Can smart grids be protected against PNT cyber attacks? | Panda Anku

Nino de Falcis

By Nino De Falcis, Senior Director of Business Development, ADVA

Today’s critical network infrastructure is heavily dependent on location, navigation and timing (PNT) services. Power grids, financial markets, transportation, data centers, communications – all have become more complex and interconnected, while the threats to the PNTs on which they depend have increased in frequency and complexity. PNT systems are so vulnerable to the activities of cybercriminals that attacks could soon take on global proportions and impact, potentially costing billions of dollars.

Utilities are a key example of vulnerable infrastructure. In the past, power grids were passive systems where everything was simple, centralized and energy flowed in only one direction as AC power was made available to consumers. However, growth in renewable and distributed energy resources has fueled market diversification and a new paradigm of bi-directional AD and DC power generation and distribution has emerged: the smart grid.

timing challenges

Today, many smaller generators generate electricity from multiple sources. The power grid has become a decentralized system and the flow of energy is now bi-directional. Energy from solar panels (microgrids), for example, can be generated by private individuals and either stored or fed back into the grid. Electric vehicles (EVs) are also becoming more common, and like all other nodes in the smart grid, charge points require an accurate timestamp of the massive amount of data they generate to balance electricity demand and supply.

Precise timing is also key to redirecting power flows away from transmission outages, locating power line faults, and synchronizing distributed control and protection systems. Without highly accurate timing and synchronization, power grids are prone to partial and even complete blackouts.

Because of this, the accuracy requirements for time-stamping data are more stringent than ever. In fact, they are transitioning from the old Network Timing Protocol (NTP) timestamp, which requires millisecond precision, to the Precision Timing Protocol (PTP) timestamp, which requires sub-microsecond precision. The Syncrophaser now requires better than 1 microsecond accuracy.

For fault location we are now at 100 nanoseconds. The micro-pointer measurement unit (PMU) is less than 1 microsecond, and substation LAN communication protocols need to be timestamped as low as 100 microseconds for GOOSE IEC 61850 and 1 microsecond for IEC 61850 samples. This is a big change from just five years ago, when accuracy in all of these categories was firmly in the millisecond range, and it’s a high bar to be met by next-generation redundant systems should GPS or ground-based timing become compromised.

Photo: solarseven/iStock/Getty Images Plus/Getty Images

Photo: solarseven/iStock/Getty Images Plus/Getty Images

New standards

Policies for full PNT infrastructure redundancy are being pushed by governments around the world. In the United States, regulations are driven by Department of Homeland Security (DHS) Executive Order 13905, which provides a framework for how Assured PNT (aPNT) should work. It states that the PNT infrastructure must perform three core functions: Prevent, Respond, and Recover. The infrastructure must be able to prevent atypical PNT failures and PNT source corruption. When prevention fails, networks must be able to respond to detected errors or anomalies and then recover from those errors.

The DHS framework describes four levels of resilience. Level 1 has only one source providing PNT, while Level 4 is a next-generation system that leverages multiple sources to derive and distribute PNT data. At Level 4, systems must be self-survivable. This means they must function for long periods of time without a GPS timing source, or when ground-based timing sources have otherwise been compromised. There is even a resilient PNT standard IEEE P1952 in the works that uses this DHS framework.

Rising threats

There are two categories of threats to PNT: external and internal. External threats include jamming (GPS blocking devices retail for as little as $20) and spoofing, which involves transmitting fake GPS signals that Mislead recipients into calculating an incorrect position. Sophisticated cyberattacks can take the form of either, and spoofing (especially synchronous) is the most complex to detect.

The two main internal PNT threats come from attacks on the NTP and PTP network timing and active GPS receivers connected to the network.

Traditional power grids have traditionally used NTP to distribute timing to substations, including IRIG, and this has already proven vulnerable to attacks as it can be hacked through a process called NTP amplification.

Today, power grids are increasingly migrating to PTP because it provides the sub-microsecond accuracy required for modern applications. PTP hasn’t been hacked either, but that doesn’t mean it won’t be anytime soon. If an attack does occur on poorly prepared critical infrastructure, the consequences can be catastrophic.

