Security in the Smart Grid

introduction

Present and future battlefronts of electronic terrorism includes the state of readiness and resilience of the computer equipment protecting America's energy distribution networks and industrial control systems. According to a Pike research report [1] published March 1st of this year, it is projected that investments in smart grid cyber security will total $14 billion through 2018. First, what is a power grid? A power grid consists of several networks that carry electricity from the power plants where it is generated to consumers, and includes wires, substations, transformers, switches, software, and other hardware. The grid in the past used a centralized one-way communication distribution concept that consisted of limited automation, limited situational awareness, and did not provide the capability for consumers to manage their energy use. “Smart Grid” generally refers to a class of technology designed to upgrade the current utility grid infrastructure to improve the efficiency on the power network and in energy users’ homes and businesses. Much of the legacy power plant infrastructure is now over 30 years old with electrical transmission and distribution system components (i.e. power transformers) averaging over 40 years old and 70% of transmission lines being 25 years or older [2]. In December 2007, Title XIII of the Energy Independence and Security Act of 2007 became an official legislative mandate. This mandate provided the legislative support for the Department of Energy’s (DOE) smart grid activities and reinforced its role in leading and coordinating national grid modernization efforts. According to the U.S. DOE’s Modern Grid
Initiative Report [3], the smart grid functions must include: - Ability to heal itself (from power disturbance events) - Encourage consumers to actively participate in operations of the grid - Be secure – resist attack - Provide a higher quality of power - Accommodate all generation and storage options - Run more efficiently - Promote higher penetration of intermittent power generation sources
This paper will focus on the security aspect of the smart grid relative to its use of computers and networks. This paper will discuss security vulnerabilities of the smart grid, some recent attacks on the “smart” grid, ongoing research and development efforts for solutions to countermeasure these attacks and current solutions that are deployed and in use, and conclude with a discussion on the potential privacy issues of security in the smart grid.

