Projects
Projects: Projects for Investigator |
||
| Reference Number | NIA_NGET0189 | |
| Title | Security Assessment of Industrial Control Systems (ICS) | |
| Status | Completed | |
| Energy Categories | Other Power and Storage Technologies(Electricity transmission and distribution) 100%; | |
| Research Types | Applied Research and Development 100% | |
| Science and Technology Fields | PHYSICAL SCIENCES AND MATHEMATICS (Computer Science and Informatics) 50%; ENGINEERING AND TECHNOLOGY (Electrical and Electronic Engineering) 50%; |
|
| UKERC Cross Cutting Characterisation | Not Cross-cutting 100% | |
| Principal Investigator |
Project Contact No email address given National Grid Electricity Transmission |
|
| Award Type | Network Innovation Allowance | |
| Funding Source | Ofgem | |
| Start Date | 01 June 2016 | |
| End Date | 01 September 2017 | |
| Duration | 15 months | |
| Total Grant Value | £342,000 | |
| Industrial Sectors | Power | |
| Region | London | |
| Programme | Network Innovation Allowance | |
| Investigators | Principal Investigator | Project Contact , National Grid Electricity Transmission (100.000%) |
| Web Site | http://www.smarternetworks.org/project/NIA_NGET0189 |
|
| Objectives | The objective of this project is gain a more comprehensive understanding of the vulnerabilities and exploits that exist on Industrial Control Systems. This includes the consequences of potential exploitation and the resolutions or mitigations which can be implemented. This research will inform the development of a systematic process that can evaluate the types of ICS devices that monitor, control and protect the GB electricity transmission system and connected customers to identify and understand risks and delivery vectors that these systems are exposed to. Learnings gained from the research undertaken in this project will inform National Grid on the following: Provide input and influence National Grid strategy, policy and specifications on ICS Provide direction to support effective and efficient investment decisions to protect the transmission Network from cyber-threats Provide a basis to drive development of international common standards for cyber security of ICST influence change in technology implemented and marketed by equipment manufacturers | |
| Abstract | The Industrial Control Systems (ICS) utilised by National Grid play a crucial role in managing and operating the electricity transmission system as part of the Critical National Infrastructure across Great Britain, balancing supply with demand on a minute by minute basis while ensuring that the network is operated safely, reliably and cost efficiently. ICS has evolved over several decades. Utilising technology borrowed from business computing and communications, standard computer software programming languages and techniques. As well as published open worldwide standards for communications technology and protocols as part of an industrial and electrical environment hardened electronic device package. Because of this technology overlap, ICS systems are increasingly cyber physical. Whilst the business IT industry have developed robust methodology and systems to counter emerging threats within their sector, the rate of development for cyber resilience by manufacturers of ICS have not kept pace. The result is that ICS, and the businesses that use them, are increasingly vulnerable to cyber-threats and exploit techniques which initially evolved from those developed and found within the business IT industry. Despite the availability of some well-founded knowledge and experience, there remains a significant lack of comprehensive understanding of the vulnerabilities and exploits that exist on ICS, the consequences of exploitation, and therefore the resolutions or mitigations that need to be implemented. Industry partners across Great Britain recognise that the resilience of technology, design and implementation practice associated with products in current use may be insufficient. There is, therefore, a relevant need for research that will bridge this gap of understanding, particularly as it relates to the use of ICS on power grids. Industrial Control Systems typically comprise of a selected combination of a significant number of available devices and systems from a large variety of suppliers. A basic summary of devices available include wide area Supervisory Control And Data Acquisition (SCADA) systems, local area Distributed Control Systems (DCS), and a range of embedded devices such as Programmable Logic Controllers (PLC). Large ICS are characterised by their complexity. Including a wide range of control devices, sensors and network configurations, many of which are now legacy technology. For National Grid, these include the addition of devices to protect, supervise and manage the high voltage equipment that comprises the GB Electricity Transmission System (ETS), and to protect connected customers from system or natural events like equipment failures or lightning strikes. The management frameworks for these systems can often be equally complex. Vulnerabilities in ICS can be a result of this complexity combined with the use of legacy systems. Because the capability exists to find and potentially exploit vulnerabilities of the ICS, it is relevant that National Grid undertake analysis of threats and understanding of any consequences resulting from exploitation. This method of research must take into account the physical properties of the Electricity Transmission System as well as the physical consequences of exploitation. Limited measures have been implemented and are periodically reviewed. However, in light of current understanding of, and the continuing advancements in technology, it is judicious to investigate and fully understand the vulnerability of ICS to ensure appropriate measures are taken in order to mitigate and counter the risk of cyber-attacks. In undertaking this research, National Grid hopes to achieve a greater understanding that will ultimately lead to a common and adaptable process for ongoing identification mitigation and resolution of these issues.Note : Project Documents may be available via the ENA Smarter Networks Portal using the Website link above | |
| Publications | (none) |
|
| Final Report | (none) |
|
| Added to Database | 11/12/18 | |
