INFORMATION SECURITY IN POWER DISTRIBUTION:
A CASE STUDY
Dr. Vivek Chandra, Head IT, MPPKVVCL, Jabalpur
Dr. Ashok Kumar Tiwari, EE (RAPDRP) , MPPKVVCL, Jabalpur
“..the only reliable way to measure security is to examine how it fails”
1. Introduction: With the launch
and advancement of R-APDRP
Program in the Distribution Companies
across the country, there has been a
creation of sizable amount of IT
Infrastructure. Huge information is
being created and disseminated across
the organization and beyond, among its
stakeholders. In creating and
maintaining such information store-
house within the organization, it is
absolutely essential to maintain and
practice an effective Information
Security Policy (ISP) to ensure stringent
safety measures. The measures should
ensure confidentiality, integrity and
availability of information so that each
piece of information is protected in a
manner that is consistent with the value
attributed to it, the risk the utility is
willing to accept and the cost the utility
is willing to pay. In this regard the
Govt. of India has also issued
instructions to PSUs to counter
vulnerabilities in Computer
Systems/Networks based on the
Intelligence Bureau Communiqué that
covers Physical Theft of Computer
Hardware that contains sensitive data,
Data Compromise, Information Stealing
1
--Bruce Schneider, Beyond Fear.
by Remote access, Spoofing by
Intruders and Defacement of Govt.
Websites etc.
This paper aims at analyzing the
Information Security needs of the
Distribution Companies (Discoms) in
India and a case study how the same is
being adopted by MP Poorv Kshetra
Vidyut Vitaran Co. Ltd, Jabalpur
(MPPKVVCL), a discom which carries
out Power Distribution in the eastern part
of the state of MP, with headquarter at
Jabalpur.
2. IT Architecture prior to R-APDRP:
MPPKVVCL was formed after the
unbundling of erstwhile MP State
Electricity Board) in July’02. The
Company has been using information
and communication (ICT) tools (most of
which have been inherited from the MP
State Electricity Board) since its
inception. The major applications
deployed include Consumer Bill
Generation System, Financial
Accounting System, Stores Management
System and Payroll System.
 Figure 1: Standalone IT Systems in
MPPKVVCL prior to R-APDRP

These systems are used within shall also pave way for vulnerability of
departments and in isolation and are the system to cyber attacks and other
based on de-centralized architecture, security issues.
therefore the information desired at the
Company level had to be further 3. Applications & Infrastructure in R-
compiled. Huge efforts were required APDRP:-
in punching and compilation of data.
This also resulted in delayed MIS and Applications:-
the system was also prone to manual
errors and manipulations. Part-A : Essentially Required by
most Utilities for setting up an IT
Table 1:- Details of the Applications backbone for collection of baseline
deployed, their architecture & data, Energy Accounting / Auditing
locations and establishment of Customer care
centers:-
Office No.
S Name of
N Application
Arch. where of  Meter Data Acquisition
deployed locs.
1 Billing Dist. RAO 6
 Energy Audit
System (HT) Nos.  New Connection
2 Billing Dist. Circle/Dn 29  Disconnection & Dismantling
System(LT) Nos.  GIS Based Consumer Indexing &
3 Stores Dist. Area 5 Asset Mapping
Management Stores Nos.
System
 Centralized Consumer Care
4 Financial Dist. RAO 6 Centre
Accounting Nos.  Management Information
System System.
5 Payroll Dist. RAO 6
System Nos. Part-B: Implementation of
Commercial Processes like Metering,
A shift to Centralized Architecture with Billing, Collection.
huge communication network would
help in getting rid of above issues but it
2
  Development of Commercial 4. Security Threats in a Centralized
Database of Consumers Architecture:
 Metering
 Billing 4.1 Origination of Threats:
 Collection Security threats can come from two
Part-C – Other Optional Application locations:
Packages
 External users
 Maintenance Management
 Asset Management  Internal Users
4.1.1 External users: An
Proposed Infrastructure: external security threat occurs when
someone outside your network creates
 The scope covers setting up of IT a security threat to your network. If one
infrastructure at data center & is using an intrusion-detection system
DR Center, Call centers and other (IDS), which detects attacks as they
offices of utility, which would occur, one will probably be mildly
form the platform for subsequent shocked at the number of probes and
development. attacks that occur against the
 Setup of LAN at datacenter, network daily.
Customer care centers, Sub
division, division, Circle, Head 4.1.2 Internal users: An
Quarter and any other office of internal security threat occurs when
the utility as per their someone from inside
requirement. your network creates a security threat to
 Creation of VPN/ MPLS based your network. The fact is that the biggest
WAN for connecting all offices threat to an organization lies within its
in the select 27 towns in the boundaries.
Discom.

An effective network security strategy

requires identifying threats and then
choosing the most effective set of tools
to combat them.