Security vulnerabilities of the smart grid

There are several technological barriers to achieving a secure smart grid. In the past, proprietary and locally controlled computers were responsible for centrally monitoring and maintaining everything from electricity distribution to water treatment. But as smart grid technologies and applications are being developed, tested, and deployed throughout the grid the lack of standards and the shift from a centrally controlled grid to a distributed system that requires integrated real-time control systems and bi-directional communication adds significant complexity and security challenges. The National Institute of Standards and Technology (NIST) has the primary responsibility for leading and coordinating the development of a framework to achieve interoperability of Smart Grid devices and systems that includes protocols and model standards for information management among the various organizations within the supply chain. According to the “NIST Framework and Roadmap for Smart Grid Interoperability Standards,
Release 1.0” published January 2010 [4], a significant deliverable of the first phase of a three-phase plan, this report documents a high-level conceptual model of the Smart Grid that identifies 75 existing standards that are likely applicable to ongoing Smart Grid development, identifies 15 high-priority gaps and harmonization issues (in addition to cyber security) for which new and/or revised standards and requirements are needed, and outlines proposed actions with associated timelines for standards-setting organizations (SSOs) such as IEEE to address these gaps. Release 2.0 of this same document adds 22 new standards, specifications, and guidelines and includes an expanded view of the smart grid architecture. Threats to the smart grid can be classified into three broad groups: System level threats that attempt to take down the grid; attempts to steal electrical service; and attempts to compromise the confidentiality of data on the system. Some of the priority areas where the reported gaps reside and where additional standards and requirements need to be established to protect against these classes of threats are: - Advanced Metering Infrastructure - Wide Area Situational Awareness - Demand Response and Consumer Energy Efficiency - Network communications - Cyber Security - Role of IP in Smart Grid - Harmonized Power Line Communication Protocols
The remaining paragraphs in this section will discuss potential and real security vulnerabilities for each of the deficient areas mentioned above. More recently, automated meter reading (AMR) has evolved into advanced metering and smart grid initiatives where meters can now receive commands as well as request for meter readings over a wireless radio-based local area network, and provide data at regular intervals to the utility billing system. These meters are located at the consumer’s facility (i.e. business or residence) making them a prime attack vector. Communication between the smart meter and the utility company could be compromised that could result in interruption of the consumer’s electric supply, cause widespread outages by taking control of the smart meter system through a web interface and then interfere with the grid, or could result in an insecure connection that results in confidential electricity consumption data sent in clear text intercepted and forged with incorrect meter readings. According to a CNET news article published June, 2010 [5], smart meter installation by the U.S. utility companies is rampant driven mainly by the government stimulus funds set aside for smart-grid technologies. “Prominently missing in many of these smart meters are signed and encrypted firmware, secure (smart card chips) for key storage, unique cryptographic keys, and physical tamper protection.” System visualization or wide area situational awareness involves adding “smart” components to enable the system operator with information about the conditions of the transmission and distribution systems and the overall condition of the grid. A phasor measurement unit (PMU) is a device that measures the electrical waves on an electricity grid. Using GPS captured data, synchronized real-time measurements of multiple remote measurement points on the grid can provide high-quality, system-wide visibility for grid operators [6]. GPS signals can be jammed or spoofed by an attacker. PMU vulnerabilities may include attacker compromising a PMU, multiple PMUs, phasor application, or phasor gateway that would result in inaccurate (i.e. spoofed) data that would falsely indicate a problem and/or causing operator or system to make incorrect choices based on false data that would result in loss of system functionality. Demand Response is the part of the smart grid that offers consumers the ability to control smart appliances and potentially reduce electricity costs by changing their use of electricity to take advantage of off-peak hours. One of the key aspects in demand response programs is for utilities to provide secure information to customers. Various threats and attacks could hinder the propagation of crucial information related to price, electricity usage, device and customer information. Privacy of utility, customer and other demand response entities could be at risk due to the vulnerabilities. An attack could involve scanning tools to study the transfer of DR events from the broadcaster or sensor networks to the smart devices at the residential site and obtain necessary customer information that could be used for malicious intent. The network architecture in the smart grid is composed of two types of networks, the local-area networks and the backbone network [7]. A local-area network would include but not limited to such devices as the smart meters and smart devices in a power substation network. The backbone network includes infrastructure nodes such as gateways for local-area networks or routers to forward messages across several types of domains in the smart grid. Transmission Control Protocol (TCP) / Internet Protocol (IP) based protocols are used in parts of this smart grid architecture. “The smart grid has only two major directional information flows: bottom-up and top-down.” With this aggregate of multiple networks consisting of varying types of communication (wired and wireless) comes an increase in complexity which would be a good assumption to make brings with it security vulnerabilities. A Denial-of-service (DoS) attack on the smart grid network could affect it by delaying, blocking, or corrupting information transmission resulting in potential network unavailability. Attacks targeting data integrity and information privacy in the smart grid are likely if authentication controls, intrusion detection, and firewall and gateway design are lacking. The migration to Internet Protocol (IP)–based systems within smart grids to interconnect components such as smart meters and microcontrollers enhances interoperability and information sharing but brings with it security risk. Weaknesses inherent in the protocols themselves can now become targeted vulnerabilities for attackers on IP networks. Legacy power grids used closed, vendor-specific communication protocols, most of which were serial that lent more protection from network attacks and because they were isolated from the rest of the company IT network. Because of the push to smart grid technology and increased requirements for interconnectivity, convergence of these legacy systems with IP has in many cases taken the original serial protocol and encapsulated it into a TCP or UDP packet so that it can be transmitted over IP networks. Now an attacker that is able to capture these data packets over an IP network could obtain information, such as IP addresses, slave (receiver) and master (sender) IDs, timeout configurations and much more. Being able to obtain such information and combining it with knowledge about the particular smart grid itself could result in disruption of the system and potentially cause risks to over grid stability and safety. Power line communications (PLC) reuses power lines for communication purposes. The power line channel has broadcasting characteristics rendering devices linked to it to be connected like a network. Power line networking is emerging as the backbone for home networks allowing smart appliances and other home systems to be connected wherever there is a power outlet and be able to communicate through the smart meters without installation of additional control wiring. Wi-Fi, Zigbee, and HomePlug Green PHY are the top three proven interoperable technologies based on open standards for establishing home area networks (HANs) for the purpose of managing home energy use. On the downside, the broadcasting feature of the power line channel calls for coexistence mechanisms and interference management among PLC devices as well as measures to ensure network security. Though there is a lack of standardization (and harmonization) among the PLC technologies, PLC is inherently secure at the physical level (i.e. eavesdropping and unauthorized signal interruption) [8]. However, when a PLC subnet is connected to other networks by way of gateways or routers, then the standard set of network vulnerabilities and threats apply to the system and its PLC parts. Most cyber security regulations are just reaching the point of implementation in the utility industry, so many utilities are struggling with basic understanding and proper paths to compliance. To compound the issue of trying to meet cyber security regulations, many suppliers’ products involved in the smart grid, have not been developed to meet interoperable cyber security standards due either to lack of requirements provided to them, extra cost to implement, and/or there are little to no available standards for their product to be developed to. “Cyber security must protect against deliberate attacks such as internal breaches, industrial espionage and terrorist strikes—as well as inadvertent compromises of the information infrastructure due to user errors, equipment failures and natural disasters [9]”

