Cross-border energy trade is crucial for providing cheaper and cost competitive energy to the consumers. For this reason, Slovenian and Croatian transmission system operators have developed a strong cross-border collaboration, including operational data exchange between the operators to augment the balancing of both grids. This also includes a common Virtual Cross-border Control Center for voltage control and loss optimization in both transmission systems. To enable voltage control and loss optimization, the network models of both networks must be exchanged on a 15-minute basis. This is achieved by exchanging CIM XML files. The extraction or manipulation of these files gives nefarious agents possible insight into the employed mechanisms and provides them with means to negatively influence the grid operations, which could result in complete network outages.
Guardtime is focused on securing the processes and data that customers rely on while providing services. In the CyberSEAS project, we use the MIDA software solution to secure the actual state of the assets, infrastructure, and services. This enables the security team of any critical energy infrastructure to verify the integrity of security control policies that they rely on and to protect themselves against potential cyber attacks. The backbone of MIDA is Guardtime’s global eIDAS compliant trust service called KSI Blockchain. It enables to register and assign an immutable proof to all digital assets involved in the grid operation, including also the CIM XML files that the Slovenian-Croatian TSOs exchange. In case of any changes, MIDA produces real-time alerts that are either sent directly to the grid operator for immediate investigation and remediation or to other tools or services for further automated analysis and processing to enhance the overall cybersecurity posture.
As already mentioned, Slovenia and Croatia have connected power grids, and they use it to share excess energy according to the market needs. CIM files are exchanged to conduct the safe and optimal electricity transfer. These CIM files are generated automatically by SCADA and then are shared with the cross-border partner in order to optimize energy transfer over the border. The whole process is mostly automated and a human intervention only occurs when there are issues detected in the creation and sharing of the CIM files. CIM files themselves are generated and consumed in isolated environments but the exchange is done using the internet and a number of different processes. In case the CIM files are changed or tampered due to human error or malicious activity, country wide power outages could occur.
To prevent this from happening, the MIDA solution offers a security procedure, as well as overwatch capabilities for the cross-border CIM file exchange. When the Slovenian TSO grid operator creates the CIM files, these files will be automatically signed by MIDA, creating a means to verify the integrity of these files. MIDA is deployed on both TSO’s sites with integration interfaces that are specific to the target environment. MIDA is designed to use cryptographic proofs that are independently verifiable, and thus does not store any data on the blockchain itself. With the MIDA solution, the TSO sending out the CIM files across the border has the automatic capability to check if these files are unchanged. Additionally, after receiving the exchanged CIM files, the receiving TSO can verify the integrity of the file before proceeding to making changes to the grid parameters. If an error occurs, due to failed verification, an alert is sent to both parties and the CIM file is flagged and sent to quarantine. This enables real time detection of potential cyber attacks for both TSOs and a safer CIM file exchange between the two countries.
Reliable electricity services are essential to the conveniences of modern life and vital to our economy and security. This makes any cross-border energy exchange increasingly important and also attractive for malicious actors to take advantage of. An attack on one system can cause cascading effects and harm more than just a single geographical area or critical infrastructure system. Guardtime’s MIDA tool provides attack detection capabilities for TSO’s exchanging CIM files, helping to improve the cyber resilience of systems and to protect against potential attacks in cross-border energy exchange.
Authors: Liis Livin and Priit Anton, Guardtime
 The Common Information Model (CIM) is an abstract information model that can be used to model an electrical network and the various equipment used on the network. CIM is widely used for data exchange of bulk transmission power systems.