Figure 2: Network Topology with a

Centralized Architecture in R-APDRP
3
 In its 2006 survey, “Information
Security Breaches,” the DTI and
PricewaterhouseCoopers found that 32%
of Information Security attacks
originated from internal employees while
28% came from ex-employees and
partners[1].
Some of these security breaches were
malicious in intent; others were
accidental. Therefore, one should not
just be concerned about protecting the
perimeter of your network; one should
also aim to protect every key resource
and service.
4.2 Types of Threats:
4.21 Viruses: They are Computer
programs written by devious
programmers and designed to replicate
themselves and infect computers when
triggered by a specific event.
4.22 Trojan horse programs: Delivery
vehicles for destructive code, which
appear to be harmless or a useful
software programs such as games.
4.23 Attacks: Including reconnaissance
attacks (information-gathering activities
to collect data that is later used to
compromise networks); access attacks
(which exploit network vulnerabilities in
order to gain entry to e-mail, databases,
or the corporate network); and denial-of-
service attacks (which prevent access to
part or all of a computer system)
Data interception : Involves
eavesdropping on communications or
altering data packets being transmitted.
4.24 Social Engineering: Obtaining
confidential network security
information through nontechnical means,
such as posing as a technical support
4
person and asking for people's
passwords.
5. Security Features at various levels:-
Security Features have been detailed at
three levels namely at Data Centre level,
at Network level and at End User Level.
5.1 Data Centre Security:
A data center is a facility used to house
computer systems and associated
components, such as telecommunications
and storage systems. It generally
includes redundant or backup power
supplies, redundant data communications
connections, environmental controls
(e.g., air conditioning, fire suppression)
and security devices.
IT operations are a crucial aspect of most
organizational operations. One of the
main concerns is business continuity;
companies rely on their information
systems to run their operations. If a
system becomes unavailable, company
operations may be impaired or stopped
completely. It is necessary to provide a
reliable infrastructure for IT operations,
in order to minimize any chance of
disruption. Information security is also a
concern, and for this reason a data center
has to offer a secure environment which
minimizes the chances of a security
breach. A data center must therefore
keep high standards for assuring the
integrity and functionality of its hosted
computer environment. This is
accomplished through redundancy of
both fiber optic cables and power, which
includes emergency backup power
generation.
5.1.1 Redundant Power Supply:
Backup power consists of one or
more uninterruptible power supplies,
battery banks, and/or diesel generators.
To prevent single points of failure, all
elements of the electrical systems,
including backup systems, are typically
fully duplicated, and critical servers are
connected to both the sides of power
feeds. This arrangement is often made to
achieve N+1 redundancy in the systems.
Static switches are sometimes used to
ensure instantaneous switchover from
one supply to the other in the event of a
power failure.
5.1.2 Physical Security: Physical
security also plays a large role with data
centers. Physical access to the site is
usually restricted to selected personnel.
Closed Circuit Camera, surveillance and
permanent security guards have become
a must. The use of Identity Access Cards
and biometric devices like finger print
recognition and iris identification
systems are fast gaining popularity.
5.1.3 Protection from Fire & Smoke:-
Data centers feature fire protection
systems, including passive and active
design elements, as well as
implementation of fire prevention
programs in operations. Smoke detectors
are usually installed to provide early
warning of a developing fire by detecting
particles generated by smoldering
components prior to the development of
flame. This allows investigation,
interruption of power, and manual fire
suppression using hand held fire
extinguishers before the fire grows to a
large size. A fire sprinkler system is
often provided to control a full scale fire,
if it develops. Passive fire protection
elements include the installation of fire
walls around the data center, so a fire
can be restricted to a portion of the
facility for a limited time in the event of
the failure of the active fire protection
systems.
5.14 Communication in Data Centre:
Communications in data centers today
are most often based
5
on networks running the IP protocol
suite. Data centers contain a set
of routers and switches that transport
traffic between the servers and the
outside world. Redundancy of the
Internet connection is often provided by
using two or more upstream service
providers.
Some of the servers at the data center are
used for running the
basic Internet and intranet services
needed by internal users in the
organization, e.g., e-mail servers, proxy
servers, and DNS servers.
Network security elements usually
deployed are: firewalls, VPN gateways,
intrusion detection systems, etc. Also
common are monitoring systems for the
network and some of the applications.
Additional off site monitoring systems
are also typical, in case of a failure of
communications inside the data center.
5.2 Network Security:
In the field of networking, the area
of network security [2] consists of the
provisions and policies adopted by
the network administrator to prevent and
monitor unauthorized access, misuse,
modification, or denial of the computer
network and network-accessible
resources. Network security involves the
authorization of access to data in a
network, which is controlled by the
network administrator. Users choose or
are assigned an ID and password or other
