Latin America. David Rojas Peralta, Director of A3SEC Consulting in the USA The U.S., Mexico and Colombia believe that Europe and the United States have undertaken a major transformation of their electric power infrastructure. This major infrastructure upgrade, which extends from homes and businesses to fossil power plants and wind farms; is central to global efforts to increase energy efficiency, reliability and security, as well as the transition to renewable energy sources; reduce greenhouse gas emissions; and to build a sustainable economy that ensures future prosperity.
These and other potential benefits of smart electric power grids are taking place around the world. In the case of Colombia, the application of "Smart Grid" technologies has occurred thanks to two initiatives:
Smart Grids Colombia Vision 2030 - Roadmap for the implementation of smart grids in Colombia, which was made available to the public through the Energy Mining Planning Unit (UPME) and cooperative work with the Inter-American Development Bank (IDB), the Ministry of Mines and Energy and the Ministry of Information and Communications Technologies.
Likewise, pilots and initial deployments have been carried out, where EPSA, Electricaribe, Emcali, EPM, Codensa and ESSA, among other companies, have made initial deployments with different levels of development of advanced measurement infrastructure that have achieved very good results in reducing energy losses (and consequently carbon dioxide emissions) in addition to the adoption of models that ensure the interoperability of technologies and information systems.
It is important to understand that the interconnection of business computer systems with industrial control systems implies that the security flaws of traditional computer systems (Windows, Linux, Unix, TCP/IP protocols, etc.) will impact the control systems that until now were centralized and isolated.
The old industrial control and instrumentation devices (SCADA, EMS) were not designed to support security measures such as antivirus, intrusion detectors, authentication and access control mechanisms. Previously, frauds in energy meters were very simple; direct services were installed, released, voltage anchors were run and insulated with enamel or tape, when the anchor was on the outside of the meter. Based on this, the first crews were implemented that with only visual inspection, detected such frauds; proceeded to open the security seals, in order to internally intervene the meter; be it the voltage signal, the brake magnet pivots, bridges between input and output or the integrator; these companies implemented the time-power test, which consists of a resistor and a stopwatch, taking different data to determine if the meter is braked or intervened.
Now, with the current remote measurement systems in European countries and in the United States, crews do not come to check the meters or meters, so there are many cases in which users, through a simple code, connect to the meter and modify it to their needs. There are documented reports that indicate the possibility of reprogramming a "Smart meters", so that it reports consumption lower than the real ones, this without physically altering the device. A cyberattack against "Smart meters" can cause massive manipulation of user information, fraud and denial of service. This alone proves, once again, that security is not just a matter of systems and technology, but a joint commitment to work processes and documentation.
For more than 7 years, cyber threats to the electrical system have been a reality. The clear example is in 2010 when a computer worm was discovered, known as Stuxnet, which is capable of reprogramming Programmable Logic Controllers (PLCs) and hiding the changes made. Stuxnet demonstrates that a malicious program can cause physical damage to some elements of the real world (overloads, malicious manipulation of robotic or electromechanical elements, alteration or falsification of digital signals, etc.). It is important to mention that at present, SCADA systems usually control water filters, chemical mixtures, electrical energy, train routes, etc.
With these examples, it is shown that in addition to the theft of information, the greatest threat comes from cybercriminals for terrorist purposes. Cybersecurity threats related to the "Smart Grid" are a very important problem, since a cyberattack could affect the security of power generation plants, power transmission lines, among others. In November 2011, a group of hackers destroyed the drinking water pumping system in an Illinois city in Illinois.
United States.
In the United States and Europe is where Smart Grid technology is at the forefront and where greater advances are being made, procedural and technical in cybersecurity. The regulations of the NERC (North American Electric Reliability Corporation) to which much attention is paid within the energy sector, or the Guidelines for Smart Grid Cyber Security of NIST (National Institute of Standards and Technology) or the work of the TCIPG (Trustworthy Cyber Infrastructure for the Power Grid) constitute the basis for the strengthening of the guidelines for manufacturers and integrators.
Some of the most important cybersecurity challenges that they manage every day in companies such as the A3SEC Colombia Group for "Smart grid" include establishing a security architecture to protect the information contained in all its devices; shield the various data communication channels; establish protective measures for old industrial control and instrumentation systems; create a comprehensive management system for the cybersecurity of the intelligent network that contemplates techniques of planning, control, measurement and constant improvements of computer security.
