Transcript Smart Grid Technology Overview

Terms of Protection: The Many Faces of
Smart Grid Security
Presenter: Hongwei Li
References
 Main Reference
 Nordell, D.E., “Terms of Protection: The Many
Faces of Smart Grid Security,” IEEE Power &
Energy Magazine, Jan./Feb. 2012.
 In Brief
 Massoud Amin, S. and Giacomoni, A.M., “Smart
Grid—Safe, Secure, Self-Healing ,” IEEE
Power & Energy Magazine, Jan./Feb. 2012.
2
Outline
 The Dictionary Definition for Security
 Who Cares About Security?
 Key Smart Grid Security Challenges
 Advanced Metering Infrastructure (AMI) Security
 Techniques used to Achieve Cyber security
 Security Must Be Built IN
3
The Dictionary Definition for Security
Security as Reliability
Security as Communication Reliability
Security as Information Protection
4
The Dictionary Definition for Security:
Security as Reliability
Traditional electric utility
Power engineers used the term Security to describe the
ability of the bulk power system to withstand unexpected
disturbances such as short circuits or unanticipated loss of
system elements due to natural causes.
In today’s world
The security focus of the industry has expanded to include
withstanding disturbances caused by man-made physical or
cyber attacks.
http://www.nerc.com , under the heading “Company Overview”
5
The Dictionary Definition for Security:
Security as Communication Reliability
Reliability for power system communication has several
facets.
The probability that a given message will be lost entirely
The use of redundant communication paths and automatic
failover to protect against message loss
The expected time delay (latency) in delivering a message
The expected variability of that time delay (jitter)
How competing messages may (or may not) be given priority
when communication channels are saturated.
6
The Dictionary Definition for Security:
Security as Information Protection
Information protection involves measures taken to ensure
the anonymity of electricity information, both in transit
and when stored on digital systems.
Of primary importance is information related to utility
customers and information about the electric power system
that may be of interest to parties who wish to harm the
utility and to potential intruders.
An equally critical facet of information protection is
protection of information and commands used to control
the power system.
Ensure that such communications are protected from outside
intrusion, particularly when the communication path is
exposed to possible outside eavesdropping and malicious
intervention.
7
Outline
 The Dictionary Definition for Security
 Who Cares About Security?




