Critical infrastructure protection – securing the power grid against cyber attacks

The energy sector is one of the key industries and energy supply is one of the critical infrastructure systems. On the one hand, modern grid management systems are a major convenience, but on the other hand, they are associated with new risks. These include a potential attack on the energy infrastructure in the digital space. How can we combat cyber attacks in the energy sector and ensure the protection of this part of critical infrastructure?

What is critical infrastructure protection?

The website of the Government Legislation Centre states:

“Critical infrastructure protection is any action aimed at ensuring the functionality, continuity of operations and integrity of critical infrastructure in order to prevent threats, risks or vulnerabilities and to mitigate and neutralise their effects and to rapidly restore such infrastructure in the event of failures, attacks and other events that disrupt its proper functioning.” (cited from https://www.gov.pl/web/rcb/systemy-infrastruktury-krytycznej).

Critical infrastructure is crucial to the functioning of the economy, society, and the country as a whole. Grid disruptions caused by attacks on energy infrastructure can pose a direct threat to the health and even the lives of citizens. Just imagine a situation where, for example, a hospital is left without electricity for an extended period of time due to an attack. Although units of the healthcare system are also elements of critical infrastructure and should be prepared even for extreme situations, a prolonged blackout poses a very serious challenge.

Events in recent years and months, including military conflicts, show the importance of protecting critical infrastructure. In particular, attacks on nuclear power stations on Ukrainian territory have reverberated in the public debate, as possible failures or damage to this infrastructure could have not only a local but also an international dimension.

Infrastructure protection refers not only to direct attacks on energy infrastructure, the effects of armed conflict or terrorist attacks, in which power stations or grid components such as a substation, power poles or a transformer station can be physically damaged, but also to potential cyber attacks that can affect the operation of the entire grid. So how to ensure the cyber security of critical infrastructure? We will discuss this using the power grid as an example.

Protecting the power grid from cyber attacks

The energy sector is one of those industries that are particularly vulnerable to cyber attacks. Pursuant to the Act of 5 July 2018 on the National Cyber Security System, the competent authority for cyber security in the energy sector in Poland is the minister responsible for energy. According to the current division of powers of the Council of Ministers, this function is currently performed by the Minister of Climate and Environment, who carries out her activities through the Energy Sector Cyber Security Division operating within the Department of Computerisation of the Ministry of Climate and Environment (as of September 2024).

Due to the multifaceted grid management system and the large number of components that make up the grid, the issue of cybersecurity is very complex. Ensuring the cyber security of the power grid requires action in the areas of technology, organisation, development of procedures, diversification of energy sources or expansion of infrastructure. Developed cyber security standards also need to be systematically implemented -– in recent years, a number of relevant documents have been developed and implemented within the European Union.

One of the necessary elements of protecting the grid from cyber attacks is the constant monitoring of infrastructure, which makes it possible to detect possible anomalies in grid operation in a short time and, by quickly identifying potential threats, to take action to neutralise them. In addition, it is also particularly important to protect all information on how the power grid operates, data on the technical specifications of equipment and control systems, the location of safety-critical points on the grid, contingency plans, data on energy distribution management, etc.

RES and cyber security

One strategy for increasing the level of energy security is to invest in renewable energy sources. The storage of electricity accumulated thanks to RES can provide an alternative source of power, for example in the event of a grid failure. At the same time, the development of RES is also associated with the risks of cyber attacks on the infrastructure elements of these installations. Therefore, a team of experts from CSIRT NASK (CERT Polska), PSE, URE, PTPiREE and experts from the energy sector has developed “Recommendations on Cyber Security for RES Prosumers” (https://www.gov.pl/web/baza-wiedzy/rekomendacje-dotyczace-cyberbezpieczenstwa-dla-prosumentow-oze). This is a collection of relevant information and good practices directed at prosumers and aiming to increase the security level of micro-installations.

In addition, companies in the RES sector, under the EU NIS2 directive, are required to carry out regular risk analyses as well as report ICT incidents and threats. For RES cyber security is also a key element of energy security and the stability of the operation of the power grid infrastructure.