Best Practices to Enhance Cyber Resilience of Smart Electricity Grid with Focus on Advance Metering and Distribution Infrastructure

The full paper is available on :

Proceedings of the 23^rd World Energy Congress 2016, Istanbul, Volume 1,  PP 985-1008

By Dr. Babu Ram (Unfolding Energy Board Member)

The cyber-attacks are likely to increase in the electricity grid in the next ten years in the world due to:  (1) the internet-connected systems are increasing targets (2) security is not the first concern in the design of internet applications (3) major cyber-attacks have already happened, i.e. Stuxnet worm, Havex, and BlackEnergy 3 and (4) electricity sector is one among most vulnerable sectors. Therefore, the cyber security of electricity grid is of paramount importance and a global issue.

In view of the above, the questions lurking in minds of company executives are:  what are best practices and what we can we learn from best-practices in cyber resilience, and what types of changes are required for the energy industry to be prepared for today’s critical inter-connectivity?; How do we translate cyber risks from an operational risk to a business concern?; What do leaders need to know; and what can they do in the future to better prepare our systems in the instance of sheer sabotage?

This paper is about addressing these questions. The underlying themes are: the cyber resilience of smart electricity grid could be enhanced: firstly by preventing and destroying a cyber-attack where it happens and at the same time by blocking the spread of attack to other networks and systems in the interconnected power systems; and secondly by restoring the power supplies to customers quickly if the electricity grid fails due to a cyber-attack.

Besides introduction, the paper is divided into five parts: part 2 is about review of cyber security threats and attacks in the literature. Part-3 presents best practices to learn lessons from and to enhance cyber resilience of electricity grid. The best practices subsume a comprehensive cyber security framework with application to advance metering and electricity distribution infrastructure. Part 4 addresses some critical questions: What types of changes are required for the energy industry to be prepared for today’s critical interconnectivity?; How do we translate cyber risks from an operational risk to a business concern?; and How do we finance cyber resilience electricity infrastructure. Part 5 of the paper, given the limited experience with cyber- attacks, which triggered power outages in the interconnected system, presents an evolving set of best practices to restore power supplies to customers if the grid fails due to these types of attacks. Finally, conclusions, recommendations and future research areas have been presented.