Data Encryption for Substations

Encryption has become standard practice in other verticals that depend on online data transfers, such as online banking and shopping.


The consulting-specifying engineer should be familiar with encryption schemes for all devices connected to the substation. Encryption has become standard practice in other verticals that depend on online data transfers, such as online banking and shopping. In fact, due to the ease with which encryption can be accomplished and the low cost of the semiconductors that enable it, encryption will become a universal expectation. So it is today with power.

The substation owner and/or utility involved may be presented with an operational liability if encryption isn’t applied to data generated by sensors and controls. The use of “clear text” is simply too risky. (That operational liability could well become a legal one if operational data was breached by a malevolent actor and used to damage property or inflict harm on human life.) The encryption of information output from or to intelligent electronic devices (IEDs) or traveling between them falls under IEEE 1711™ “Trial-Use Standard for a Cryptographic Protocol for Cyber Security of Substation Serial Links.”

Encryption, fundamentally, is a cyber security issue. Encryption is applied specifically to avoid the unauthorized access to data, which could thwart an intentional attack or protect against the unintended consequences of mistakes made by authorized personnel.

Be aware, however, that encryption of data adds “overhead,” or latency, to its transmission over the substation communication network.

And the CSE should be aware of technical solutions which are available, such as the encryption of data on serial links, such as RS-232 and RS-485 communication channels. These are non-network channels are commonly used for remote access to a substation by operations engineers or the interconnected utility tapping into the SCADA system and/or an energy management system (EMS). (IEEE 1711 provides cryptographic protocols for the addition of cyber security on serial links.)

Today we’re seeing a vast number of these communication links on the grid for protective relays and remote monitoring systems, via a “bump in the wire” retrofit, rather than the impractical swap-out of existing IEDs for the sole purpose of adding encryption to heighten security.    

This works in the following manner: unencrypted data is sent from a device out a serial port where that “bump in the wire” really is a box that applies encryption. Another such “bump”/box is placed at the recipient’s end to decrypt the data.

This application is particularly useful when communications must use public infrastructure such as a leased line from a local telco or a radio system – whenever the client does not have complete control over both ends of the data exchange.

Whenever two of anything – in this case, “boxes” – are involved, multiple vendors are likely, and those boxes must play well together. The U.S. Department of Energy has completed work on a three-year project, which ended last fall, known as the Lemnos Interoperability Security Program. Lemnos sought to define a set of configuration parameters to ensure a standard approach for the encryption and decryption of networked data by different devices. (Lemnos also provides an interoperability and testing framework for other security protocols.) 

Various IEEE groups are now considering Lemnos’ results for an IEEE standard. The IEEE Power & Energy Society Substation Group would be a logical choice and it may in fact end up being the lead on this effort. It might conceivably become part of IEEE 1711, like 1711.1 or something like that.

The consulting-specifying engineer would be well-advised to keep tabs on these efforts, as the CSE may be called upon to evaluate encryption boxes as they determine the appropriate level of encryption (and thus security) needed in any given circumstance.

Although with the growth of the encryption industry, these “bumps in the wire” boxes don’t add much if any latency, there are exceptions to keep in mind. This is particularly true in the case of the high-speed communications needed for protective relays, where the CSE must take into consideration the timeframes needed for the function in question. Latency must not interfere with response time, for instance, in the case of protection devices.

Sam Sciacca is an active senior member in the IEEE and the International Electrotechnical Commission (IEC) in the area of utility automation. He has more than 25 years of experience in the domestic and international electrical utility industries. Sciacca serves as the chair of two IEEE working groups that focus on cyber security for electric utilities: the Substations Working Group C1 (P1686) and the Power System Relay Committee Working Group H13 (PC37.240). Sciacca also is president of SCS Consulting.

No comments
The Top Plant program honors outstanding manufacturing facilities in North America. View the 2013 Top Plant.
The Product of the Year program recognizes products newly released in the manufacturing industries.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
A cool solution: Collaboration, chemistry leads to foundry coat product development; See the 2015 Product of the Year Finalists
Raising the standard: What's new with NFPA 70E; A global view of manufacturing; Maintenance data; Fit bearings properly
Sister act: Building on their father's legacy, a new generation moves Bales Metal Surface Solutions forward; Meet the 2015 Engineering Leaders Under 40
Cyber security cost-efficient for industrial control systems; Extracting full value from operational data; Managing cyber security risks
Drilling for Big Data: Managing the flow of information; Big data drilldown series: Challenge and opportunity; OT to IT: Creating a circle of improvement; Industry loses best workers, again
Pipeline vulnerabilities? Securing hydrocarbon transit; Predictive analytics hit the mainstream; Dirty pipelines decrease flow, production—pig your line; Ensuring pipeline physical and cyber security
Upgrading secondary control systems; Keeping enclosures conditioned; Diagnostics increase equipment uptime; Mechatronics simplifies machine design
Designing positive-energy buildings; Ensuring power quality; Complying with NFPA 110; Minimizing arc flash hazards
Building high availability into industrial computers; Of key metrics and myth busting; The truth about five common VFD myths

Annual Salary Survey

After almost a decade of uncertainty, the confidence of plant floor managers is soaring. Even with a number of challenges and while implementing new technologies, there is a renewed sense of optimism among plant managers about their business and their future.

The respondents to the 2014 Plant Engineering Salary Survey come from throughout the U.S. and serve a variety of industries, but they are uniform in their optimism about manufacturing. This year’s survey found 79% consider manufacturing a secure career. That’s up from 75% in 2013 and significantly higher than the 63% figure when Plant Engineering first started asking that question a decade ago.

Read more: 2014 Salary Survey: Confidence rises amid the challenges

Maintenance and reliability tips and best practices from the maintenance and reliability coaches at Allied Reliability Group.
The One Voice for Manufacturing blog reports on federal public policy issues impacting the manufacturing sector. One Voice is a joint effort by the National Tooling and Machining...
The Society for Maintenance and Reliability Professionals an organization devoted...
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
Maintenance is not optional in manufacturing. It’s a profit center, driving productivity and uptime while reducing overall repair costs.
The Lachance on CMMS blog is about current maintenance topics. Blogger Paul Lachance is president and chief technology officer for Smartware Group.