Choose your region and language

Global
Argentina
Australia
Austria
Bahrain
Brazil
Bulgaria
Canada
Chile
China
Colombia
Czech Republik
Denmark
Egypt and North Africa
Finland
France
Germany
Greece
Hungary
India
Indonesia
Iraq
Ireland
Italy
Japan
Jordan
Kuwait
Malaysia
Mexico
New Zealand
Norway
Oman
Pakistan
Panama
Peru
Philippines
Poland
Portugal
Qatar
Saudi Arabia
Singapore
Slovakia
South Africa
South Korea
Spain
Sweden
Switzerland
Taiwan, China
Thailand
Türkiye
Ukraine
United Arab Emirates
United Kingdom
United States
Vietnam
English
Spanish
English
German
English
Portuguese
English
English
French
Spanish
Chinese
Spanish
English
English
English
English
French
German
English
English
English
English
English
English
Italian
Japanese
English
English
English
Spanish
English
English
English
English
Spanish
Spanish
English
Polish
English
English
English
English
English
English
English
Spanish
Swedish
German
French
Italian
English
English
English
English
English
English
English
English
Go

What are you looking for?

Top Searches

Transformers HVDC SCADA Switchgear Jobs

Top Pages

TXpert HVDC SCADA and Control Systems High Voltage Switchgear & Breakers Power Quality

Menu

Entrance gate card Access Security system

Upgrades and security are twin priorities for transmission grid in Northern Europe

Customer Story | 4 min read

The power grid has been physically exposed and vulnerable to vandalism for decades, but a far more serious threat has emerged in recent years – cyberattacks that can shut down all or parts of a power network.

It is no coincidence that the vulnerability is a result of the grid’s increasing dependence on computers and data-sharing to operate more efficiently. This has made grids much more responsive to changes in power demand and integrating renewable energy sources, but it also means computerized grid control must be strongly protected from abuse by cyber attackers who may try to hack into the system.

Hitachi Energy’s customer is a national grid operator in Northern Europe controlling 15,000 kms of power lines, 160 substations, switching stations and 16 overseas power connections. Customer’s challenge was that they didn’t have the ownership of the substation buildings and therefore control of the physical access was not in their hands. This needed to be replaced by logical access control. Highest priority was to protect the network and access to the control center.

Secure RTU upgrade
The customer wanted to upgrade remote terminal units (RTUs) in all of its substations. The job started in 2014 and was completed in 2017.

A major focus of the update was to secure communication to all the substations together with enabling TCP/IP communication. In this project customer required standardized protocols and security mechanisms to protect communication.

Hitachi Energy fullfilled customer’s requirement with secure authentication of network equipment and TLS encryption of communication protocol to the control center.

Secure authentication of network equipment
A major requirement of the customer was secure authentication of all network equipment, based on the IEEE standard 802.1X. Authentication verifies the identity of a network device (RTU) and ensures that the RTU is owned by the company.

The IEEE 802.1X standard provides an authentication mechanism for devices that enables them to securely join a local area network (LAN).

The 802.1X standard utilizes an Extensible Authentication Protocol (EAP) to define how authentication messages are sent between devices. 802.1X protects against unauthorized network access and IP spoofing (creation of IP packets with false IP addresses, designed to hide the sender’s identity or impersonate another computing system).

  1. Client (supplicant) asks for authentication.
  2. The Switch (authenticator) forwards the authentication request to the authentication server.
  3. After successful authentication client gets access to the network.
  4. IEC 870-5-104 secure.

Customer had requested that all devices fulfill the standard as a part of their security strategy. Hitachi Energy fulfilled customer’s demand by implementing and testing together with the customer in his laboratory. After successful testing the roll-out will be done throughout the whole network.

Secure control communications
Another major customer requirement was to provide secure communications with the control center. In the past only serial and proprietary protocols were used, but in this project the clear need was to use standardized protocols and security mechanisms.

A part of the strategy to enable TCP/IP communication, the customer specified IEC 60870- 5-104 as a communication protocol to the control center. Although IEC 60870-5-104 protocol includes no security features, it can be combined with TLS encryption based on the IEC 62351-3 protocol. The advantage in this kind of communication is the endto-end encryption between RTUs and network control centers. This implementation provides data integrity, supported by digital certificates (X.509) and mandatory mutual authentication of client and server.

Customer benefits
Hitachi Energy’s successful implementation and configuration offers cost reductions for engineering and secures the customer’s network communications system providing protection against:
 

  • Unauthorized network access (IEEE 802.1X)
  • Unwanted cyber incrusions like eavesdropping (TLS encryption)
  • Man-in-the-middle attacks (Message authentication)
  • IP spoofing (Certificates)
  • Replay attacks (TLS encryption).