Cybersecurity Tool Integration Challenges with IEDs in Digital Power Systems
9 December, 2020 | White paper
Deploying and integrating cybersecurity technologies and tools/solutions in an industrial operating environment must be well planned and executed. These deployments are prone to risks such as the disruption/impact to business operations, people, safety, environment, and others. To mitigate these
risks, cybersecurity/Digital Power System (DPS) project managers must consider implementing Proof of Concept (PoC) tests in their project execution plans, prior to full scale implementation. The approach is to identify gaps in tool/solution functionality, interoperability issues with Intelligent Electronic Devices (IEDs) or technology enhancements prior to making a purchasing commitment and ultimately the field technology deployments.
A vendor agnostic PoC methodology that is tailored to cybersecurity tool integration in DPSs is presented. Although, there can be similarities with other types of technology integration projects (i.e.IT, enterprise, or corporate), there are distinct differences and challenges when developing an integration strategy for Cybersecurity solutions for DPS, including distributed energy resources (DERs).
Typical cybersecurity tools include, but are not limited to, Universal Security Management (USM) systems, Regulatory compliance management tools, Security information and Event Management (SIEM) tools, Configuration Management tools, Electronic Access & Password Management tools,
Patch Management tools, Threat Detection and Monitoring tools, and Vulnerability Assessment tools.
While these cybersecurity tools can offer impressive features and functions, a major challenge can often be linked to device integration limitations and lack of capabilities. This is more prevalent in legacy devices that were not designed with cybersecurity in mind. It is relatively common for IED
manufacturers to force users to go through their vendor software (exclusively with no external integration) to perform cybersecurity related functions. Examples include user authentication and permissions, configuration changes, log and events, and backup and restoration. This vendor software
restriction forces operators and maintenance personnel to rely on manual intensive tasks that can be time consuming, taking away from higher priority items.
Although the above stated challenges may seem daunting, there are integration strategies and options that can centralize and improve the efficiency of day-to-day operational/maintenance tasks. A balance must be struck between improved features/functions and integration effort. Each operator/owner of its DPSs will have specific needs and requirements and it is important to consider options that are a “right fit” for that operational environment and culture. This could include multiple cybersecurity tools that each have a very specific purpose, one centralized tool, a hybrid, or more customized interfaces. There are a plethora of different options and therefore, it is paramount to fully understand the intricacies of cybersecurity tools available on the market and the limitations of device capabilities. This is also critical when undertaking legacy device replacements/upgrades, as certain cybersecurity related
features/functions are not necessarily offered in the default builds.
Gaps have been identified in publicly available resources when it comes to cybersecurity tools integration of DPSs. Many IT based guides and playbooks are leveraging parallel production environments without impacting operations as a whole. This approach is not possible with DPS operating environments. Readers will take away unique concepts and will be able to directly apply key strategies to their next cybersecurity tools implementation project for Power Systems.
To receive a copy, please visit: https://cigreconference.ca/papers/2020/D2/358/cybersecurity-tool-integration-challenges-with-ieds-in-digital-power-systems-130-paper.pdfhttps://cigre.ca/papers/2019/CIGRE-199.pdf