Have you ever noticed the small metal boxes attached to utility poles? If you’re like most people, you probably haven’t paid much attention to these cabinets. For Cisco and our partner, SEL, those utility cabinets presented an opportunity for innovation.
Inside each metal box are two devices: a recloser control, which mitigates the dangers of unusually high electric currents, and a router, which uses cellular service and a virtual private network (VPN) to link the recloser control to the utilities’ wide-area network (WAN). The VPN protects grid communications between the boxes and the control center.
But there is still a vulnerability within each box. Cisco and SEL have joined forces to secure what is quite literally the “last foot” in distribution automation.
Cisco and SEL’s solution for the ‘last foot’ problem
Though hardened for physical security, utility boxes are not impossible to breach. Breaking into one yields access to the recloser control, the router, and the network cable – usually about one foot – that connects the two pieces of hardware.
Currently, these devices communicate with clear text, so important communications can be read by anyone with the technical know-how to intercept them. In other words, this “last foot” represents a potential vulnerability as an entry point to damage or assume control of the recloser. That could lead to undesirable consequences – ranging from nuisance maintenance tasks to power grid disruption.
Together, Cisco and SEL have created the first solution for encrypting the network traffic that travels the short but critical distance between an SEL-651R/RA recloser controls and a Cisco Catalyst IR1101 Rugged Router.
We built this solution using IEEE 802.1AE Media Access Control Security (MACsec) and the MACsec Key Agreement (MKA) portion of 802.1X Port-Based Network Access Control. We chose MACsec because it is a mature, proven, and open standard. It’s also stable, having undergone few updates since its publication in 2006 yet it still delivers strong encryption today.
Applying this standard on Cisco and SEL hardware, it becomes possible to secure recloser communications without investing in external devices. The solution will be available at the end of 2022, enabling utilities to begin upgrading their distribution automation environment.
Coordinating activities across functional groups within the utility can be extremely difficult. With that in mind, we designed the solution to be implemented in two phases. The first phase involves a truck roll to physically update each location as required. The second phase involves updating the configuration and can be handled remotely and without any disruption of service to the grid.
Going the extra mile for the ‘last foot’
As security threats and risks to utilities continue to increase, this standards-based solution from Cisco and SEL represents a vitally important tool for hardening critical infrastructure. We invite you to dive deeper into the solution by reading Securing the ‘Last Foot’ in Distribution Automation, a white paper Cisco and SEL published during DistribuTECH.
To explore how this solution can help you, contact us.