cyber security in the smart grid - amazon web services...cyber security in smart grid systems within...
TRANSCRIPT
Cyber security in the smart grid
Future Leaders industry forum
Future Leaders industry forum
—
This paper was developed in the framework of the IEC Young
Professionals (YP) Programme, whose core objective is to increase
the involvement in IEC work of the next generation of IEC experts
and leaders, and to encourage their long-term participation in
standardization and conformity assessment activities.
As part of the Programme, an IEC Future Leaders industry forum
event was organized, bringing together a group of IEC Young
Professionals to discuss and share their views on the issue of
cyber security in smart grid systems within the larger overall
context of security in smart infrastructures. Held on 26-27 March
2018 in Munich, Germany, the event was sponsored by Siemens
and moderated by the VDI/VDE Innovation + Technology GmbH
research institute. This paper summarizes the discussions of the
future leaders at the forum.
3
Executive summary
Smart infrastructures
—
In the past, physical devices have constituted the main element in
urban infrastructures, but with the increasing development of digital
technology and its growing use in the operation, maintenance and
coordination of such structures, a trend can be seen involving the
merging of physical and cyber-physical devices, giving rise to so-
called “smart infrastructures”. In the energy sector, electrical grids
are increasingly taking the form of smart grid systems in which the
application of digital processing and communications enables data to
flow from producers to consumers and vice versa.
The energy sector
—
Currently, the energy sector is undergoing a fundamental change
from vertical generation to platform-based generation of energy,
involving an increased need to converge and cooperate with other
industries. Specifically this means a shift in the functioning of power
systems from a centralized fossil fuel-based grid model toward
distributed and green-based networks utilizing increased distributed
energy resources (DER) and information technology (IT). This change
is generating additional challenges and considerations, including
those related to cyber security.
Smart grid of the future and cyber security challenges
—
In the future, major trends are foreseen involving the adoption of
communications and computing technologies, in particular those
related to use of big/smart data and algorithms in power systems,
such as (cloud-) connected sensors, data analytics and artificial
intelligence (AI).
Major developments are also foreseen in the area of services and
business models that build on the above technologies, such as AI-
based or big-data-based services, for example personalized energy
services, next generation demand response (DR) systems and real-
time balancing.
Power over ethernet (PoE) is becoming increasingly popular and
demonstrates how information and communication technologies (ICT)
and the electricity grid will converge in the future.
Expected innovations of the future
—
The following innovations are expected to emerge and become
mainstream in the smart grid sector. Interestingly, all of these
innovations are characterized by the same prominent features,
namely the qualities of being smart, connected, distributed and
secure. In addition, they all focus on the integration of hardware,
software and algorithms, and they all involve communications and
computing. It is highly probable that these innovations will also lead
to opportunities for the development of new business models. These
innovations include:
distributed smartness/intelligence
blockchain or similar trust systems
new business models
5G networks for high bandwidth and low latency communication
Internet of Things (IoT)
Standardization and conformity assessment needs
—
To respond to today’s cyber security challenges in the smart grid
and to anticipate the needs brought by these future trends and
innovations, the IEC will have an important role to play through
its Standards and conformity assessment (CA) activities. Some
current gaps and future opportunities in this regard are identified
in this paper, such as the need for Standards on the efficiency of
power diverters used to store or convert energy, and the necessary
development of robust standardization around all aspects of AI.
CA should enable quality assurance in the AI domain and the
assessment of functionalities for smart meters.
4
Structure of the paper
—
The present paper explores the above issues, challenges, trends,
innovations and needs in the particular context of cyber security
in smart grid systems. In addition to identifying how current and
expected developments may affect both the prospects and structure
of the energy sector, and determining the specific responses that such
developments imply, the paper formulates concrete recommendations
to IEC and its community of partners concerning standardization and
CA gaps and opportunities that need to be addressed in this context.
Section 1 outlines basic security issues affecting smart infrastructures
in general and sets the stage for an analysis in the rest of the paper
of cyber security aspects currently developing in the smart grid sector
and the IEC role in helping to address these with standardization and
CA tools.
Section 2 concentrates more specifically on smart grid system
security. Following an introduction on the smart grid as a whole
(subsection 2.1), future communication interfaces within a smart
grid infrastructure are considered in subsection 2.2, and current
and future cyber security issues raised by new and disruptive
technologies are discussed in subsection 2.3. Subsection 2.4
considers the implications and concrete needs posed by the prospect
of smart grids involving up to 10 million DER, the resulting issues
across key sectors and the different players and roles involved. The
transferability of gains in this respect from the smart grid to other
critical infrastructures is discussed in subsection 2.5. Throughout
this section recommendations are formulated to IEC concerning
appropriate actions to undertake.
Section 3 provides an aggregated summary of the innovations
expected in the smart grid energy sector in coming years, how they
will shape the development and operation of infrastructures and
what the IEC role could be in responding to the standardization and
assessment needs that emerge.
Annex A provides a copy of the preparatory material elaborated by
VDI/VDE Innovation + Technology GmbH (VDI/VDE-IT) in collaboration
with IEC Central Office as an outline/framework and stimulus for
participants in the IEC Future Leaders industry forum held 26-27
March 2018 in Munich. The current paper presents the reflections
that resulted from the forum on the basis of that material.
5
List of abbreviations
AI artificial intelligence
AT&C aggregate technical and commercial
CA conformity assessment
CII critical information infrastructure
DER distributed energy resources
DR demand response
DSO distribution system operator
ICT information and communication technologies
IoT Internet of Things
IP intellectual property
IPR intellectual property rights
ISMS information security management system
IT information technology
MSB (IEC) Market Strategy Board
OT operational technology
PoE power over ethernet
PV photovoltaic
RTO research and technology organization
SCADA supervisory control and data acquisition
SDO standards developing organization
SGAM smart grid architecture model
SSO standards setting organization
TSO transmission system operator
YP young professional
6
Table of contents
Executive summary
List of abbreviations
Section 1 Security in smart infrastructure
Section 2 Cyber security in the smart grid
2.1 Smart grid – an introduction
2.2 Future communication interfaces within a smart grid infrastructure
2.2.1 Standardization and conformity assessment needs
2.2.2 Recommendations for the IEC
2.3 Smart grid of the future and cyber security challenges
2.3.1 Current isses related to cyber security
2.3.2 Future new/disruptive technologies
2.3.3 Self-healing and predictive grids – opportunities and challenges
2.3.4 Standardization and conformity assessment needs
2.3.5 Recommendations for the IEC
2.4 Smart grids involving 10 million DER
2.4.1 Initial thoughts and questions
2.4.2 Players and their roles
2.4.3 Standardization and conformity assessment needs
2.4.4 Recommendations for the IEC
2.5 Transferability
2.5.1 Key issues across sectors
2.5.2 Standardization and conformity assessment needs
2.5.3 Recommendations for the IEC
Section 3 Aggregated results
3.1 Top innovations that are expected to shape the industry int he ocming years
3.2 Recommendations for the IEC
Annexe A Preparatory material
Annexe B List of contributors
3
5
7
8
8
9
10
10
10
11
11
13
14
14
15
15
15
15
15
15
16
16
16
18
18
19
20
25
7
Section 1Security in smart infrastructure
Infrastructures underpin and channel the basic systems and services,
such as transport and power supplies, that a country or organization
uses in order to work effectively. In the past, physical devices have
constituted the main element in urban infrastructures, but with the
increasing development of digital technology and its growing use
in such structures, the trend is toward a merging of physical and
cyber-physical devices, thereby giving rise to the concept of the
“smart infrastructure”. Critical information infrastructures (CIIs) are
defined as those facilities, systems or functions whose incapacity or
destruction would cause a debilitating impact on national security,
governance, economy and the social well-being of a nation. Typically,
power, oil, gas, transport, telecom and defence infrastructures are
considered as CIIs.