Security solutions in the smart grid

Pike Research report on grid security published late 2011 states there is a “focused collaboration from the public and private sectors in methodologies to rapidly deploy grid security. [10]”. According to TLC Secure Inc. [11], one of their solutions to preventing intrusion of smart meters and supervisory control and data acquisition (SCADA) industrial control systems is to encrypt at layer 2. The philosophy behind this proposal is that the vulnerability issues encountered with several technologies operating at the layer 3 will no longer be a problem because everything from layer 2 and above is “locked down”. “Realizing this, TLC developed a security solution “offering true end-to-end IPS by securing the weakest link of smart networks, from database to the smart meter chipset." Another solution proposed for securing the smart grid concerns intrusion detection system security. Dr. David Chalk proposes a detection technique called “cyber forensics” which uses a different approach to intrusion detection that uses various processes to detect the anomaly. According to the Pike Research report on grid security published late 2011, five cyber security technologies are cited and described as being key to protecting smart grids. These are multi-factor authentication, control network isolation, application whitelisting, data encryption, and security event logging and correlation. These are described below. The premise of multi-factor authentication is requiring someone to use two or more factors to authenticate themselves before they are authorized for access to data or a system. The creation of isolated application domains on the smart grid provides an effective solution to protect against hacking attacks. This type of network partitioning allows enforcing QoS for each application within that domain. Rate shaping (for bandwidth control), traffic prioritization (for WAN management and fault recovery). “Rate Shaping protects against possible traffic flooding that may be caused by network misconfiguration, Denial of Service (DoS) attack, or another fault condition. Traffic rates can be shaped differently for each application, achieving a high level of fault tolerance.[12]” Segmentation of the network can be partitioned in a virtual mode as another approach to isolating and securing applications on the network. Application whitelisting is a best practice whereby only authorized applications can run on the networks. This practice helps protect against viruses and malware by restricting only those applications known to be “clean”. The advantages of using an applications whitelist is it promotes more security, minimizes false positives (from any intrusion detection or antivirus), is easy to customize and if maintained, provides an accurate inventory of what applications are known to be safe to use. Smart grid is evaluating where this practice best fits into the system to help towards a more secure environment. A key solution for addressing a smart grid’s security concerns is to use the most advanced data encryption and authentication techniques approved by the National Institute for Sciences and Technology. (NIST). Smart meters are using Advanced Encryption Standard (AES) and Elliptic Curve Cryptography (ECC). Using high-performance data encryption servers, sensitive data is protected against potential eavesdropping, replay or man-in-the-middle attacks. Encryption technologies used by areas of commerce such as online banking and internet shopping are being evaluated for smart grid application in areas of data encryption, storage, and anonymization. Two innovative new cryptographic algorithms, Hummingbird and Passerine, both of which are new in securing small, resource-constrained microchips that are in smart meters, gas and water meters. These algorithms were developed at Revere Security [13]. Various log formats many of which aren’t even secured (transmitted in clear text) involved with smart grid pose a problem to being able to effectively used. Developers like LogLogic are evaluating technologies where secure log data is collected and can be correlated such that it enables responding to security events more efficient. Work with the Natural Environment Research Council (NERC) to establish standards for logging structure, formatting and event numbering is ongoing.

