SynchroPhasor systems will provide a revolutionary new view of power systems operations by providing accurate real-time, time-aligned measurements from across the grid; allowing higher levels of load control, power quality, and power reliability. The SynchroPhasor function is typically handled by a phasor measurement unit (PMU), although it may also be implemented in other devices such as a relay or digital fault recorder (DFR). The SynchroPhasor system architecture is relatively straightforward and uses a binary messaging format for SynchroPhasor streaming based on IEEE C37.118.
Securing this feed and the feeds of other devices, such as, PLC (Programmable Logic Controller), DFR (Digital Fault Recorder) and relays, is a priority for the industry. This is especially important as many of these units were conceived 20+ years ago when cyber threats were not yet a notable concern. Too often we find that the same focus is not applied to the security of this data when it crosses over to the “conventional” LAN, where the data sent from the PMUs (Phasor Measurement Unit) and PDCs (Phasor Data Concentrator) is consolidated, stored, processed, and utilized by the user community.
This concern is particularly relevant as it is the path of least resistance (e.g., the path that requires the least amount of specialized (utility) knowledge). The population of curious/malicious individuals that have the knowledge to garner access to this data off a Windows server or from an Oracle database dwarfs the population who has the knowledge to access the same data off a Digital Fault Recorder in a substation. Further, in the substation, the information is in its raw C37.118 stream format measuring the voltage and current of one location where in the data center the information is consolidated across many locations and presented in a more holistic, intelligible, and actionable format. The value to a malicious individual is further enhanced as moving forward the logic to direct an operator/dispatcher to make control decisions (e.g. close/open breakers) will be provided by the applications that analyze the data.
The knowledge differences are exacerbated by the fact that the number of vulnerabilities, and the information and tools available to exploit these vulnerabilities, is notably higher for conventional IT systems than it is for specialized energy devices (e.g., a Digital Fault Recorder). This makes the control center of utility companies and RTO/ISO companies a prime target for attackers looking to gain inside knowledge or to destroy information.
A compromised control center could result in an operator making key decisions based on erroneous information, with potentially catastrophic impact including equipment damage, outages, and ultimately loss of life. Accordingly, it is imperative that Smart Grid security be constructed in a comprehensive/holistic manner. While due diligence relating to SynchroPhasor security is important it is at least equally important to ensure that supporting information technology infrastructure supporting key IT assets such as the RTDMS (Real Time Dynamics Monitoring System) are fully considered.
I slept better when an attacker needed substation equipment knowledge to be of concern…