Smart infrastructures are made up of various components stemming
from diverse domains of activity, such as energy, transport, public
safety, etc. In smart infrastructures, sensing technologies are
embedded both in the infrastructure itself and in the equipment with
which it interacts. These sensors are connected to a communication
platform, which allows data acquisition and analysis. In this
environment, smart infrastructures are able to respond accurately
and instantaneously to users’ needs. This development also poses its
own set of challenges, as the use of software-controlled devices that
interact with the physical world brings new risks for the economy and
for the safety of people.
As the use of both cyber connection and the IoT is increasing, the
changes effected by this trend are impacting and accelerating an
energy transition in the world. The consumer is having more and more
access to information and will increasingly become the centre of the
energy system. This is challenging and transforming the way in which
energy is produced, consumed and distributed. In addition, the supply
landscape is also changing, as hydrocarbon and non-hydrocarbon
sources are becoming increasingly abundant, which should lead to
lower costs and a sustainable provision of energy.
In this paper, reflecting the expertise of the content contributors, we
will focus our analysis of security in smart infrastructures around the
smart grid and its cyber security issues, with particular attention on
the following themes:
future communication interfaces within a smart grid
infrastructure
the smart grid of the future and cyber security challenges
a smart grid consisting of 10 million DER
transferability
8
Section 2Cyber security in the smart grid
2.1 Smart grid – an introduction
A smart grid is an electrical grid in which the application of digital
processing and communications enables data to flow from producers
to consumers and vice versa. This in turn permits the detection of
and immediate reaction to local changes in usage. Information
management is central to the smart grid.
Today the world is experiencing the effects of relentless economic
factors that are steadily compacting loosely-coupled critical
infrastructures in favour of more tightly coupled systems. Loosely-
coupled critical infrastructures are relatively independent from one
another, and the state of any given individual infrastructure has
almost no effect on the state of other infrastructures, e.g. electricity,
water, etc. Tightly coupled critical infrastructures, on the other hand,
depend highly on one another. Electricity and communications
technology are becoming the most tightly co-dependent elements
of a critical infrastructure. Other elements (i.e. liquid fuels, water,
transportation, financial systems, etc.) continue to intermesh. A
consequence of this is that while society enjoys economic efficiency
in day-to-day operations, leeway within the critical infrastructure
ecosphere, and in particular within advanced societies that depend
on such infrastructures, continues to shrink. The result is a steadily
diminishing capacity of society to absorb a supply chain interference.
The energy sector is currently undergoing a change from vertical
generation to platform-based generation of energy, involving an
increased need to converge and cooperate with other industries.
The trend in power systems is to shift from a centralized fossil fuel-
based grid model toward distributed and green-based networks. This
trend is necessitating a new way of designing smart grids to ensure
more reliable and secure power system performance, as dependency
on resilient and reliable technology will only grow with the advent
of increased DER and IT, and additional considerations such as
cyber security that such elements entail. The demand side will be
increasingly involved in power system management, requiring large-
scale utilization of distributed communication networks. This evolution
will also enable consumers to become generators of their own
electricity and will provide them with the possibility of contributing
back to the grid as prosumers.
New communication interfaces, increased computing intervention,
energy generation and storage technologies, but also new sectors,
market players, business models, power plants, assets or even new
regulations will significantly impact the market participants of the smart
grid as well as the smart grid in its entirety. One of the key challenges
involved is a potentially higher degree of vulnerability due to:
greater interconnectivity, less specific boundaries between
systems and proliferation of technologies and interfaces
the growing intent and capability of a range of actors seeking to
deliberately subvert and maloperate energy related systems 1
New Standards and communication protocols will be vital to
ensuring that tomorrow’s grid is a platform with the appropriate
degree of openness and flexibility to respond to the opportunities
and challenges that the smart grid brings, while continuing to be
reliable, robust and resilient. With increasingly granular data and
communications, the power industry could transition to performing
as a multidirectional ecosystem for value exchange, much as the
telecommunications industry does. This changing landscape could
also generate a different perspective concerning the need for future
Standards and will likely push Standards developing organizations
(SDOs) to re-evaluate their current working practices and investigate
new ways of working, developing Standards and forging closer ties
with other SDOs.
1 The US Department of Energy (DoE) recently released a five-year cyber plan
covering some of the key issues: go.iec.ch/ypforum01
‘ With increasingly granular data and communications, the power industry could
transition to performing as a multidirectional ecosystem for value exchange.
9
2.2 Future communication interfaces within a smart grid infrastructure
One of the elements of smartness in the smart grid concerns
communication between all domains of the electrical energy supply.
Given that the smart grid is a critical infrastructure, it is of utmost
importance to guarantee security across all respective interfaces.
In this subsection we will look at future communication interfaces
within a smart grid infrastructure, taking into consideration certain
necessary technological changes, such as distributed intelligence, the
incorporation of blockchain and DER within the smart grid landscape.
We will also look at the role Standards as well as CA will play in this
development.
The contributors to this paper believe that the technologies, products
and services discussed below, which mirror elements of the IEC Smart
Grid Standards Map, will become widely adopted in the smart grid
of the future. Table 1 places these technologies, products, services,
etc. on the time frame of a trend radar which indicates when these
elements will be widely adopted.
Table 1 | Trend radar as established during the discussions in work stream 1 2
2 The term “work stream” refers to the different focal areas of discussion at the IEC Future Leaders industry forum (see Annex A).
Big data analytics
Blockchain
Edge computing
Machine/deep learning
AI
Quantum computation
Electric vehicles
Smart appliances
Green energy
Autonomous vehicles
Smart meter
Predictive maintenance
Aggregation services
P2P trading
Audit services
Data provider
Revenue sharing model
Trust provider
Availability pricing
Green market
IoT, industrial internet
Consensus-based islanding
Supervisory control and data acquisition (SCADA)
Smart meter
Blockchain
High bandwidth/performance and low power wireless networks
2020 2025 2030 2035 2040Identified itemsCategory
Technologies
Products
Services
Business models
Markets
Trends
Interfaces
Coloured bullets behind the identified items of different categories indicate that one of the conceived interfaces establishes a connection between those items.
