As part of their current cybersecurity efforts, many electric utilities monitor data from the various systems and devices they rely on to keep the power flowing and to secure both their information technology and facilities. Pulling these data together and correlating events across data streams can be a time-consuming process, so the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology collaborated with a team of experts from industry, academia and government to develop a guide utilities can use to improve situational awareness and better respond to potential cyber attacks.
Situational Awareness for Electric Utilities is a detailed guide that provides utilities with a reference design and example implementation—basically step-by-step instructions—for improving cybersecurity by implementing a single dashboard for near-real-time monitoring of their systems.
“Aggregating and correlating data from operational and information technology, as well as physical access control devices and systems can help improve situational awareness and reduce the amount of time it takes to determine if a cybersecurity incident is actually occurring,” said Jim McCarthy, senior cybersecurity engineer at the NCCoE.
For example, a plant manager will want to know if a mechanical failure was preceded by an unauthorized entry to a facility or by a cybersecurity intrusion because each scenario would warrant a different response. But without good situational awareness, time could be wasted looking in the wrong place for the cause of a disruption.
The document’s guidance has already been proven in a real-world situation. The University of Maryland, College Park, joined the guide development effort by offering its own power plant as a test bed where the NCCoE team could try out different methods for achieving the desired capabilities. The university became involved thanks to a partnership with MITRE, which operates a federally funded research and development center to support the NCCoE.
“When we joined the partnership with MITRE, we stressed to our researchers that we were willing to make the campus a living lab to enhance operations,” said Mary-Ann Ibeziako, director, Engineering and Energy, in the university’s Facilities Management Office. “For this project, we were not only focused on the security of our utilities infrastructure but we were also interested in enhancing its resiliency.”
The university’s cogeneration plant provides power, steam and chilled water to about 385 buildings across more than 500 hectares (1,300 acres). In the winter months, the plant provides 90 percent of the electric power needed by the university, and 50 percent in the summer, when cooling demand is high.
“Prior to this, if we had a problem at a substation, someone would have to drive out there to physically look at the control board,” said Ibeziako. “Now, our engineers can monitor from our central plant, or even from home if they need to.”
“This real-time situational awareness can take some of the burden off of those watching the various systems,” said McCarthy. It allows the automation of common, repetitive investigative tasks, and facilitates information sharing. At the university, it has helped Ibeziako and her team better anticipate and avoid problems, she said.
Most important, and in line with the mission of the NCCoE, the university can have confidence in the cybersecurity of its plant and related systems.
“Maybe the biggest thing we learned was to build in security at every level,” said Ibeziako.
The project was such a success in College Park that the university has developed its own plan for keeping the enhanced capabilities when the NCCoE project ends. And Ibeziako hopes to expand them to the demand side—at the buildings that are drawing power from the plant. She believes the increased awareness will allow the university to better budget for its energy needs.
McCarthy is confident that the guide will provide the information utilities need to implement enhancements. He also said the capabilities demonstrated can apply to other industries that rely on industrial control technologies to manage their operations.
The new guide is the second produced by the NCCoE focused on the energy sector. The first, Special Publication 1800-2: Identity and Access Management for Electric Utilities was released in August 2015. The guides do not dictate which products or designs should be used, but offer enough direction to help users pick and choose the elements they want to achieve the cybersecurity capabilities they need.
The National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute of Standards and Technology (NIST), is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity challenges. Through this collaboration, the NCCoE develops modular, easily adaptable example cybersecurity solutions demonstrating how to apply standards and best practices using commercially available technology.