The electricity grid is connected to (and largely dependent on) the natural gas pipeline, water supply, and telecommunications systems.

Threats to smart grid systems come from a wide range of sources, or “threat agents.” These include unethical customers, curious and motivated eavesdroppers as well as active and passive attackers

�� Impact of the Smart Grid on Privacy
�� The Smart Grid may greatly expand the amount of data that can be monitored, collected, aggregated, and analyzed.
�� This expanded information, particularly from customer sites, raises added privacy concerns.
�� The Smart Grid is an “always on” passive participation network. �� The innovative technologies of the Smart Grid pose new legal issues for privacy within the home and other properties.

A threat defense solution is required to protect against vulnerabilities because it is often difficult to anticipate what form a new threat might take. Care should be taken to apply security principles broadly across the entire grid infrastructure to build an effective, layered defense.

greater number of entry points through which to stage cyber attacks. Moreover, the increased complexity of the grid could introduce vulnerabilities and increase exposure to potential attackers or unintentional disruptions

ANALYSIS

1) 2)

.

references

[1]

[2]

[3] National Energy Technology Laboratory (2007-07-27) (PDF). A Vision for the Modern Grid United States Department of Energy, p5. Retrieved 2012-3-10

[4]

[5] Mills, Elinor. “Money trumps security in smart-meter rollouts, experts say” (2010-6-15). CNET News, http://news.cnet.com/8301-27080_3-20007672-245.html. Retrieved 2012-3-10

[6] Kenchington, Hank, et al. “Protecting smart systems against cyber threats” (2011-7), Public Utilities Fortnightly, http://www.fortnightly.com/uploads/07012011_TomorrowsGridP1.pdf Retrieved 2012-3-11

[7] Lu, Zhuo, Wang. Cliff, et al, “Review and Evaluation of Security Threats on the Communication Networks in the Smart Grid” (undated) http://apachepine.ece.ncsu.edu/publications/10llww-milcom.pdf Retrieved 2012-3-11

[8] Gustavsson, Rune. “Security Issues and Power Line Communication” (2001), http://www.isplc.org/docsearch/Proceedings/2001/pdf/0723_001.pdf Retrieved 2012-3-11

[9] Dreher, Andreas. Belden® “Get Smart About Electrical Cyber Security”, (undated) http://www.belden.com/pdfs/techpprs/PTD_Cyber_SecurityWP.pdf Retrieved 2012-3-11

[10] Lockhart, Rob; Gohn, Bob Pike Research, “Utility Cyber Security Seven Key Smart Grid Security Trends to Watch in 2012 and Beyond” (4Q, 2011) http://www.pikeresearch.com/wordpress/wp-content/uploads/2011/11/UCS-11-Pike- Research.pdf Retrieved 2012-3-11

[11] Karisn, Larry. Infosec Island, “Smart-Grid Security Will Force New Ways of Thinking” (2012-1-7) http://www.pikeresearch.com/wordpress/wp-content/uploads/2011/11/UCS-11- Pike-Research.pdf Retrieved 2012-3-11

[12] Trilliant “Application Domain Partitioning for the Smart Grid” (undated) http://www.trilliantinc.com/library-files/white-papers/WP-ApplicationDomainPartitioningfor theSmartGrid.pdf Retrieved 2012-3-12

[13] Security Dark Reading “Dr. Whitfield Diffie Discloses Innovative Cryptographic Solutions at The Smart Grid Security Summit” (2011-10-4) http://www.darkreading.com/authentication/167901072/security/news/231700251/dr- whitfield-diffie-discloses-innovative-cryptographic-solutions-at-the-smart-grid-security- summit.htm Retrieved 2012-3-12