sector utility company going bankrupt following a cyber assault. Fox-IT is a global provider of cyber security services and its flagship data diode product is being widely used in various countries by critical network infrastructure companies to protect their networks. Fox-IT, through a partnership with Hi-Tech Technologies, is launching its products and services in India. Jeremy made a very enlightening observation that though firewalls are often regarded as an efficient means to protect networks, they have serious limitations and are extremely vulnerable. Data diodes, on the other hand, offer much stronger protection. Discussing technical details, the Fox-IT official explained that data diodes offer complete protection because they allow only unidirectional flow of information. He said that smart grids have created new opportunities for attack and this can have a very large impact on power companies. They can attack the network, the system and the meter simultaneously. The smart meters are more vulnerable as they are close to the consumers and hence are easily accessible.
The highlight of the seminar was a thought-provoking presentation by BJ Srinath, Senior Director, CERT-in, Ministry of Communication & Information Technology, and Government of India, who not only gave an overview of India’s efforts towards building cyber security, but also touched upon the subject of security on a rather philosophical plane. He quipped that there was nothing like ‘absolute security’ and that it is only a question of increasing our comfort level about security. He observed that while formulating security measures, 80 per cent of the solution comes from ‘common sense’ while another 15 per cent is the contribution of technology. There will always be a small component that is beyond one’s control. Highlighting a paradox about security that attracted bouts of laughter, he said, “Deciding that I am at low risk is in itself the biggest risk!”