Secure smart grid timing components

There are two components in the smart grid: telecom connectivity to transport data and grid protection, which has different levels of generation grid control, transmission and management. On the telecom side, there is the edge telecom network and sometimes there are data centers. There are either core or edge data centers and they also come with very good timing. A key concept in the data center is time-as-a-service and GPS backup-as-a-service if the GPS fails. The Smart Grid can also use this service as it provides even more robust protection and security against threats to PNT. See Diagram 1.

Diagram 1. A key concept in the data center is Time as a Service.  (Image: ADVA)

Diagram 1. A key concept in the data center is Time as a Service. (Image: ADVA)

A robust and secure PNT solution

As with other aspects of cybersecurity strategy, smart grids must use a zero-trust framework from PNT sources. This approach never assumes that a PNT source can be trusted. Instead, it uses a multi-source approach, where sources are verified and compared to each other in real-time for the most accurate timing possible.
To prevent and mitigate GPS interruptions, smart grid operators should deploy a resilient and secure PNT solution. This means it is based on three integrated technologies: multi-layered detection, multi-source backup, and multi-layered fault-tolerant mitigation.

Layered detection is performed by timing devices – either single or redundant – that have jamming and spoofing detection and monitoring capabilities. GNSS devices are also capable of comparing sources such as network PTP timing, and can be fitted with standalone GNSS backup clocks that use rubidium or cesium oscillators to provide the most reliable timing information from other timing -Get sources on the network.

Multi-source backup comes in the form of a cesium or rubidium oscillator that can provide extended holdover. The backup can be further strengthened with other sources such as eLORAN, NIST and LEO.

A neural network management system is an intelligent platform that ties together everything from self-recovery and backup software to notifying users of problems in the network-wide timing infrastructure. It provides transparency and control over all aspects of prevention, mitigation and assurance. The management system provides detailed operational data on the smart grid, showing the failure locations, failure types and PTP backup assurance performance. Through capabilities powered by artificial intelligence and machine learning, the management and control system provides end-to-end control, transparency, and trusted, secured PNT. It has all the intelligence to detect threats and also take action against them, quickly restoring the network’s timing distribution capability while keeping the network timing self-surviving. See Diagram 2.

Diagram 2. Protection against PNT cyberthreats requires the integration of multiple PNT technologies.  (Graphic: ADVA)

Diagram 2. Protection against PNT cyberthreats requires the integration of multiple PNT technologies. (Image: ADVA)

Defense against cyber attacks with a defense-in-depth approach

So let’s imagine there is a major attack on a smart grid. A jamming device was used to jam GPS reception on an Edge Grandmaster used at a substation, while at the core of the network an ePRTC’s ability to receive GNSS signals was also compromised. GPS is no longer useful as a source for timing in the smart grid.

The intelligent software monitoring and management system is the first line of defense, detecting and alerting operators to two or more attacks on the GPS: one on the core of the network and one on the substation. The network timing capability of the entire smart grid has been compromised.

Upstream from the substation, the Core Enhanced PRTC (ePRTC) has become an unreliable timing source. However, it is equipped with a cesium clock that intervenes to propagate the trusted PNT backup to the substation and throughout the rest of the network. The cesium clock has no antenna, no RH signal, and is a stratum 1 clock that can propagate highly accurate timing (accurate to 1 microsecond over four months) throughout the network. It has now become the trusted source for timing until GPS can be recovered.

Photo: Thossaphol/iStock/Getty Images Plus/Getty Images

Photo: Thossaphol/iStock/Getty Images Plus/Getty Images

Time for multi-source protection

The most important element of PNT is timing. Without timing there is no positioning or navigation – it allows for both – and so distributing accurate timing must be our primary concern when building systems.

For smart grids and all other critical infrastructure that depends on PNT to function, the cornerstone of secure and self-surviving timing networks is the concept of zero-trust. A multi-source approach to building timing networks will allow critical infrastructure operators to leverage a combination of intelligent management software and timing devices equipped with appropriate PTP holdover to respond to any threats to PNT.

To see a practical example of this approach in action, check out the DOE DarkNet program.

Leave a Comment