Technology Today

2011 Issue 1

Cybersecurity for Microgrids

Power for U.S. national needs is provided through three major grids consisting of 10 smaller grids. These are interconnected through only three gateways. The electrical grid provides consumers with electricity from generation systems through transmission systems (power plants to distribution stations) and distribution systems (distribution stations to consumers).

Figure1. Raytheon's cyber CIP 3-tier solution set and accompanying tools provide energy surety for microgrids.

By relying primarily on large power plants to provide most of the electrical power needs, a failure in any of the grids can have catastrophic effects. A more reliable approach that increases the level of energy surety is to establish distributed power generation services based upon microgrids. These may consist of any combination of supply sources, such as reciprocating engine generator sets; micro-turbines; fuel cells; photovoltaic cells; algae farms; wind farms; and other small-scale renewable generators, storage devices, and controllable end-use loads. By creating a network of small power generation facilities, entities such as military bases, state and local government facilities, and local neighborhoods can be guaranteed energy surety in the face of a loss of service from a large power plant or major electrical grid.

While microgrids provide many advantages, such as making it easier to integrate renewable energy sources, they also increase the need for improved security across the physical, logical and virtual domains. Some security specialists feel that microgrids increase the possibility of cyber-based attacks by offering more access points via communication and electrical lines. Microgrids require increasing levels of computing and IP-based connectivity, and with that there is a significant increase in vulnerabilities that can be exploited by hackers. For this reason, designers and operators need to improve the robustness and level of information assurance within their supervisory control and data acquisition (SCADA) systems.

Cyber Critical Infrastructure Protection Command and Control

To support the development of microgrids and ensure that they are able to meet users' security needs, Raytheon has leveraged its cybersecurity expertise and legacy products to develop a three-tier cyber critical infrastructure protection command and control (CIP C2) solution set and accompanying tools (Figure 1). Raytheon's CIP C2 capabilities provide the means to assess, model and protect microgrids and previously developed energy systems. These proven capabilities have been successfully used to provide security posture evaluations of utility services providers both within and outside the United States.

Assess: Physical – Relying on previously developed assessment service offerings, Raytheon performs customer interviews and site surveys to establish the site's exposure to threats. Based on identified threats and physical vulnerability assessment data, a comprehensive threat assessment model is developed. The assessment is conducted using a scripted evaluation that is focused on site personnel and the facility itself to:

  • Identify high-risk assets.
  • Categorize and prioritize assets.
  • Assess vulnerabilities and consequences.
  • Recommend risk reduction and countermeasures.

Raytheon uses the selection factors of criticality, accessibility, recoverability, vulnerability, effect and recognizability (C.A.R.V.E.R.) as its preferred vulnerability assessment methodology, because it quantifies the probability of attack based on target attractiveness to an adversary. The C.A.R.V.E.R. matrix is a decision tool used by U.S. Special Forces for rating the relative desirability of potential targets and for properly allocating attack resources. As the factors are analyzed and values assigned, a decision matrix is formed, indicating the highest value target to be attacked within the limits of the statement of requirements.

Assess: Network – Certified ethical hackers perform a comprehensive evalulation of the customer's network assets. These include traditional IP-based network components and software, as well as legacy SCADA devices. Client applications undergo static and dynamic analysis to ascertain their risk profiles with regard to attacks from external and internal adversaries.

Model – The assessment serves dual purposes. First, it drives the development of a comprehensive approach to improving the overall security posture of the environment by applying physical safeguards and process-based mitigation techniques. Second, it is used to drive a comprehensive model of the microgrid or the legacy energy system. The model generates three products:

  • The Baseline Report validates the actual person-based assessment performed upon the initial engagement of a customer and the threats against existing safeguards to establish a baseline residual risk.
  • The Mitigation Report allows customers to determine where to best apply resources and capital to achieve the highest return on investment when attempting to improve the security posture.
  • The What If Report allows the security analyst to evaluate various scenarios that are driven by possible new threats identified through open sources, or based on how a new safeguard may or may not help improve the overall residual risk of the environment.

Protect – Raytheon's protection capability relies upon the concepts inherent within traditional command and control systems. Every asset is monitored for changes from its established baseline. Any perturbation results in execution of predefined courses of action (COA) that have been prioritized based on the type of threat they are responding to. The results from the application of COAs are used to refine the modeling capability, which in turn is used to refine the COAs.

Figure 2. CIPview and CIPtrol – Integrated situation awareness and command and control for CIP
Raytheon Cybersecurity Tool Suite for Monitoring and Protection

This effort has driven the evolution and development of a suite of cybersecurity tools to identify security-related vulnerabilities within existing energy systems and mitigate them before consumers experience any loss of service. Two key components of the approach are CIPview and CIPtrol. Through a wide range of adapters, they can seamlessly integrate with a customer's power, HVAC and IT systems infrastructure.

CIPview, shown in Figure 2, provides a cyber-oriented situational awareness view of the energy system's current security posture. It integrates eIQnetworks' SecureVue® situational awareness platform and ComplianceVue™, its add-on for North American Electric Reliability Corporation compliance monitoring, with Raytheon-developed fusion and visualization engines. This provides analysts with an unprecedented understanding of the current state of the energy system. Raytheon's technologies allow a cyberanalyst to gain insight into a system's current threat vectors, their susceptibility to attack, the impact of possible ongoing attacks, and potential mitigation actions that may be taken. Through the fusion and analytical interpretation of data collected both manually and from in-line sensors, a visual representation of the energy system is overlaid with key data, allowing analysts to quickly and accurately assess how best to proceed to protect the system.

CIPtrol facilitates system protection actions by bringing together Raytheon's proven legacy in command and control (C2) with newly developed capabilities in dynamically formulating COAs that may be taken either through manual execution or automatically by CIPtrol's protect and launch features. The key enabler within CIPtrol is PRAETOR™. PRAETOR is Raytheon's most recent C2 system and is capable of detecting and defending against cyberattacks or unplanned system outages in real time. PRAETOR is an end-to-end C2 solution that improves enterprise defense and ensures mission effectiveness in the face of a cyberattack or other enterprise disruption. PRAETOR employs a service-oriented architecture design to ensure easy deployment and integration with customers' existing tool sets.

CIPtrol includes a self-learning feature that fuses the results of actions implemented by a COA with modeling results to develop refinements to existing COAs or to support the dynamic generation of new COAs. Through this self-feeding loop, CIPtrol's ability to respond to attacks and disruptions continuously improves to minimize the effects of false positives and maximize energy surety.


Cybersecurity in all its aspects is becoming increasingly important to safeguard the nation's, and the world's, energy supply and infrastructure. Raytheon is providing solutions, by leveraging capabilities developed to meet the needs of the DoD and other agencies, for assessing and mitigating network vulnerabilities and countering cyberattacks.

Dan Teijido and Vincent Fogle

Top of Page