10
2.2.1 Standardization and conformity assessment needs
Based on the above information, a subsequent discussion of
standardization and CA needs brought the paper contributors to focus
on the following two interfaces, as these were evaluated as being the
most important: high bandwidth/performance and low power wireless
networks, and smart meters.
High bandwidth/performance and low power wireless networks:
the standardization and CA needs related to this interface
concern performance in terms of latency, reliability, security
and bandwidth, as well as the need to accord test cases and
test procedures (including expected results). Another important
issue involves creating some sort of process that guarantees
interoperability on the basis of actual use cases. Conformity
should be assessed by including the entire system as opposed to
single devices, in order to take interoperability into account.
Smart meters: the standardization needs of this interface
should be identified on the basis of the needs of the market and
business models. Standardization should focus on security and
safety, taking into account the next and perhaps even the next-
plus-one generation of smart meters and interfacing, and should
formulate a minimal set of Standards for base functionalities.
The needs in the area of CA in this case were framed as a
recommendation to change the perspective from a use case
solution to one of functionality.
2.2.2 Recommendations for the IEC
The concrete recommendations addressed to the IEC in this area can
be summed up as follows:
High bandwidth/performance and low power wireless networks:
– Develop a process that guarantees interoperability on the
basis of actual use cases.
– Ensure that CA includes the entire system as opposed to
single devices, in order to take interoperability into account.
– Collaborate closely and foster coordinated working
relationships with other alliances active in this area. These
may include established organizations, such as IEEE, as well
as current or new consortia that may develop around new
technologies, such as the Wi-SUN alliance, LoRa alliance,
ZigBee alliance, etc.
Smart meters:
– Formulate a minimal set of Standards for base
functionalities that includes the next and next-plus-one
generation of smart meters and interfacing.
– Change the perspective from that of a use case solution to
one of functionality for CA.
– Provide standardized test beds and perhaps even test
engineers for CA.
– Encourage and incentivize close collaborations with
universities or research institutes.
2.3 Smart grid of the future and cyber security challenges
The fusion of a traditional grid with modern communication interfaces
has ramifications that extend beyond known historical disturbances to
critical infrastructure caused for example by natural disasters such as
floods or earthquakes.
The electricity grid has a long history – extending back to the start
of electro-mechanical technologies – of being an early adopter of
information and communication tools. Currently, most electricity
grid systems include an extensive, and steadily growing, overlay of
cybernetic systems (e.g. SCADA systems, advanced distribution/
energy management systems, smart metering, etc). Commercial
pressures have resulted in the removal of air gaps in the grids’
cybernetic systems and their fusion with consumer appliances on the
general internet. Grid owners are aware of the possibility of malicious
actors utilizing the bridge between internet and grid cybernetic
systems for their own nefarious purposes, and typically have suitable
technical controls in place. Nevertheless, this possibility constitutes a
new threat for the electricity grid.
Modern communication interfaces have enabled certain technological
changes within the smart grid landscape, notably:
distributed intelligence, including outage detection and response
to outage, rerouting of power by automated switching, reduction
of aggregate technical and commercial (AT&C) losses, peak load
management
mechanisms for dealing with message integrity (resistance
to modification) and the option to implement automated trust
services. The chosen technology will depend on the capabilities
or requirements desired and the extent to which those
requirements are satisfied. One such possible mechanism is the
blockchain
DER in which generation and storage are performed by a
variety of grid-connected devices (e.g. aggregators), creating
opportunities for novel business cases
For market participants in the smart grid, the particularities of the
smart grid environment lead to special and extremely demanding
requirements for an information security management system
(ISMS) and its security processes. In this context, the process of
risk management – risk assessment and risk treatment – deserves
special attention. Generally speaking, risk management allows system
operators to analyze what kinds of events can occur, determine what
the possible consequences of such occurrences could be and decide
what should be done and when it should be undertaken in order to
11
adequately prevent potential damage. Here, the special character of
the smart grid becomes obvious. Against a backdrop of emerging
business models, new market participants and a constant and
massive exchange of information between participants, the smart grid
represents a particularly demanding field for an ISMS, its processes
and relevant measures (so-called controls) (see ISO/IEC 27002 and
ISO/IEC 27019).
In addition, enhanced integration of ICT in the smart grid enables
resiliency and leads to enhanced efficiency, security and reliability,
but at the same time exposes the grid to an increased risk of cyber
intrusions and other ICT failures. Furthermore, the changing grid
landscape allows the entry of new stakeholders and non-traditional
grid players such as Amazon, Google and Tesla.
2.3.1 Current issues related to cyber security
Current key issues related to cyber security include the following:
the development towards an increased use of smart devices
and the concomitant issues related to their connection and
integration with other systems in the real world
the increasing necessity to involve consumers in the smart grid,
and the challenges associated with this development
the need for in-depth standardization and CA knowledge
from a substation perspective: the concern that with the
expanding number of devices involved, e.g. for monitoring, the
“attack surface” for cyberattacks on substations is increasing.
Critical Standards related to such issues in substations include
the following documents from IEC TC 57: Power systems
management and associated information exchange:
– IEC 61850 series, Communication networks and systems for power utility automation, in particular the individual parts related to protection and control in substations
– IEC 62351 series, Power systems management and associated information exchange – Data and communications security
from a utility perspective: the challenge to implement advanced
metering and at the same time support cyber security.
Standards relating specifically to this challenge from the
work of ISO/IEC JTC 1/SC 27: IT security techniques, include:
– ISO/IEC 27001:2013, Information technology – Security techniques – Information security management systems – Requirements
– ISO/IEC 27019:2017, Information technology – Security techniques – Information security controls for the energy utility industry
from the grid-to-estate perspective: especially for industrial
estates with complex requirements regarding interfaces and
energy management, needs connected with instance load
control and advanced metering
2.3.2 Future new/disruptive technologies
Participants at the IEC Future Leaders industry forum considered what
new/disruptive technologies (e.g. in the areas of communications,
computing, generation, storage, electronics) could be envisioned as
entering the market from today until 2040, and likewise which new
sectors, market players, business models, power plants, assets,
processes, or even regulations could be foreseen as playing a critical
role in the smart grid of the future. A trend radar was developed
for the coming 20 years, identifying trends in a number of relevant
categories related to technologies, position in the energy supply chain,
assets, market sectors, market players or framework conditions, and
mapping these on a time scale between today and the year 2040.
The criterion for positioning the trends on the timescale was their
actual availability on the market and their large-scale deployment.
Table 2 provides an overview of the trends identified and the projected
timeframe for their deployment.
‘ Enhanced integration of ICT exposes the smart grid to an increased risk of cyber
intrusions and other ICT failures.
