The Internet of Things (IoT) opens the gate for endless opportunities in the energy sector. Unfortunately, such diverse opportunities can arouse another type of energy: the malicious one. The threat of unanticipated security breaches is not only about loss of income or reduced customer satisfaction, but finally about consumer privacy and ultimately about electricity network stability.
Cyber security in AMI must involve more than the technical security of the solution, that is, the physical security of devices, secured communication, backend systems, and data storing. It demands a holistic approach that embraces the planning of the entire IT infrastructure from a security perspective as well as the people, practices, and processes that enable it. This holistic view and the embedded culture of security is crucial also in AMI technology development. Tuomas Kepanen, Landis+Gyr R&D Manager of Architecture and Platforms, shares his thoughts on building pillars of a secure software product.
Complex security requirements
A secure system is always a complete package, and overall security cannot be built by focusing on a single component of the system. When designing a secure system, it is important to identify security demands from several stakeholders’ perspectives. The requirements may vary from system performance demands by system users to the fulfilment of regulatory details.
Good plan is a good start
After identifying the stakeholders, the next step is describing the functional, non-functional, and security requirements for the system. Especially in the early stages of development, these requirements may be vague or rough but the definition and discussion of the basic principles is an important part of the system design process. The high-level information security requirements, related e.g. to confidentiality or integrity of the system, are further derived to functional requirements like implementing a security event log for auditing user’s operations, encryption and authentication of traffic between system components, or reinforcement of the operating system.
When defining information security requirements, it is crucial to describe the most important system components that need protection and consider for example:
- Which functions or information should be secured?
- What security attributes should particularly be protected?
- What is most important and when: confidentiality, integrity, or availability?
- How much focus should be placed on securing a certain feature of a certain component?
- How much residual risk is acceptable?
- Is the objective preventing or identifying information security breaches?
- What are relevant threats that need to be covered by security?
A helpful tool to answer these questions is the IT systems security architecture. It strives to define details related to overall system security, such as the network structure, the network’s active devices, encryption, and the protocols deployed.
Malicious users are users too
Another efficient planning method is describing the use cases from the view of a malicious user, which helps identifying information security controls for misuse cases. For example, in preventing denial-of-service attacks, certain controls related to load handling or to blocking traffic can be employed while unauthorized use can be controlled through user access management. In addition, the possibility that a legitimate user unwittingly acts as an agent of a malicious entity must be considered.
Not just the software developer’s responsibility
Building the software itself also involves methods that take information security into account. A central one is the security awareness of the individual application developer. The larger and the more updated the developer’s expertise, the more penetration possibilities will be considered and the more defense measures can be taken during software development.
However, the responsibility cannot rest solely on developers’ shoulders, even when the software is extensively tested by external specialists whose only aim is to penetrate the system and to point out its weaknesses. So further measures are needed to secure the system.
Different types of scanners and static analysis tools related to information security strive to find errors in the source code during the build process. Furthermore, efficient tools can be used to detect known vulnerabilities of the libraries used which can be integrated in the software build process.
And finally, the perspective needs to be expanded from the actual application development work to the secure development environment and processes. International standards such as ISO 27001 provide a systematic approach for continuous security development here.
Secure use of a secure system
Besides the technical security of a system, a use policy for the system is needed – either on its own or as part of the company’s other information safety policies. As a minimum, a use policy should consider the following:
- What constitutes acceptable use of the system?
- Does the principle of least privilege apply in the system?
- How is the use of the system being monitored and by whom?
- How are backups set up and practiced?
- How is users’ information security awareness taken care of?
- How to respond to security incidents?
A matter for the whole organization
Regardless how well the system is forearmed against attacks, cyber security risk management requires the attention of the entire organization. Only when embedded into a strategy of continuous monitoring, assessments, and improvement seeking, can cybersecurity measures be efficient. Therefore, it is highly important to consider all matters related to information security as a complete entity.