Data Encryption for Substations

Encryption has become standard practice in other verticals that depend on online data transfers, such as online banking and shopping.

01/15/2013


The consulting-specifying engineer should be familiar with encryption schemes for all devices connected to the substation. Encryption has become standard practice in other verticals that depend on online data transfers, such as online banking and shopping. In fact, due to the ease with which encryption can be accomplished and the low cost of the semiconductors that enable it, encryption will become a universal expectation. So it is today with power.

The substation owner and/or utility involved may be presented with an operational liability if encryption isn’t applied to data generated by sensors and controls. The use of “clear text” is simply too risky. (That operational liability could well become a legal one if operational data was breached by a malevolent actor and used to damage property or inflict harm on human life.) The encryption of information output from or to intelligent electronic devices (IEDs) or traveling between them falls under IEEE 1711™ “Trial-Use Standard for a Cryptographic Protocol for Cyber Security of Substation Serial Links.”

Encryption, fundamentally, is a cyber security issue. Encryption is applied specifically to avoid the unauthorized access to data, which could thwart an intentional attack or protect against the unintended consequences of mistakes made by authorized personnel.

Be aware, however, that encryption of data adds “overhead,” or latency, to its transmission over the substation communication network.

And the CSE should be aware of technical solutions which are available, such as the encryption of data on serial links, such as RS-232 and RS-485 communication channels. These are non-network channels are commonly used for remote access to a substation by operations engineers or the interconnected utility tapping into the SCADA system and/or an energy management system (EMS). (IEEE 1711 provides cryptographic protocols for the addition of cyber security on serial links.)

Today we’re seeing a vast number of these communication links on the grid for protective relays and remote monitoring systems, via a “bump in the wire” retrofit, rather than the impractical swap-out of existing IEDs for the sole purpose of adding encryption to heighten security.    

This works in the following manner: unencrypted data is sent from a device out a serial port where that “bump in the wire” really is a box that applies encryption. Another such “bump”/box is placed at the recipient’s end to decrypt the data.

This application is particularly useful when communications must use public infrastructure such as a leased line from a local telco or a radio system – whenever the client does not have complete control over both ends of the data exchange.

Whenever two of anything – in this case, “boxes” – are involved, multiple vendors are likely, and those boxes must play well together. The U.S. Department of Energy has completed work on a three-year project, which ended last fall, known as the Lemnos Interoperability Security Program. Lemnos sought to define a set of configuration parameters to ensure a standard approach for the encryption and decryption of networked data by different devices. (Lemnos also provides an interoperability and testing framework for other security protocols.) 

Various IEEE groups are now considering Lemnos’ results for an IEEE standard. The IEEE Power & Energy Society Substation Group would be a logical choice and it may in fact end up being the lead on this effort. It might conceivably become part of IEEE 1711, like 1711.1 or something like that.

The consulting-specifying engineer would be well-advised to keep tabs on these efforts, as the CSE may be called upon to evaluate encryption boxes as they determine the appropriate level of encryption (and thus security) needed in any given circumstance.

Although with the growth of the encryption industry, these “bumps in the wire” boxes don’t add much if any latency, there are exceptions to keep in mind. This is particularly true in the case of the high-speed communications needed for protective relays, where the CSE must take into consideration the timeframes needed for the function in question. Latency must not interfere with response time, for instance, in the case of protection devices.


Sam Sciacca is an active senior member in the IEEE and the International Electrotechnical Commission (IEC) in the area of utility automation. He has more than 25 years of experience in the domestic and international electrical utility industries. Sciacca serves as the chair of two IEEE working groups that focus on cyber security for electric utilities: the Substations Working Group C1 (P1686) and the Power System Relay Committee Working Group H13 (PC37.240). Sciacca also is president of SCS Consulting.



No comments
The Top Plant program honors outstanding manufacturing facilities in North America. View the 2013 Top Plant.
The Product of the Year program recognizes products newly released in the manufacturing industries.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
The true cost of lubrication: Three keys to consider when evaluating oils; Plant Engineering Lubrication Guide; 11 ways to protect bearing assets; Is lubrication part of your KPIs?
Contract maintenance: 5 ways to keep things humming while keeping an eye on costs; Pneumatic systems; Energy monitoring; The sixth 'S' is safety
Transport your data: Supply chain information critical to operational excellence; High-voltage faults; Portable cooling; Safety automation isn't automatic
Case Study Database

Case Study Database

Get more exposure for your case study by uploading it to the Plant Engineering case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.

These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.

Click here to visit the Case Study Database and upload your case study.

Maintaining low data center PUE; Using eco mode in UPS systems; Commissioning electrical and power systems; Exploring dc power distribution alternatives
Synchronizing industrial Ethernet networks; Selecting protocol conversion gateways; Integrating HMIs with PLCs and PACs
Why manufacturers need to see energy in a different light: Current approaches to energy management yield quick savings, but leave plant managers searching for ways of improving on those early gains.

Annual Salary Survey

Participate in the 2013 Salary Survey

In a year when manufacturing continued to lead the economic rebound, it makes sense that plant manager bonuses rebounded. Plant Engineering’s annual Salary Survey shows both wages and bonuses rose in 2012 after a retreat the year before.

Average salary across all job titles for plant floor management rose 3.5% to $95,446, and bonus compensation jumped to $15,162, a 4.2% increase from the 2010 level and double the 2011 total, which showed a sharp drop in bonus.

2012 Salary Survey Analysis

2012 Salary Survey Results

Maintenance and reliability tips and best practices from the maintenance and reliability coaches at Allied Reliability Group.
The One Voice for Manufacturing blog reports on federal public policy issues impacting the manufacturing sector. One Voice is a joint effort by the National Tooling and Machining...
The Society for Maintenance and Reliability Professionals an organization devoted...
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
Maintenance is not optional in manufacturing. It’s a profit center, driving productivity and uptime while reducing overall repair costs.
The Lachance on CMMS blog is about current maintenance topics. Blogger Paul Lachance is president and chief technology officer for Smartware Group.