12
Table 2 – Trend radar as established during the discussions in work stream 3
Connection to cloud (home/car/utility)
Artificial inertia
(Cloud-) connected sensors/trillion sensors, substations
Data analytics/social networks
Millions of producers
Battery parks storage technologies (Tesla)
Central AC generation from calibrated DC generation
Inertia control/real-time balancing standardavailable for photovoltaics (PV)
PoE
Self-healing grid/predictive grid (closed loop control)
Choose where energy comes from, commit toamount of energy used
Next generation DR systems (AI-based)
Configuration of energy services for consumers
Aggregators
Amazon
Enable non-connected persons access to the grid
2020 2025 2030 2035 2040Identified itemsCategory
Communications computing
Energy storage
Distribution consumption
Services business models
Sector players
Regulation policies
The following are the core thoughts of the paper contributors on this
topic:
Major trends are foreseen in the adoption of communications
and computing technologies, in particular related to big/smart
data and algorithms, in the power systems.
Examples include:
– (cloud-) connected sensors
– devices and assets
– data analytics
– AI
Artificial inertia (delivering power quickly when system frequency
deviates from its nominal value by a certain amount) was
mentioned as one concrete application.
Economic considerations regarding the cost of cyber security
versus the benefits associated with an extension of the grid’s
cybernetics into the home will drive the outcome.
Major trends are also foreseen in the area of services and
business models that build on the above technologies.
Examples of these include:
– AI-based or big data-based services such as personalized
energy services
– next generation DR systems
– real-time balancing
Projections confirm the impact of DER involving millions of
producers, and the related innovation potential:
– in the field of energy storage, e.g. battery parks for
secondary use of electric car batteries
– for new market sectors and players, e.g. aggregators
– for new services and business models, e.g. online market
places and digital platforms
PoE technology is growing in popularity and demonstrates how
ICT and the electricity grid will converge in future.
Most trends are projected for the coming 5-10 years, and
only very few for a timeframe of 15-20 years from today.
The trend furthest in the future is that of the self-healing and
predictive grid. Customers have already made significant capital
investments in the electrical appliances in their homes.
13
Suggested typical lifespans for these capital-expensive
appliances are as follows:
– pool pumps: 5 to 10 years, depending on run times, run
speed and exposure to elements
– air conditioners: 7 to 15 years, depending on run times and
basic maintenance
– dishwashers: 10+ years, depending on run times and basic
maintenance
– clothes dryers (resistors): 10 to 15 years, depending on
element life
– hot water systems (resistors): 10 to 20 years, depending on
anode replacements
– refrigerators: 10 to 20 years, depending on exposure to
elements and door seal life
– stoves and ovens (resistors): 20+ years
– solar PV systems: 10 years for the inverter and 25 years for
PV cells
The lifespan of these appliances subsequently dictates the
natural adoption rates of smart appliances and the support time
for an embedded IoT device. For example, solar diverters are
now entering the market place as an add-on to electric hot water
systems to minimize household importing power during partially
cloudy periods. However, the price of solar diverters is high,
typically between 100% to 200% of the base cost of an electric
(resistive) hot water system. While under present economic
conditions solar diverters are questionable and are adopted only
by enthusiasts, it is reasonable to assume that over time the
price of such units will fall significantly. No Standards exist on
the efficiency of these power diverters for storing or converting
energy.
A rule of thumb suggests that customers face two major hurdles
before adopting a new energy-efficient technology:
they must have access to the necessary capital
they typically seek a payback time of five years or less
Assuming these two criteria are met, even then the replacement cycle
for a smart appliance technology introduced in 2025 will still require
another 10 to 20 years to reach a critical mass.
Once again, economic factors – including the cost of cyber
security – will drive the adoption rates for smart appliances. If the
cost of ongoing cyber security to ensure the reliability of a smart
appliance outweighs the cost of a basic resistive hot water system,
then customers are unlikely to adopt such systems en masse.
2.3.3 Self-healing and predictive grids – opportunities and challenges
Based on the projections of the trend radar, a vision of the smart grid
of the future can be formulated, involving namely a “cyber secure
hyper-connected grid which self-heals using AI-control systems”.
It should be added that the actual implementation of such a self-
healing network can be more challenging to achieve than in theory,
as it includes:
installing the field hardware and getting the communication links
working
requiring grid engineers to spend a significant amount of their
time ensuring that disparate elements work together
integrating safety considerations (particularly on overhead
networks), ongoing software upgrades, maintenance of field
devices, etc. in the operation of the system
Therefore, for such a self-healing and predictive grid to be
implemented, the technology associated with self-healing networks
needs to mature. If it does not, the adoption of this technology could
remain incremental at best.
With regard to opportunities, it is expected that AI could be exploited
to make the grid more secure.
On the challenge side is the considerable complexity of the system,
i.e. the fact that millions of producers and an increasing number
of sensors, devices and assets are connected, that ICT and power
converge in the grid and that substations by necessity must contain
an increasing quantity of monitoring equipment. Specifically, concerns
are posed about:
controlling the unwanted switching off of devices, either through
accidental shutdowns or deliberate, manipulation in a cyber-
attack
knowing which devices need to be switched off and when, and
how to control that
the plugging in of devices for power charging that might also
transmit unwanted data
‘ A vision of the smart grid of the future involves a “cyber secure hyper-connected
grid which self-heals using AI-control systems”.
14
2.3.4 Standardization and conformity assessment needs
The following concrete standardization and CA needs related to these
opportunities and challenges have been identified:
No Standards exist on the efficiency of power diverters for
storing or converting energy.
In the area of AI, Standards and CA initiatives are needed in
order to set basic requirements and guarantee quality. The
notion of dependable or trustworthy AI should be underlined
here. Currently super-intelligence is the subject of a great
deal of thinking as well as the fact that AI may make decisions
in which human interests are not appropriately prioritized. A
key requirement that seems to be emerging is the notion of
interrogatability (transparency into how the AI arrived at a given
solution/conclusion). AI can deliver surprising results, which
are being collated by academics. For example, one AI system
deduced that the quickest way to sort a list of items was to
delete the list. Here something similar to Asimov’s Three Laws of Robotics is recommended 3:
– A robot may not injure a human being or, through inaction,
allow a human being to come to harm
– A robot must obey the orders given it by human beings
except where such orders would conflict with the First Law
– A robot must protect its own existence as long as such
protection does not conflict with the First or Second Laws
To address the challenges surrounding the switching off of
devices, a Standard on monitoring the system frequency is
seen as helpful. This could include forcing grid operators to
overlay cybernetic systems with backup systems that are
naturally immune to cyber threats. Examples would include
electromechanical protection relays or analogue electronic
relays built with discrete components (e.g. resistors, capacitors,
transistors) manufactured in a trusted environment. Such
duplication also alters the economics associated with the
installation of cybernetic systems. The electricity grid has worked
satisfactorily for over 100 years using electromechanical relays,
and the marginal gains obtained by retrofitting a cybernetic
system may not be worth the whole of life cost. In short, it may
be easier and cheaper to convert back to electromechanical.
