Protection against and prevention of Smart Grid cyber attacks

The move from Conventional Grids to Smart Grids, as with all information processing and data collection systems, creates cyber attack threats. The consequences of such cyber attacks can be truly catastrophic in terms of the vital nature of electrical infrastructures. 

The notion of cybersecurity protection therefore becomes a key issue. The issue is complex due to the sophistication of Smart Grids, the increasing number of communication devices, and requirements regarding supply quality imposed on Distribution Grid Managers, in addition to the ingenuity and inventiveness displayed by hackers. 

The cybersecurity threat

There are many cybersecurity threats using either direct physical access to a product or remote access, allowing a product to be controlled via communication interfaces:

  • Compromised data (modification of configuration data, access rights, unauthorised access, etc.) resulting in a malfunction
  • Compromised operation (use of malware, taking control, extension of hacker's rights) resulting in service or data unavailability and in the illegal disclosure or modification of this data
  • Disclosure or modification of cryptographic data used to secure confidential data and services 
  • Service refusal caused by cyberattacks resulting in service and data unavailability
  • Passive or active listening into communications resulting in the disclosure or modification of data in transit
  • Etc.

Security by Design

The Cahors Group takes the issue of cybersecurity into account at the start of the product development phase, conducting an analysis to identify which protection means to implement. This means that the developed product will incorporate state-of-the-art and durable protection measures. The protection level is adjusted according to the importance a hacker would place on fraudulently accessing the system and on the protection offered by the product's environment.

Our developers keep up-to-date with all cybersecurity issues and keep a permanent watch with regards to new coding practices and different methods employed in the domain. Their concerns consist in making products and solutions resistant to the most widespread cyberattacks, and in ensuring there are no back doors or loopholes that could be exploited by a hacker at any time.

Data encryption, intrusion system management, access control, and secure update management are ways in which different and varied types of cyberattack can be prevented. When necessary, certified security modules, enabling in particular the storage of cryptographic elements, are implemented in products.