Protective relays are used to protect electric equipment such as motors and generators from electric faults. As an analogy, they are the circuit breakers in your house. Digital protective relays provide a higher level of reliability, more functionality, and the ability to provide direct integration into multiple devices including SCADA compared to the older mechanical protective relays. Consequently, digital protective relays are an integral part of Smart Grid, grid modernization, use of renewables, etc.
When a relay fails to operate as designed, major equipment damage or failure can occur with little opportunity to prevent the event because it was the protection that was compromised. Aurora was an example of using the relays as the attack vector to damage all alternating current (AC) equipment connected to the substation using those relays. Because of the importance of digital protective relays, DOE has spent large sums of money on R&D to make digital protective relays more cyber secure.
Mission Secure, Inc (MSI) is working with a number of control systems and devices to understand their cyber vulnerabilities in order to develop appropriate mitigation. When looking at the electric grid, MSI recognized that a weak link was the protective relays. Consequently, MSI procured a modern digital protective relay to analyze. They chose an SEL relay (in this case, the SEL751A) as SEL relays are prevalent throughout the US electric system and other industries and the SEL relays have very powerful computational capability including the ability to program the relays. The SEL 751A is a feeder protection relay that is also used for Aurora protection. While the SEL is a well-designed piece of equipment and important across the power sector and beyond, it was not designed to defend against a cyber attack. The members of the MSI attack team were neither nation-state actors nor even familiar with electric grid operations or protective relays. Yet, within a short period of time, MSI was able to take complete control of the HMI, the box, etc. MSI developed a variety of attack scenarios including locking out the operators and administrators, removing the ability to trip, removing the ability to use any of the buttons as a manual override and more. MSI did this to show how these devices, as with most all control devices, are not designed for cyber threats and can be easily compromised. MSI demonstrated these various attacks at an electric industry conference in early July. It garnered great interest from various people in the utility space.
The implications of the cyber vulnerabilities of digital protective relays have great importance for Smart Grid, grid modernization, NERC CIP, large plant electric equipment protection, and even nuclear plant safety. There will be a discussion of the ease of hacking relays and potential mitigation at the October ICS Cyber Security Conference in Atlanta. Full disclosure- I am on MSI’s Technical Advisory Board.