Standardization concerning tamper-resistant connections and
respective CA would be useful for addressing concerns related to
the convergence of ICT and the power grid and would also help
build confidence in new technologies.
3 https://en.wikipedia.org/wiki/Three_Laws_of_Robotics
2.3.5 Recommendations for the IEC
Concrete recommendations addressed to the IEC in this area include
the following:
Develop Standards on the efficiency of power diverters for
storing or converting energy
Standards and CA mechanisms are needed in the area of AI, in
order to set basic requirements and guarantee quality that will
enable the development of dependable or trustworthy AI
Develop a Standard on monitoring system frequency to address
the challenges surrounding the switching off of devices
Standards and CA concerning tamper-resistant connections
would be useful to address concerns related to the convergence
of ICT and power grids and would also help build confidence in
new technologies
In view of increasing technology convergence and the fact
that many of the identified trends around cyber security in the
smart grid are related to communications, and given that cyber
security is a focal concern of many other communities, it was
recommended to:
– increase collaboration between the IEC and other
standardization organizations, such as the International
Telecommunication Union (ITU), the International
Organization for Standardization (ISO), the National Institute
of Standards and Technology (NIST), the North American
Electric Reliability Corporation (NERC)
– establish cross-committees with these other standardization
organizations
– organize a joint annual conference on cyber security
A need was seen for broader information, awareness raising and
practical training in the area of cyber security. In this context,
training for personnel on Standards and their respective CA
mechanisms was also recommended.
‘ Standards and CA mechanisms are needed to enable the development of
dependable or trustworthy AI.
15
2.4 Smart grids involving 10 million DER
Customer choices are driving a distributed energy revolution
globally – but how would an electricity system with up to 10 million
DER actually work in the long term? How will system operators
avoid chaotic threats to power quality and reliability or the choking
off of new connections in constrained parts of the network? New
Standards and communication protocols will be vital for ensuring
that tomorrow’s grid can function as a platform with the appropriate
degree of openness.
2.4.1 Initial thoughts and questions What does “open” really signify, e.g. in the context of open
source?
Does open mean more or less security?
Will such a platform need a central trust entity or can this be
established by technology, e.g. via a blockchain?
How can load/phase balance and synchronicity be ensured?
Who will be in charge of reliability?
How can liability be ensured with 10 million DER?
Can everyone/everything become sufficiently agile to react to 10
million DER or will this number of devices perhaps even balance
itself?
2.4.2 Players and their roles
A number of players and their corresponding roles were identified in
an envisioned open platform:
Property/building owners, who in contrast to their role in today’s
energy infrastructure will transform from being bare consumers
of electricity to serving also as generators. Their interest will
be to have access to cheap electricity, sell the electricity they
themselves generate at reliable prices and enjoy a high degree
of availability of the infrastructure.
Generation companies that sell electricity reliably and with “good
quality” in terms of voltage and frequency can still make a profit,
but their future chief asset will increasingly become reputation.
Distribution system operators (DSOs) and transmission system
operators (TSOs) who connect generators to consumers and act
as gate keepers can also make a profit and will equally want to
ensure their long-term reputation.
Communication network companies will be increasingly vital to
ensure fast, low latency and secure data transfer between the
DER, thereby performing a new role in such an ecosystem.
Electricians (installers) who guarantee an installation compliant
with Standards could perform another role that will potentially
gain importance. Their interest, among others, mainly concerns
safety when working on the grid infrastructure, and they will
require additional communications/network competencies.
Manufacturers of e.g. solar panels or storage devices need to
make sure their equipment adheres to applicable Standards.
Aggregators potentially will play an important role in combining
and balancing large fractions of up to 10 million DER.
Regulators and CA bodies will continue to be responsible for the
development of the relevant Standards and CA procedures to
ensure reliable and secure availability of electricity.
2.4.3 Standardization and conformity assessment needs
The main challenges identified in connection with an open platform
scenario again revolved around the issues of reliability, liability and
financing of the grid, or respectively of the entire infrastructure.
In most cases, these challenges can be translated directly into
recommendations for regulators and CA bodies aimed at promoting
their role in monitoring the effective functioning of open platforms.
2.4.4 Recommendations for the IEC
Concrete recommendations addressed to the IEC in this context
include the following:
Regulators and CA bodies should make sure that they retain
responsibility for ensuring that all components involved in
an open platform work in such a way that energy is reliably
available.
Specifically in connection with cyber security, it was noted that
mere development of additional Standards would not suffice.
It was therefore recommended that only practical guidelines
following best practices in combination with case studies and
lists of do’s and don’ts will result in a valuable contribution to the
digital transformation that most of the companies are already
undergoing.
2.5 Transferability
A valuable question to pose regarding smart grids within the wider
context of security in smart infrastructures, concerns the issue of
transferability, i.e. to what extent can lessons learned in addressing
challenges related to cyber security in the smart grid be transferred
and applied in other critical infrastructures or smart systems. Such
infrastructures are operative in a variety of domains, including gas
and oil, ICT, transport and traffic, health, water, food, finance and
assurance, government and public administration, media and
cultural production, building and construction. Likewise, various
smart infrastructures function in parallel with smart grids, including
for example smart cities, smart production and smart homes. What
specifically could be transferred between sectors and could thereby
be transformed into collective knowledge in the sense of learning
from the best? The objective here is to help avoid duplication of
mistakes and contribute to the wider aim of security and sustainability
of existing and future critical and smart infrastructures.
16
2.5.1 Key issues across sectors
A number of key issues were identified across sectors:
In every smart infrastructure, a variety of different parties and
activities are involved, such as generation, distribution, metering,
billing and smart services. Among the latter, for example, could
be cited the generation of unified bills for electricity, water,
gas, television, internet etc. for the same consumer, or smart
contracts enabling people to sell electricity to their neighbours.
This complexity gives rise to a number of questions and
challenges:
– Reliability: who is responsible for ensuring reliability, e.g. in
the case of software or infrastructure?
– Maintenance: who is in charge of performing maintenance,
e.g. in the case of devices, services, connectivity?
– Liability: who is liable if something goes wrong?
– Privacy: who has access to data, and how can privacy be
guaranteed across all involved parties?
– Intellectual property rights (IPR): who owns the Intellectual
property (IP), and could there be shared rights?
A number of commonalities exist across all smart infrastructures.
