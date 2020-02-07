Cyber ​​attacks from China and Russia can disrupt the critical American infrastructure

Countries could launch harmful attacks on gas pipelines and electricity networks, assessment says.

The first you might know about the next cyberwar can be when your power goes out. Just ask the residents of Kiev, Ukraine, whose power was turned off for an hour by an attack by Russian hackers. Indeed, you probably don’t know, but the first shots have already been shot in the US. In March 2019, a Denial of Service attack (DoS) hit power grid operating systems in Utah, Wyoming and California. Energy companies know it, and that is one of the reasons why LF Energy, a Linux Foundation project, has announced its latest project: Grid eXchange Fabric (GXF).

The Dutch distribution system operator Alliander created it as an Open Smart Grid Platform (OSGP). GXF is a scalable and technology-agnostic Industrial Internet of Things (IIoT) platform. This allows network operators to collect data securely and to monitor, control and manage smart devices on the network. In particular, it can be used in the following ways:

A user or operator uses one web application to monitor and / or operate devices.

The application connects to the GXF via web services. These are subdivided into functional domains, such as Public Lighting, Smart Metering and Power Quality. Third-party developers can use web services to develop or integrate new applications.

The platform processes all these request requests securely and uses various functions and services for this. The platform uses open protocols for the ‘translation’ and communication of user / operator commands to the various smart devices.

The platform supports various IP-based data telecommunication technologies and protocols to communicate with the devices.

This is important because electrical network operators have added IIoT devices to their electricity network. Each device requires vastly different tools and processes to ensure interoperability. The purpose of GXF is to reduce overall complexity and associated maintenance costs for access to these devices by creating a generic method for abstracting data access. In short, this is a way to bring system integration to the electricity grid.

GXF also comes with a number of security recommendations to prevent hackers from turning off your lights. Among which:

Communication via TLS

IPSec Virtual Private Network

Firewalls between all servers and layers

Certificates from a recognized certificate authority (CA)

Audit trail for all promotions on the platform

Role-based access control (RBAC)

“We have the tools needed to make our electricity grid more efficient and better for our environment, but we are experiencing a system integration problem on a global scale,” Dr. Shuli Goodman, executive director of LF Energy. “Network administrators need a way to break through the noise of various data access protocols to gain direct insights from smart devices. With the addition of GXF, we will use the shared expertise of our community to address this issue immediately.”

GXF is a fundamental step. Broadly speaking, GXF will be used as a generic link layer to collect and control data for IIoT asset monitoring and analysis. It also allows energy network operators to create advanced business applications for multiple usage scenarios, but that work needs to be done. With an open source approach, this will be much simpler and more secure than doing it bit by bit with your own software.

Some GXF functionality already exists. For example, Alliander already uses GXF to manage public street lighting in the Netherlands. Other network operators have used GXF as the head-end system, allowing maximum data flexibility between smart meters and network operators, while some have used GXF to manage micro grids.

Other attempts to make the electricity grid more secure, such as the recently adopted law on energy infrastructure security, want to take a step back by adding analogue backups to today’s modern digital electrical systems. I don’t think this will scale so well.

We need modern, open-source systems such as GXF to safely manage current electrical networks. This allows us to build a clean, safe connection layer for modern IIoT electricity networks. Otherwise, with at least three hacking groups that may disrupt the American electricity networks, we are in trouble.

Oh, and by the way, the US Cyber ​​Command has also planted malware in the Russian electricity grid.

