Cyber Attack Task Force - Final Report - NERC
Cyber Attack Task Force - Final Report - NERC
Cyber Attack Task Force - Final Report - NERC
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Detection Capabilities<br />
Appendix F contains a list that can be used as a starting point for indications of an unusual<br />
event. By developing real-time monitoring for these key metrics and comparing them to the<br />
base line, potential cyber attacks could be identified. However, these indicators do not take<br />
into consideration loss of data integrity where values are still within tolerances established by<br />
the entity. The industry eventually needs security state monitoring tools that trigger autonomic<br />
(i.e., quick device response) and/or dynamic (i.e., can evolve) corrective actions within the<br />
control system, while allowing operators to override them, if necessary 21<br />
One potential proxy<br />
for this type of capability is the North American Synchro Phasor Initiative.<br />
Synchrophasors are precise grid measurements now available from monitors called phasor<br />
measurement units (PMUs). PMU measurements are taken at high speed (typically 30<br />
observations per second – compared to one every four seconds using conventional technology).<br />
Each measurement is time-stamped according to a common time reference. Time stamping<br />
allows synchrophasors from different utilities to be time-aligned (or “synchronized”) and<br />
combined together providing a precise and comprehensive view of the entire interconnection.<br />
Synchrophasors enable a better indication of grid stress, and can be used to trigger corrective<br />
22<br />
actions to maintain reliability (i.e. improving situational awareness) .<br />
This type of technology provides indication of electrical network issues and could be used as an<br />
early warning indicator on a large scale. However, due to the speed of cascading events<br />
whether man-made or natural and their PMU indication, response to this type of detection may<br />
need to be automatic using predefined programmatic actions.<br />
21<br />
Roadmap to Achieve Energy Delivery Systems <strong>Cyber</strong>security – September 2011, page 29<br />
22<br />
North American Synchro Phasor Initiative - https://www.naspi.org/<br />
<strong>Cyber</strong> <strong>Attack</strong> <strong>Task</strong> <strong>Force</strong> <strong>Report</strong> 17