In some cases common Standards, cooperation, joint activities or
other forms of sharing are seen as beneficial. Examples include:
– Communications: since communications are always needed,
a common telecom infrastructure makes sense
– Utilities: services of utilities could become more cross-
sectorial in the future
– Life cycle: in all smart and critical infrastructures, the
integrity of devices has to be guaranteed along the entire
life cycle. On-boarding and decommissioning are relevant
issues in this respect
– Incidents: all smart and critical infrastructures need to
report and respond to incidents. The utility of centralized
reporting mechanisms and standardized response
procedures under fault conditions was cited as important
and as allowing involved parties to respond globally
2.5.2 Standardization and conformity assessment needs
The above key issues can be translated into concrete measures,
including identification of actors to be involved and a timeline for
implementation. The results of the discussion were as follows:
A measure was proposed to define and standardize security
levels for products, services, systems, etc. and to ensure
that such levels are well-publicized and widely-recognized.
Additionally, development of a respective cyber security audit
was recommended as urgent, both for IT and operational
technology (OT), involving cross-sectional experts and
manufacturers, testing labs and CA personnel. The benefits
of such an initiative would extend well beyond just the smart
grid, as such audits could be utilized across all other “smart”
infrastructures (smart building, smart home, smart city, etc.)
and for IoT devices. However it should be noted that even a
securely designed and constructed application can be integrated
in an insecure manner to an existing system. Any security
framework needs to include consideration of the possible
emergent elements of security that arise during operation
(security operations and response and recovery have to form an
integral part of the security lifecycle). A cyber security task force
already exists in Working Group 3 of the IEC Systems Committee
on Smart energy to address the high level overview of cyber
security across the smart energy domain. IEC CAB WG 17: Cyber
security, is addressing the CA side of this topic.
Building on the above measure, it was recommended to develop
CA or benchmarking measures for companies that test for
cyber security. As with the cyber security audit measure, this
recommendation was considered urgent.
Maintenance of devices during their entire life cycle (from
manufacturing, installing and on-boarding to decommissioning)
is seen as a major challenge to be solved in the medium term
through development of something similar to the life cycle
models elaborated by software developers such as SAP and
Microsoft. Again this measure should involve cross-sectional
experts and manufacturers, testing labs and CA personnel.
It was recommended to explore how IEC could use and
contribute to knowledge on incident sharing and analysis centres
across domains and regions. A first step could involve developing
measures to share data and best practices, foster cross border
collaboration on governance and regulation, extend education
and encourage incidents and vulnerability assessment with
IEC experts.
Since sharing of solutions was identified as a need, but at the
same time was seen as constituting a challenge due mainly
to IP concerns, it was recommended that means be found for
incentivizing such sharing, e.g. by introducing signed software or
secure hardware labels, making them an integral part of device
software management principles.
Liability in the case of issues across a system was seen as an
important principle, and it was recommended that mediation
mechanisms be developed in the medium term. IEC could
provide guidelines for this, however such mechanisms will need
to be adopted by governments to guarantee their wide use.
2.5.3 Recommendations for the IECConcrete recommendations addressed to the IEC in this area include
the following:
The work currently being done by the cyber security task force
in Working Group 3 of the IEC Systems Committee on Smart
energy and by CAB WG 17: Cyber security, should be more
widely publicized.
17
Development of a cyber security audit was recommended for
both IT and OT.
Development of CA or benchmarking measures for companies
that test for cyber security was proposed.
Standards and CA mechanisms for maintenance of devices
during their entire life cycle (from manufacturing, installing and
on-boarding to decommissioning) should be developed along the
lines of the life cycle models elaborated by software developers
such as SAP and Microsoft.
The IEC should use and contribute to the knowledge on incident
sharing and analysis centres across domains and regions. It
was suggested that a first step could be to develop measures to
share data and best practices, foster cross border collaboration
on governance and regulation, promote education more widely
and encourage incidents and vulnerability assessment with
IEC experts.
Means should be found for incentivizing the sharing of solutions
in cases where IP is a concern, e.g. by introducing signed
software or secure hardware labels, making them an integral
part of device software management principles.
The IEC could provide guidelines including mediation
mechanisms for liability issues across a system, with such
guidelines being adopted by governments to guarantee their
wide use.
There should be commonly-defined tiers indicating how “secure”
a device is, recognizing that there is no such thing as a perfectly
secure system, and that the level of security required for a bank
or utility may not be the same as that needed for a children’s toy.
Data protection should take place at the level nearest to the end
user, i.e. the application level.
Training should be available on cyber security best practices
specifically for end customers.
There should be a phasing out of old (insecure) protocols such
as Telnet.
By virtualizing networks, along the same lines as those adopted
in the telecom sector, scalability issues could be addressed.
Generally, when designing infrastructures, it is recommended to
learn from the IT industry.
18
3.1 Top innovations that are expected to shape the industry in the coming years
Five top innovations clearly emerge. Interestingly, in all of these
innovations the same features are quite prominent, namely the
qualities of being smart, connected, distributed and secure. In
addition, they all focus on the integration of hardware, software and
algorithms, and all five involve communications and computing.
Finally, it is noteworthy that these innovations lead to opportunities for
the development of new business models.
Top innovation 1: Distributed smartness/intelligenceWith the advent of DER and distributed energy storage systems it
will become more and more important to make decisions in place,
in order to save communication costs and minimize delays. This
touches on subjects such as sensor networks, real-time sensing, data
processing and actuation, and in particular on edge computing, where
in contrast to cloud computing the data is not transferred to a remote
server but is processed in place. This might include intricate pattern
recognition based on machine learning and artificial intelligence, for
which powerful, and at the same time highly reliable, hardware as
well as reliable algorithms and software are needed. At the same
time distributed smartness is a prerequisite for a self-healing grid,
because it enables real-time DR systems, dynamic frequency control
and artificial inertia.
Top innovation 2: Blockchain or similar trust systemsThe catchword referring to what was probably the single most
frequently mentioned innovation is the blockchain and similar
technologies, by which an entire ecosystem of business cases
becomes viable. Offering an immutable distributed ledger, blockchain
technology is today at the heart of many innovations in varying fields
such as transport logistics, supply chain management or smart
contracts. The latter application would also offer tremendous potential
in the case of a new energy system, in which, for instance, a contract
between a consumer and a supplier could be negotiated automatically
and flexibly according to the momentary relation between demand
and supply.
Top innovation 3: New business modelsA common issue raised was the necessity for established actors
in the energy market to adapt their business models or even
completely rethink them, thereby generating entirely new models.
With the vanishing paradigm of a unidirectional energy system, in
which energy is transformed by a relatively small number of large
power plants on one end, transmitted by a network that is operated
by an even smaller number of actors, and finally distributed into
local grids, many business models will become obsolete or will
at least be strongly challenged as DER generate power locally and
intelligent assets automatically route the energy within geographically
confined areas. Those confined areas – sometimes referred to as
cells – might be able to balance their energy supply and demand
without ever connecting to an overlying grid (islanding). Similarly, the
convergence of infrastructures, e.g. ICT and energy, will create new
opportunities for utilities to transfer services to other sectors. These
developments will create market opportunities for new actors and
new smart services, and will at the same time push requirements for
new technologies such as blockchain. Examples of such new actors
and services include aggregators, digital platform providers, security-
as-a-service providers, but also certification bodies and training
providers. These new business models will also push requirements
for new technologies such as blockchain, distributed intelligence and
sensing mechanisms.