authenticating information that allows
them access to information and programs
within their authority. Network security
covers a variety of computer networks,
both public and private, that are used in
everyday jobs conducting transactions
and communications among businesses,
government agencies and individuals.
Networks can be private, such as within
a company, and others which might be
open to public access. It secures the
network, as well as protecting and
overseeing operations being done. The
most common and simple way of
protecting a network resource is by
assigning it a unique name and a
corresponding password.
Network security starts
with authenticating the user, commonly
with a username and a password. Since
this requires just one detail
authenticating the user name — i.e. the
password, which is something the user
'knows'— this is sometimes termed one-
factor authentication. With two-factor
authentication, something the user 'has'
is also used (e.g. a security token or
'dongle', an ATM card, or a mobile
phone); and with three-factor
authentication, something the user 'is' is
also used (e.g. a fingerprint or retinal
scan).
Once authenticated, a firewall enforces
access policies such as what services are
allowed to be accessed by the network
users.[2] Though effective to prevent
unauthorized access, this component
may fail to check potentially harmful
content such as computer
worms or Trojans being transmitted over
the network. Anti-virus software or
an intrusion prevention
[3]
system (IPS) help detect and inhibit the
action of such malware. An anomaly-
based intrusion detection system may
also monitor the network and traffic for
unexpected (i.e. suspicious) content or
behavior and other anomalies to protect
resources, e.g. from denial of
service attacks or an employee accessing
files at strange times. Individual events
occurring on the network may be logged
for audit purposes and for later high-
level analysis.
Communication between two hosts using
a network may be encrypted to maintain
privacy.
6
Honeypots, essentially decoy network-
accessible resources, may be deployed in
a network as surveillance and early-
warning tools, as the honeypots are not
normally accessed for legitimate
purposes. Techniques used by the
attackers that attempt to compromise
these decoy resources are studied during
and after an attack to keep an eye on
new exploitation techniques. Such
analysis may be used to further tighten
security of the actual network being
protected by the honeypot.[5]
Provisions in R-APDRP
 A strong firewall and proxy to
keep unwanted people out.
 Strong antivirus software and
Internet Security Software suites.
 Strong encryption.
 White list authorized wireless
connection, block all else.
 All network hardware is in secure
zones.
 All hosts should be on a private
network that is invisible from the
outside.
 Host web servers in a DMZ, or a
firewall from the outside and from
the inside.
 Security fencing to mark
perimeter and set wireless range to
this.
5.3 Security at End User Side:
Identity Access Management: These
services help to identify users and
control their activities and transactions
on the network. Services include
passwords, digital certificates, and
digital authentication keys. User ID is
being used as single point authentication
target.
Blocking use of CD Drives and Pen
Drives: To minimize the likelihood of
Virus entering into system.
Antivirus software packages: These
packages counter most virus threats if
regularly updated and correctly
maintained.
6. Conclusion:- The analysis shows that
large measures have been taken by
MPPKVVCL to ensure Information
Security of the IT System. Although
management of the security tools would
be a challenge keeping in view the
limited resources and shortage of
manpower but if the same is attained, the
Centralized Architecture established
through R-APDRP would prove to be a
panacea to most of the woes presently
being faced by the Company because of
the distributed IT architecture it has at
present.
7
7. Reference
1. http://www.net-
security.org/article.php?id=959
2. Simmonds, A; Sandilands, P; van
Ekert, L (2004). "An Ontology
for Network Security Attacks".
Lecture Notes in Computer
Science. Lecture Notes in
Computer Science 3285: 317–
323. doi:10.1007/978-3-540-
30176-9_41. ISBN 978-3-540-
23659-7.
3. A Role-Based Trusted Network
Provides Pervasive Security and
Compliance - interview with
Jayshree Ullal, senior VP of
Cisco
4. Dave Dittrich, Network
monitoring/Intrusion Detection
Systems (IDS), University of
Washington
5. "Honeypots, Honeynets".
Honeypots.net. 2007-05-26.
Retrieved 2011-12-09.
About the authors:
Dr. VIVEK CHANDRA
Dr. Chandra is B.E. (Electricals),
M.Tech (IT) and Ph.D. in Computer
Science. He did EDP from IIM-
Ahmedabad. He has around 22 years of
experience in power distribution and
automation. He is currently posted at
M.P. Poorv Kshetra Vidyut Vitaran Co.
Ltd., Jabalpur as Head (IT) and involved
in the planning and development of IT
systems for Power Distribution
automation and reforms. He has also
acquired training in GIS at ESCI
Hyderabad. He is presently looking after
implementation of the prestigious R-
APDRP and ERP Projects in the
Discom. He has authored a book on
Information Security and has over 30
research papers published in reputed
National/International Journals and
Seminars.
Dr. ASHOK KUMAR TIWARI
Dr. Tiwari is B.E.(Electrical Engg.),
MBA and Ph.D. in Energy Management.
He did EDP from IIT-Delhi and IIM-
Calcutta. He has around 22 years of
experience in power transmission and
distribution and is presently working at
M.P. Poorv Kshetra Vidyut Vitaran Co.
Ltd., Jabalpur as Executive Engineer. He
has also acquired training in SCADA
and DMS systems at ESCI Hyderabad.
He is presently looking after Distribution
SCADA Project being implemented in
Jabalpur City. He has authored two
books, one book chapter and more than
32 research papers in reputed Journals
and Seminars.