Key Smart Grid Security Challenges
AMI Security
Techniques used to Achieve Cybersecurtiy
Security Must Be Built IN
8
Who Cares About Security?
The Energy Independence and Security Act (EISA) of
2007 passed by the US. Congress brought the term “Smart
grid “ into the public vocabulary. The EISA considered
both power system reliability and protection of sensitive
information.
The EISA assigned the National Institute of Standards
and Technology (NIST) “primary responsibility to
coordinate development of a framework that includes
protocols and model standards for information management
to achieve interoperability of Smart Grid devices and
systems…” (see EISA Title XIII, Section 1305)
9
Outline
 The Dictionary Definition for Security
 Who Cares About Security?
 Key Smart Grid Security Challenges
 AMI Security
 Techniques used to Achieve Cybersecurtiy
 Security Must Be Built IN
10
Key Smart Grid Security Challenges
Physical Challenges
Cyber Challenges
11
Key Smart Grid Security Challenges
Physical Challenges
Figure 1. Electric terrorism: grid component targets, 1994–2004
12
Key Smart Grid Security Challenges
Physical Challenges
One possible means of increasing the physical
security of the power lines is to bury them.
A 2006 study by the Edison Electric Institute (EEI)
calculated that putting power lines underground
would cost about US $1 million per mile, compared
with US $100,000 per mile for overhead lines,
making the idea financially infeasible.
13
Key Smart Grid Security Challenges
Cyber Challenges
The number of documented cyber attacks and
intrusions worldwide has been rising rapidly in recent
years. The results of a 2007 McAfee survey highlight
the pervasiveness of such attacks.
For example,,,,
14
Key Smart Grid Security Challenges
Cyber Challenges
Figure 2. Percentage of critical infrastructure enterprise executives reporting
large-scale DDoS attacks and their frequency
15
Key Smart Grid Security Challenges
Cyber Challenges
Figure 3. Cyber threat evolution
16
Outline
 The Dictionary Definition for Security
 Who Cares About Security?
 Key Smart Grid Security Challenges
 AMI Security
 Techniques used to Achieve Cybersecurtiy
 Security Must Be Built IN
17
Advanced Metering Infrastructure
(AMI) Security
The implementation of AMI is widely seen as one of the
first steps in the digitization of the smart grid’s control
systems.
Some present and all future AMI deployments will use
Internet Protocol (IP) addressing to allow messages to
travel over multiple media and both public and private
networks.
The communication media for AMI systems include a
variety of proprietary radio systems, common-carrier
digital cellular services, and communication using the power
line itself, in the form of broadband over power lines (BPL).
Of these, the industry is converging on the use of wireless
IEEE 802.15.4g.
18
Automated Metering Infrastructure
(AMI) Security
With increasing functionality and wireless connectivity
comes a heightened need not only to protect system and
message integrity but also to preserve the confidential
information of customers.
The AMI Security Task Force of the UCA International
Users Group (UCAIug), the NIST SGIP, and in particular
NIST IR 7628 are providing “best practice” guidelines for
securing future AMI systems.
19
Automated Metering Infrastructure
(AMI) Security
Possible threats to the smart grid, introduced by the use
of AMI include:
Fabricating generated energy meter readings
Manipulating energy costs
Disrupting the load balance of local systems by suddenly
increasing or decreasing the demand for power
Gaining control of millions of meters and simultaneously
shutting them down
Sending false control signals
20
Automated Metering Infrastructure
(AMI) Security
Several key privacy concerns need to be addressed,
including:
Personal profiling: using personal energy data to
determine consumer energy behavioral patterns for
commercial purposes.
Real-time remote surveillance: using live energy data to
determine whether people are in a specific facility or
residence or what they are doing.
Identity theft and home invasions: protecting personal
energy data from criminals who could use the
information to harm consumers.
21
Automated Metering Infrastructure
(AMI) Security
Activity censorship: preventing the use of energy for
certain activities or taxing those activities at a higher
rate.
Decisions based on inaccurate data: shutting off power
to life-sustaining electrical devices or providing
inaccurate information to government and creditreporting agencies.
22
Outline





The Dictionary Definition for Security
Who Cares About Security?
Key Smart Grid Security Challenges
AMI Security
Techniques used to Achieve Cyber Securtiy
 Security Must Be Built IN
23
Techniques Used to Achieve Cyber Security?
Modern communication protocols are “layered”, as in the
Open Systems Interconnection (OSI) Model. The model
reflects how messages are sent in the traditional mail
service, with a message being placed in an envelope, an
address added, and the envelope entrusted to the post
office system, which transports the envelope over a
variety of physical media before eventually delivering the
envelope to the addressee.
Such messages may be protected in a variety of ways. One
way might guard each step of the postal worker, seal the
envelope with an “official” seal to detect tampering, the
other way might encrypt the message itself with a code
known only to the sender and receiver.
Which way is better?
24
Techniques Used to Achieve Cyber Security?
Figure 4. Communication security options
25
Techniques Used to Achieve Cyber Security?
Figure 5. Upper-layer security contrasted with lower-layer security
26
Outline






The Dictionary Definition for Security
Who Cares About Security?
Key Smart Grid Security Challenges
AMI Security
Techniques used to Achieve Cyber Security
Security Must Be Built IN
27
Security Must Be Built In
Confidentiality, integrity and availability (CIA) are defined
by NIST as follows:
Confidentiality: the property that sensitive information
is not disclosed to unauthorized individuals, entities, or
processes.
Integrity: the property that sensitive data has not been
modified or detected in an unauthorized and undetected
manner.
Availability: the property of being accessible and usable
upon demand by an authorized entity.
28