Foreword

In an attempt to reduce our dependence on environmentally-damaging fossil fuels and to increase the longevity of installed power infrastructures, there has been a significant drive towards energy efficiency and a greater use of renewable energy sources. To support these goals, the electricity grid is being transformed into a so-called smart grid. At the core of the smart grid are increased monitoring and control capabilities, primarily in medium- and low-voltage networks, that are supported by Information and Communication Technology (ICT) and Supervisory Control and Data Acquisition (SCADA) systems. An example use of these systems is to support dynamic voltage control strategies that enable the deployment of volatile Distributed Energy Resources (DERs), such as photovoltaics, without the need for installing new and expensive grid capacity.

To date, much of the attention on the smart grid has focused on the smart meter and the Advanced Metering Infrastructure (AMI) – an important part of the smart grid that, for the moment, is largely used for fine-grain electricity consumption measurement and billing. There are limited pilot deployments of more advanced and operationally critical smart grid applications, such as for voltage control and power flow optimisation. We can expect a wider adoption of these applications based on the success of these pilots. Consequently, ICT and SCADA systems, as part of the smart grid, will play an increasingly operationally critical role in future electricity distribution networks; cyber-attacks to these systems could have a significant societal impact.

Alongside these smart grid developments, a number of cyber-attacks have targeted industrial control systems and energy sector organisations. The motivation for these attacks is varied, and includes industrial espionage and causing damage to physical plant. For the moment, the latter is the exception, and can require difficult to acquire expertise and in-depth knowledge of the target. Meanwhile, attack tools and methods are, on the one hand, becoming commoditised, lowering the barrier of entry for their use, and on the other hand, increasingly sophisticated and difficult to detect.

This combination of factors makes addressing the cybersecurity of the smart grid a timely and important issue, and forms the motivation for this book.

Because of the drive to deploy smart meters, the primary security concern for smart grids has related to ensuring the privacy of consumers. This is an important issue and has rightly received attention. In addition to the privacy concerns that stem from smart metering, other smart grid use cases, such as demand-response applications, and security solutions themselves introduce privacy and data protection problems. Consequently, in this book, we address privacy and data protection issues, but do not major on them. Rather, we cover a range of issues that relate to ensuring the security and resilience of the smart grid, with chapters focusing on topics from assessing cybersecurity risk through to operational security aspects.

Ensuring the security and resilience of the smart grid is a necessarily multi-disciplinary endeavour, requiring expertise in information security, industrial control systems (security), power systems engineering, control theory, and social and legal aspects, for example. For the most part, the chapter authors are participating in the multidisciplinary EU-funded SPARKS project. Without their willingness and enthusiasm for this project, and their subject knowledge, this book would not have been possible. As editors, we are grateful for their significant contribution.

Finally, a word on the intended readership of the book: we foresee the book being useful to forward-looking smart grid practitioners, such as Distributed Systems Operators and solutions providers, who are concerned about security and are interested in learning about state-of-the-art solutions, both in practice and applied research. Similarly, we suggest the book has value for academics and post-graduate students that are beginning their studies in this important area, and are seeking to get an overview of the research field. As editors, we have encouraged the chapter authors to follow a “bath-tub” approach to the depth of knowledge required to read each chapter, i.e., the start and end of each chapter should be approachable and give high-level insights into the topic covered, whereas the core content of the chapter may require more attention from the reader, as it focuses on details.