Jun 2016
Electricity Transmission
Security Assessment of Industrial Control Systems (ICS)
Jun 2016
Sep 2017
National Grid Electricity Transmission
Stuart Mann
Click here to send a question to the contact.
Network Innovation Allowance
Control Systems, Electricity Transmission Networks and Cyber Security
This project will develop a systematic process specifically targeting devices utilised for the Electricity Transmission System ICS. To identify potential results of cyber-attacks designed to exploit vulnerabilities in the devices and systems deployed in electricity substations. The process and tools utilised in cyber-attacks are likely to evolve expressly from those currently employed in the business IT world.

A significant amount of technology used in ICS is based on common worldwide open industry standards. It is envisaged that the processes and tools produced by this project will be relevant to other Critical National Industries participating in a wider SCEPTICS (A SystematiC Evaluation Process for Threats to Industrial Control Systems) programme of work with EPSRC, and will form a foundation that can be developed further by industry peers around the world.

As vulnerabilities, exploits, threat actors and outcomes are understood within this study, this information will be used to develop and implement actions formulated specifically for the GB electricity transmission system to provide effective defences or resolution to issues.

The project shall undertake the following tasks:

  • Utilise intelligence, cyber testing techniques and methodologies available in the public domain to identify vulnerabilities that are present in and exposed by equipment or systems in use on the GB Electricity Transmission Network.
  • Determine how vulnerabilities may be exploited and used to compromise the integrity of the Electricity Transmission System.
  • Identify the potential impact that exploits may have on the reliability or stability of the Electricity Transmission System.
  • Use the output from the project to determine who could take advantage of these vulnerabilities, why they may be exploited and the method used to undertake these actions.
  • Provide a framework and methodology to facilitate repeatable risk assessments to be periodically undertaken.

The objective of this project is gain a more comprehensive understanding of the vulnerabilities and exploits that exist on Industrial Control Systems. This includes the consequences of potential exploitation and the resolutions or mitigations which can be implemented. This research will inform the development of a systematic process that can evaluate the types of ICS devices that monitor, control and protect the GB electricity transmission system and connected customers to identify and understand risks and delivery vectors that these systems are exposed to.

Learnings gained from the research undertaken in this project will inform National Grid on the following:

  • Provide input and influence National Grid strategy, policy and specifications on ICS
  • Provide direction to support effective and efficient investment decisions to protect the transmission Network from cyber-threats
  • Provide a basis to drive development of international common standards for cyber security of ICS
  • To influence change in technology implemented and marketed by equipment manufacturers