Security Challenges of Reconfigurable Devices in the Power Grid
Control systems used in the electrical power grid cover large geographic areas with hundreds or thousands of remote sensors and actuators. Software defined radios (SDRs) are a popular wireless alternative for replacing legacy communication devices in power grid control systems. The advantages include a low-cost, extensible communications infrastructure and the ability to reconfigure devices over-the-air, enabling the rapid implementation and upgrade of control networks. This paper focuses on the security issues related to deploying reconfigurable SDR devices as communication platforms for substations and field instruments in the power grid. The security goals are to prevent the installation and execution of unauthorized software, ensure that devices operate within the allowed frequency bands and power levels, and prevent devices from operating in a malicious manner. The main challenges are to dynamically and securely configure software components supplied by different vendors, and to validate device configurations. This paper analyzes the security goals and challenges, and formulates security requirements for a trusted SDR device configuration framework.
Keywords: Power grid, reconfigurable devices, software defined radios, security
KeywordsPower Grid Master Node Ultra High Frequency Security Goal Very High Frequency
- W. Eichelburg, Using GPRS to connect outlying distribution substations, Proceedings of the Eighteenth International Conference and Exhibition on Electricity Distribution, vol. 3, p. 54, 2005.Google Scholar
- J. Ellis, D. Fisher, T. Longstaff, L. Pesante and R. Pethia, Report to the President’s Commission on Critical Infrastructure Protection, Special Report CMU/SEI-97-SR-003, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, 1997.Google Scholar
- Federal Communications Commission, In the Matter of Authorization and Use of Software Defined Radios, First Report and Order (FCC 01-264), Washington, DC (www.fcc. gov/Bureaus/Engineering Technology/Orders/ 2001/fcc01264. pdf), 2001.
- Institute of Electrical and Electronics Engineers, IEEE 1402 Guide for Electric Power Substation Physical and Electronic Security, Document IEEE 1402, Piscataway, New Jersey, 2000.Google Scholar
- National Communications System, Supervisory Control and Data Acqui- sition (SCADA) Systems, Technical Information Bulletin NCS TIB 04-1, Arlington, Virginia, 2004.Google Scholar
- P. Oman, E. Schweitzer and D. Frincke, Concerns about intrusions into remotely accessible substation controllers and SCADA systems, Proceed- ings of the Twenty-Seventh Annual Western Protective Relay Conference, 2000.Google Scholar
- A. Risley and J. Roberts, Electronic security risks associated with the use of wireless point-to-point communications in the electric power industry, presented at the DistribuTECH Conference and Exhibition, 2003.Google Scholar
- Wipro Technologies, Software defined radio, White Paper (www.wipro. com/webpages/insights/softwareradio. htm, 2002.