Tools


Siemens Worldwide

Pictures of the Future

Contact

Contact

sts.components.contact.mr.placeholder Sebastian Webel
Mr. Sebastian Webel

Editor-in-Chief

Tel: +49 (89) 636-32221

Fax: +49 89 636-35292

Werner-von-Siemens-Straße 1
80333 Munich

Pictures of the Future
The Magazine for Research and Innovation
 

Smart Grids and Energy Storages

Protecting Smart Grids from Hackers

Power grids are an essential infrastructure that must be protected against hacker attacks. As electricity generation becomes increasingly decentralized, thus also increasing grid complexity, automation is growing in importance for smart grids that are networked by means of communication technology.

Tomorrow’s smart grids will require reliable protection against cyberattacks. Siemens is playing a pioneering role in this field.

Siemens is the first company in the world to have received certification for a grid automation solution based on the most comprehensive international cybersecurity standard. TÜV Süd, a global testing, certification, inspection and training provider based in Germany, awarded the certification, which is based on the IEC 62443 standard, to a security framework that Siemens developed for automated transformer substations.

Power grids are an essential infrastructure that must be protected against hacker attacks. As electricity generation becomes increasingly decentralized, thus also increasing grid complexity, automation is growing in importance for smart grids that are networked by means of communication technology. Many solutions are already available today, and most high-voltage and medium-voltage systems have been digitized. A relatively new development is the opening of previously closed communication networks to the Internet through the incorporation of new devices and applications. As a result, security measures against cyberattacks have to be continuously adapted to new dangers.

Putting Cybersecurity into Practice

The IEC 62443 standard describes the farthest-reaching cybersecurity requirements available today. It is the first standard to formulate guidelines for everyone involved: grid operators, product suppliers, and system integrators, who combine its individual components into a single automation solution. In addition, the standard takes into account the fact that cybersecurity involves more than just technically secure products, but is instead a process that has to be put into practice throughout an organization. As a consequence, IEC 62443 specifies requirements for the people, the work processes, and the products and systems at such grid-related companies.

As a result of this certification, Siemens is playing a pioneering role in the implementation of cybersecurity for smart grids.

A Comprehensive Security Concept for Smart Grids

These 3 Ps (people, processes, and products) form the basis of a comprehensive security concept that Siemens has developed for its smart grid portfolio. This cybersecurity framework is modeled after a variety of current security standards and guidelines. Using this as a basis, Siemens defined 14 categories of measures. These range from general guidelines for the organization in question and secure product development processes to the systematic treatment of weak points, the creation of a secure system architecture, the provision of access control systems, protection against malware, creation of data backups, and the use of secure remote access methods and confidentiality standards.

This concept provides the basis for the certified security framework for automated transformer substations (Secure Substation Framework). More specifically, the solution is certified according to IEC 62443-2-4 (system integrator requirements) and IEC 62443-3-3 (requirements regarding the systems’ security functions). From a technological standpoint, such secure substations encompass the Sicam PAS/PQS and AK3 station automation systems, the Sicam SCC operating and monitoring system, Siprotec 5 protection devices, and Siemens Ruggedcom, a particularly robust and secure communications technology..

As a result of this certification, Siemens is playing a pioneering role in the implementation of cybersecurity for smart grids. Digital systems and their associated cyber security requirements are of great strategic importance for Siemens. The company is therefore participating in international standardization organizations and has its own Computer Emergency Response Team (CERT), which monitors and analyzes security problems worldwide. The team provides Siemens with an overview of current weak points and enables the company to contribute its expertise to the development of new security standards.

Christine Rüth
Picture credits: from top: 1. picture Getty Images/iStockphoto