Dependency of Energy Operators on time sensitive services
The EU Agency for Cybersecurity analyses the cyber risks of the dependency of energy operators on time sensitive services and proposes mitigation measures.
Published on May 12, 2020
Energy grids depend on precision timing and communication networks to monitor grid operation and integration. Power data acquisition and synchronization need to share time sources to enable decentralized analysis and effective coordination of power production. However, systems that provide time services are vulnerable to various cyber threats and a possible attack can destabilise the operation of modern power grids. With recent technological advances, there is a proliferation of tools for deploying attacks against the time sources of a utility.
The ENISA Report - Power Sector Dependency on Time Service: attacks against time sensitive services focuses on such an attack scenario by identifying relevant risks and by providing guidelines to ensure consistent time synchronization. In doing so, a typical functional architecture for time-phase data processing on the power grid is presented.
The study also includes a list of attack vectors of potential threats against communication mediums, protocols as well as sensors and devices of this architecture.
Technical and generic good practices are suggested based on the scenario technologies investigated. The report concludes with key recommendations such as:
- Designing of modern devices for substation automation (including GPS receivers) with security in mind (vendors);
- Establishing electronic perimeters and implementing measures against spoofing attacks (operators);
- Systematic implementation of basic measures for substations (operators);
- Designing of modern devices to be used for automation in a way that meets universally accepted requirements and implementing of selected security measures through proper standardisation procedures (vendors);
- Adoption of tools and procedures to enhance the resilience of power grids with respect tomalformed and/ or injected data affecting decision making in modern smart grids (operators).
ENISA Report - Power Sector Dependency on Time Service: attacks against time sensitive services
Critical Infrastructures and Services
For interviews and press questions, please contact press (at) enisa.europa.eu
Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!