The convergence of information and communication technologies (ICT) and operational technologies in smart grids is a double-edged sword. On the one hand, ICT makes it possible to significantly improve grid reliability, security, and efficiency by facilitating information exchange, managing distributed generation and storage sources, while also enabling active participation of the end consumer. On the other hand, attackers can exploit the vulnerabilities of communication systems for financial or political gain.Illicit access via ICT potentially enables attackers to shut down power over large areas, or direct cyberattacks against power generation facilities. Although attacks on grids are relatively rare today, they can and do happen – as illustrated by the Ukraine shutdown in December 2015 and the recently thwarted attempt in April at the start of the Ukraine crisis. In 2015 attackers successfully blacked out a portion of the country’s grid by using stolen user credentials to remotely access and manipulate the SCADA industrial control systems. Over 220,000 customers lost access to power for six hours.
“The most popular attacks these days, including the hack of Ukraine’s power grid, are performed with trojans. If a system is properly maintained; however, it should be possible to detect this virus in due time, thus preventing a complete shutdown. Cyber-security in smart grids is therefore becoming increasingly important,” says Dr André Egners, a Security Architect at Landis+Gyr.
The ongoing development of smart grids introduces new security risks because cyber-attacks can be potentially performed on a large number of intelligent devices connected to the network. Each device is a possible entry point into the network and considering that there are already about 2 billion IoT-connected smart grid devices – and this number is expected to reach 12 billion13 by 2024 – the magnitude of the problem becomes apparent.
Advanced Distribution Automation (ADA) systems and Advanced Metering Infrastructure (AMI) expose grids to potential abuses of data protection and privacy. Moreover while the increasing use of Internet Engineering Task Force (IETF) standards in smart grids is a good thing, its rising popularity and familiarity also makes them more vulnerable to well-known network attacks such as spoofing, man-in-the-middle, denial-of-service, and others.
While few threats outweigh those presented by the prospect of cyber-crime, physical security remains a key consideration and is almost as difficult to address, again because of the vast number of components in the network, many of which are outside utilities. Physical destruction or interference with these devices presents obvious security risks.
Other potential risks that need to be managed include:
- implementing new IT systems that are incompatible with
- legacy grid infrastructure,
- human error, and
- ill-intentioned employees with legitimate access to systems.
Security architecture and endpoint devices
In order to mitigate the security risks, the smart grid solution is designed to ensure that the correct security protocols, practices and technologies are in place. Indeed, a fundamental component of information security is the use of encryption techniques to protect the communication among the smart grid devices and back-end systems.
In addition, the fundamental rule of grid design is based on the principle that the compromising of one device does not result in the compromising of any other devices: for example, good practice is the use of different access and encryption keys for different devices in order to avoid the theft of keys from one device compromising the whole grid. Moreover, security requirements should be adapted for different devices. In residential meters, for instance, the focus is on privacy and protection of consumption data. And in countries where it is possible to remotely disconnect users from the network, there are obvious concerns about operator errors or attacks that could cause mass outages.
Selecting encryption methods
“The encryption technology is dependent on the communication standards: for example, in DLMS (Device Language Message Specification) smart meter standards, encryption is used to encrypt and authenticate the payload of the messages. On wide-area networks, the TLS (Transport Layer Security) should be adopted since it is a common technology in use on the Internet.” adds Dr Egners,
For encryption, Landis+Gyr uses algorithms recommended by the NSA (US National Security Agency), NIST and ENISA (European Network and Information Security Agency). Cross-industry experience has proven that developing algorithms in-house seldom leads to a secure product, and will cause problems when integrating components from different manufacturers into the same grid.
Effective key management
The security provided by encryption depends heavily on the encryption keys used because people with ill intent do not usually try to break the encryption algorithm, but rather steal the keys. No matter how good the algorithm, stealing the keys provides access to the information and control of devices. To minimize this risk, Landis+Gyr implements state-of-the-art key management techniques to ensure that encryption keys are securely generated and stored after the device has been manufactured and securely delivered to customers. This is based on a public key infrastructure system that facilitates all the key exchange processes – as already provided in modern online secure transactions in banking and e-commerce business.
Creating custom certificates
The combination of a public key and a name is used to create a certificate. Landis+Gyr operates its own public key infrastructure for its devices, and key pairs are inserted on the production line. This effectively puts a certificate into every product that says ‘this is a Landis+Gyr device’ as well as specifying the related serial number. This unique provision is especially attractive to customers who do not possess a public key infrastructure of their own since Landis+Gyr provides them, in effect, with an out-of-the-box security solution.
Information system security best practices
Another fundamental component of information security is the establishment of proper access control. Access to (and execution of) application service logic, fulfillment and assurance functions should be based on the role of the user (e.g., administrator, operator, auditor, etc.). This requires role-based access models to be supported. All users must produce credentials to prove their identity when accessing or launching tasks. Moreover, the user access management should be integrated with customer IT systems in order to facilitate both user administration and daily users’ activities.
The smart grid system must log user actions and security relevant actions, events and alarms by means of an audit trail. This trail contains information, such as the date and time of an action or event as well as the users and systems involved. Examples of security relevant actions include a user logging in to the system and changes to credentials or to cryptographic keys.
Over the lifetime of a smart grid system, the software (firmware, applications, operating system, etc.) may also need to be securely replaced with newer versions. Landis+Gyr addresses these needs by providing technical controls, such as secure firmware updates and dedicated services to its customers.
Integrated security approach
No matter what technologies are employed, it is impossible to create a 100% secure grid. Nevertheless, as a critical infrastructure, the smart grid requires the highest levels of security achievable within operational and financial constraints. A comprehensive security architecture with built-in security from planning though to implementation and operation is essential. Only a holistic approach based on tested industry standards, trusted ICT and end devices – and partnership between technology vendors, DSOs and regulators in defining security policies and procedures – can keep smart grids secure.