Top innovation 4: 5G networks for high bandwidth and low latency communicationThe above-mentioned edge computing will probably never be able
to carry out the most demanding data analysis, meaning that of all
the elements involved it will be the large and complicated data sets
that have to be transferred to more powerful computers and servers
via fast and secure communication. This will enable entirely new
business models. When a provider offers to update pricing models
according to fluctuations that might result from local weather
changes, these updates need to be implemented without substantial
delay. Otherwise batteries might be charged with cheap power when
strong solar irradiation was present an hour before. Similar to top
innovation 1, this innovation constitutes another important enabler of
a self-healing grid.
Section 3Aggregated results
19
Top innovation 5: Internet of ThingsIoT summarizes an entire ecosystem of sensors, actuators and
other distributed devices that communicate among each other and
with other computing infrastructures. The projections of different
analysts concerning the number of devices that can be expected
to be deployed in the field in the coming years surpass each other,
however the commonality of such forecasts places the figure in the
billions. Putting this tremendous resource of data to good use in
connection with the energy system definitely constitutes another top
innovation that will emerge in the near future, but this development
will also pose a significant challenge, given that the vast amounts of
data produced by IoT devices not only can be used to provide more
accurate snapshots of current situations, but could also be employed
to cripple systems. In fact, first approaches are already well underway,
in which for instance the rain sensors of connected cars are used
to generate precise and strongly localized weather forecasts. In the
same sense, the brightness sensors of shades on buildings might
be used to generate an up-to-date outlook on the expected solar
irradiation.
3.2 Recommendations for the IEC
Recommendations addressed to the IEC in these areas relate to four
categories:
Standardization
—
Standards are needed on the efficiency of power diverters to
store or convert energy
Develop training Standards on cyber security
Ensure consistency of Standards
Develop Standards with an actual application in mind (not
isolated devices and narrow test conditions)
Develop smart meter Standards for base functionalities
Develop a Standard on fail-safe operation of DR/load control
Develop an AI Standard equivalent to Asimov’s Three Laws of
Robotics
Develop a Standard on monitoring system frequency
Develop a Standard on tamper-resistant devices connection
Develop high performance/bandwidth Standards (parameters,
test cases and procedures)
Develop life cycle models ensuring maintenance of devices
during their entire lifetime
Conformity assessment and certification
—
Cyber security audit based on Standards for cyber security levels
CA including the whole system, not just single devices
CA or benchmarking for companies testing for cyber security
CA for personnel dealing with cyber security
Test beds and test engineers for cyber security
Quality assurance of AI
Assessment of functionalities, not key figures, for smart meters
Signed software/secure hardware labels
Training and publications
—
Practical trainings on cyber security, especially for end users/
installers of DER
Practical guidelines on best practices/case studies/do’s and
don’ts in cyber security
Best practice collection on incident management, vulnerability
assessment and penetration testing
Guidelines on liability in case of issues across a system,
including mediation mechanisms
Information and awareness raising on cyber security
Work of IEC in this area should be more widely publicized
Cooperation
—
Cooperate on cyber security
Cooperate on incident sharing and provision of analysis centres
across domains and regions
Cooperate with other SDOs, Standards setting organizations
(SSOs), alliances (cross-committees, joint conferences)
Cooperate with universities and research and technology
organizations (RTOs)
Share solutions (if needed by incentivizing to overcome IP
concerns)
20
Annexe APreparatory material
IEC Future Leaders industry forum
“Security in smart infrastructures”
26-27 March 2018
This document has been prepared by VDI/VDE-IT in collaboration with
IEC Central Office.
Introduction and scope of the forum—
The conventional power grid has transformed into a smart grid – not
least due to:
the rise of renewable and DER
the growing number of smart devices, such as smart meters,
smart meter gateway, and controllable local systems
the immense amount of smart data generated and processed by
these devices
the introduction of digital platforms and the associated digital
business models and digital services
One of the big challenges of the smart grid is the potentially higher
degree of vulnerability due to the much larger number of targets for
cyberattacks. At the same time, with cyber security in place, a big
opportunity of the smart grid consists in the availability of additional,
new and possibly better options to assure resilience. Cyber security
is a prerequisite to successfully address the challenge and seize the
opportunity.
The six work streams of the IEC Future Leaders industry forum will
therefore look into “cyber security in the smart grid”
with a focus on key topics, such as security of communication
interfaces, security processes, technology and market trends
from different perspectives, such as standardization, CA, best
practices and transferability
While parts of the group work will consist in taking stock of the
present situation, the primary focus of all work streams will be to look
at the future, within a range of 10 to 20 years from today, including
technology and market trends, visions and scenarios, as well as
proposed solutions and recommendations. The 2-hour work streams
in the morning are expected to be quite intense and very much
results-oriented, whereas the shorter work streams in the afternoon
will be oriented towards a fruitful exchange of knowledge and ideas
between delegates. The following table gives an overview of the six
work streams and their timing.
ws # Morning work streams
Afternoon work streams
ws #
1 Communication
interfaces of tomorrow
Cyber security in
distributed networks –
benchmarking
4
2 Security processes/
ISMS
Tomorrow’s grid – case
study
5
3 Trend scouting – energy
sector 4th generation
Transferability 6
(Sub-)Topics and related work streams—
Work stream 1: Communication interfaces of tomorrowOne of the elements of smartness in the smart grid is communication
between all domains of the electrical energy supply. Given that the
smart grid is a critical infrastructure, it is of utmost importance to
guarantee security across all respective interfaces.
This work stream is therefore intended to identify future
communication interfaces within a smart grid infrastructure, taking
into consideration certain necessary technological changes, such
as distributed intelligence, the incorporation of blockchain and DER
within the smart grid landscape:
distributed intelligence refers to the part of the smart grid
that applies to the utility distribution system (wires, switches,
and transformers) that connect the utility substation to the
customers. A key component of distributed intelligence is outage
detection and response. An automated system can respond
more quickly and keep power flowing to more customers. By
having sensors that can indicate when parts of the distribution
system have lost power, and by combining automated switching
with an intelligent system that determines how best to respond
to an outage, power can be rerouted to most customers in a
21
matter of seconds, or perhaps even milliseconds. Other major
key expectations of distributed intelligence are to reduce AT&C
losses and deal with peak load management.
blockchain is a continuously growing list of records, called
blocks, which are linked and secured using cryptography.
Each block typically contains a cryptographic hash of the
previous block, a timestamp and transaction data. By design, a
blockchain is inherently resistant to modification of the data as
once recorded; the data in any given block cannot be altered
retroactively without the alteration of all subsequent blocks,
which requires collusion of the network majority. In the smart
grid, blockchains may be used to implement several automated
trust services, thereby making several current trust services
obsolete and enabling different services and business models.
