![](/fileadmin/_processed_/c/f/csm_cmc500-cover-story-header-crimar_b4d7343577.jpg)
Cybersecurity by Design
Utilities have to devote more and more attention to cybersecurity, as the risk of blackouts is ever-present. Recent problems have shown how quickly such disruptions can occur, prompting growing pressure from regulators to address the issue. However, security is a step-by-step process, with each phase building towards an ultimate objective.
Protection test sets, for example, present a potential attack vector. If an attacker hijacks the device, it could output voltages or currents, which have the potential to damage active substation components and cause a power outage. Additionally, if malware infects a service provider’s device, it can easily be transferred from substation A to substation B, much like spreading through a USB stick. While this may be the most likely attack scenario, it's only one of many possible threats.
We’ve implemented a range of protective measures in the CMC 500 to safeguard critical infrastructure. As with any security system, the weakest link in the chain defines the level of cybersecurity. It's like having a tall iron gate in front of your house while the rest of your property is only secured by a low hedge — effective cybersecurity requires addressing every known vulnerability.
In response to our customers’ needs, we conducted a thorough threat-risk analysis, identifying and evaluating other potential attack scenarios. We adopted a 'white box approach,' assuming that attackers might know some system information. This method provides significantly more protection than relying on secrecy alone.
Our company-wide cybersecurity strategy is based on building 'security by design', which allows us to develop measures according to clear guidelines. We also use the Secure Software Development Life Cycle(SSDLC) process, which addresses how to deal with potential vulnerabilities. This is particularly important since we use many open-source packages in our software – and if a license requires it, we publish the source code. As part of this process, we routinely check for vulnerabilities in our products, assess whether any harmful code could be exploited, and evaluate what might be compromised in the event of a successful attack. We then implement measures to mitigate these risks.
Our team has developed a solution that withstands rigorous scrutiny, especially regarding cybersecurity, and that’s an achievement we take great pride in.
Learn more:
1: Future-proof? Challenge accepted!
2: Cybersecurity by design
3: User safety can never be left to chance
4: Have you got everything?