You may have heard about the Smart Grid, it has become a buzz word around developments in the energy market. But not everyone knows what the grid is, let alone the Smart Grid.
"The grid" refers to the electric grid that delivers electricity from the generator to the consumer. It has been recognised that traditional electric grids have been stretched to capacity; and in order to accommodate the requirements of a resource intensive society, a new kind of electric grid is needed – a smart grid that can automate and manage the increasing complexity of electricity demand.
A “grid” is converted to a “smart grid” when a large scale array of electricity distribution and/or transmission assets have been retrofitted with ubiquitous telecommunications infrastructure in conjunction with information technology hardware and software.
In this article we will briefly explore some of the information security objectives and risk implications of smart grids, and in particular smart meters which are a key element to manage the dynamic requirements of the grid.
The core components of a smart grid include distribution and transmission assets; communications infrastructure and information technology. And while you may derive benefit from a more (internet) connected system, the complexity introduces another dimension of risk that needs to be managed. Smart grid infrastructure uses sensors, meters, digital services and analytic tools to automate, monitor and control the two-way flow of energy across operations - from power plant to plug. By combining advanced communication, sensing and metering infrastructure with existing energy networks, smart grids enable the delivery of a more efficient, robust and consumer-friendly electricity network. However, each connection, link, and element of hardware and software can increase your threat profile (footprint) on the network and present a new entry point for an attacker to compromise.
In 2009, Smart Grid Australia received AU$100 million from the Federal Government for a National Energy Efficiency Initiative to develop a smart-grid energy network. And while smart grids have the potential to improve the economy, lifestyle and environment for Australians, their development, deployment and ongoing management will require a strategy of defence-in-depth. Indeed, the smart grid may be viewed as a solution looking for problems. Accordingly, security is warranted for such investment and critical infrastructure.
The Smart Grid's primary cyber security objectives must include protecting all services from malicious attack; preventing security incidents from compromising safety and protection; and delivering confidence in the confidentiality, integrity and availability of services including public trust in the accuracy of billing statements.
As a key element in the evolution of the Smart Grid, the Advanced Metering Infrastructure (AMI, Smart Meters) is the convergence of the power grid, the communications infrastructure, and the supporting information infrastructure. AMI security must exist in the real world with many interested parties and overlapping responsibilities.
Smart meters are a new wave of meter technology. They are effectively a computer for measurement of energy and deliver four main functions: monitoring and recording of demand; the logging of power relevant events, e.g., outages; the delivery of usage and logging information to the upstream utilities; and delivering and receiving of control messages, e.g., controlling smart appliances, remote disconnect, etc.
Because smart meters are computers, they are prone to the same security issues that affect other widely deployed systems, in particular embedded systems (special purpose computer hardware).
Among the key issues is the fact that in a competitive market, the time to deliver a product to market is significantly less than the time the product will operate in the market. Smart meters are designed to have a 20 year field operation expectancy. This provides ample opportunity to craft an attack which over the course of time, and greater product market penetration, can be expected to have greater consequence. Therefore it is imperative to design and implement secure systems.
The technical threats to smart meters will be explored in the next article in this series which will cover attacks against Software; Hardware Weaknesses; Encryption; Physical Security (tampering); Interfaces (local and radio) and Network (local and wide).
If security is addressed correctly (in-depth) then the following will be prevented. If not, the smart grid will indeed be the solution with many problems.
• Reputational Loss - Attacks or accidents that destroy trust in Smart Grid services, including their technical and economic integrity • Business Attack - Theft of money or services or falsifying business records • Gaming the system - Ability to collect, delay, modify, or delete information to gain an unfair competitive advantage (e.g., in energy markets) • Safety - Attack on safety of the grid, its personnel or users • Assets - Damaging physical assets of the grid or assets of its users • Short-term Denial or Disruption of Service • Long-term Denial or Disruption of Service (including significant physical damage to the grid) • Privacy violations • Hijacking control of neighbour's equipment • Physical and logical tampering • Subverting situational awareness so that operators take fatal actions that disrupt the system • Cause automated system to waste resources on false alarms. • Hijacking services • Using Smart Grid services or the supported communication mechanisms to attack end users residential or industrial networks (e.g., allowing end-users to compromise other end-users’ networked systems.)
Follow @CSO_Australia and sign up to the CSO Australia newsletter.