DER are electrical generation and storage performed by a
variety of small, grid-connected devices. These local networks
consisting of storage, renewable technologies, fossil fuel, solar
are becoming more and more common today. DER will create
an opportunity for third party companies (aggregators) to insert
themselves between customers and utilities, which will disrupt
the utility model.
The group will look at the entities involved in these communication
interfaces, how these interfaces will be secured, and which role
Standards as well as CA will play.
It is recommended that the group bear in mind the use cases
approach of the standardized smart grid architecture model (SGAM)
as visualized in the IEC Smart Grid Standards Map.
Questions: when looking into the following questions it is important
to bear in mind that we would like you to project what challenges
and opportunities you think lie ahead in the coming 10-20 years.
The below bullet points include suggestions from discussions of the
IEC Market Strategy Board (MSB) but they should not limit you in
this future looking exercise. Therefore you don’t necessarily need to
consider or limit yourself to these below questions; they are there to
give you some helpful guidance and direction. Don’t forget to think
outside the box!
If you consider distributed intelligence, how would you see it
affect the communication in the smart grid in the future?
If you think blockchain will play a major impacting role, what
different services and business models would you anticipate with
its advent?
If you decide to consider DER, how would you envision the
insertion of third party companies (aggregators) between
customers and utilities in DER? How do you think it might
disrupt/modify the current utility model and communication
between all domains of the electrical energy supply?
What additional/new interfaces would you envision to become
relevant in the future?
How could these interfaces be secured in the future?
What standardization needs would you envision with these new
challenges that you have identified?
How would you envision CA in the communication of the
smart grid when looking at these new elements that you have
identified?
Work stream 2: Security processes/ISMSThe establishment, implementation and maintenance of an ISMS
is practiced in many companies and industries. An internationally
recognized ISMS is described in ISO/IEC 27001. This is generally
valid and can be applied to any type of organization.
Three perspectives determine this management system:
a governance viewpoint (IT targets and information security goals
derived from the overriding corporate objectives)
a risk viewpoint (protection needs and risk exposure of corporate
values and IT systems – the company’s appetite for risk –
opportunities vs. risks)
the compliance viewpoint (external requirements through
laws, regulations and standards – internal requirements and
guidelines – contractual obligations)
For market participants in the smart grid, the particularities of the
smart grid environment lead to special and extremely demanding
requirements for an ISMS and its security processes from all three
perspectives. In this context, the process of risk management (risk
assessment and risk treatment) deserves special attention. Generally
speaking, risk management allows to analyze what can happen, what
the possible consequences can be, and to decide what and when
it should be done in order to adequately prevent potential damage.
Risks in the context of information security arise from:
the use of IT systems and IT technologies
data exchange within and outside the organization, legacy
systems and legacy applications
cooperation with third parties
remote access by third parties
natural phenomena/natural disasters
sabotage and white-collar crime
the use of new systems and technologies
Here, the special feature of the smart grid becomes obvious – for
all market participants. Against the backdrop of emerging business
models, new market participants, a constant and massive exchange
of information between the participants, the smart grid represents a
particularly demanding field for an ISMS, its processes and relevant
measures (so called controls) (see ISO/IEC 27002 and 27019). In
addition to that, enhanced integration of ICT in the smart grid enables
22
resiliency and leads to enhanced efficiency, security and reliability,
but at the same time introduces the grid to increased risk of cyber
intrusions and other ICT failures.
Furthermore, the changing grid landscape allows the entry of new
stakeholders and non-traditional grid players such as Amazon, Google
and Tesla.
Questions: when looking into the following questions it is important
to bear in mind that we would like you to project what challenges
and opportunities you think lie ahead in the coming 10-20 years.
The below bullet points include suggestions from discussions of the
IEC Market Strategy Board (MSB) but they should not limit you in
this future looking exercise. Therefore you don’t necessarily need to
consider or limit yourself to these below questions; they are there to
give you some helpful guidance and direction. Don’t forget to think
outside the box!
What we suggest is that you look at ten years from now (2030), and
see how you would:
define the scope of the ISMS of a smart grid participant with all
implications (e.g. definition of security goals) in a meaningful way
see the requirements in terms of new tools and binding
methodologies for concrete processes such as risk management
(beyond for example ISO/IEC 27005)
see the enhanced integration of ICT in the smart grid influencing
the ISMS of the grid. What challenges do you anticipate?
see the smart grid landscape with new stakeholders and non-
traditional grid players such as Amazon, Google and Tesla
see standardization help meet the challenges you have identified
envision CA to help meet the challenges you have identified
Work stream 3: Trend scouting – energy sector 4th generationNew communication interfaces, increased computing intervention,
energy generation and storage technologies, but also new sectors,
market players, business models, power plants, assets, or even new
regulations will significantly impact the market participants of the
smart grid as well as the smart grid in its entirety, including the cyber
security aspect.
The energy sector is currently entering the 4th generation which
implies a change from a vertical generation to a platform-based
generation with an increased need to converge and cooperate with
other industries. There will be an increasing dependency on resilient
and reliable technology with increased DER and cyber security.
In this work stream the group will develop a trend radar for the coming
20 years, mapping new technologies, assets etc. in respective radar
segments and on a timeline from today until 2040. Based on this, the
group will work on visions, scenarios or missions for the smart grid of
the future and look at its cyber security challenges. It will anticipate
challenges and opportunities, and take into account the role that
standardization and CA will play.
Although the clear focus of this work stream is on future
developments, it is strongly encouraged to also dedicate some
time to challenges that might arise in the context of legacy systems
due to the necessary security goals (e. g. confidentiality, integrity,
availability), especially in combination with new technologies and new
communication protocols. The question of how to include existing
plants into the smart grid and retrofit them with a minimal amount
of intelligence will be key for both a fast and secure adaption of new
technologies, and consequently a sustainable smart grid.
Questions: when looking into the following questions it is important
to bear in mind that we would like you to project what challenges
and opportunities you think lie ahead in the coming 10-20 years.
The below bullet points include suggestions from discussions of the
IEC Market Strategy Board (MSB) but they should not limit you in
this future looking exercise. Therefore you don’t necessarily need to
consider or limit yourself to these below questions; they are there to
give you some helpful guidance and direction. Don’t forget to think
outside the box!
With the energy sector entering the 4th generation, you could
consider looking at which new/disruptive technologies (e.g.
communications, computing, generation, storage, electronics)
you would envision entering the market, and where would you
locate them on a timeline from today until 2040
You could also consider looking at which new sectors, market
players, business models, power plants, assets, processes, or
even regulations you would envision to play a critical role in the
smart grid of the future, and where would you locate them on a
timeline from today until 2040
How do you think the trends that you have identified will impact
the smart grid? Where do you see challenges and opportunities?
How will it affect the cyber security issues of the smart grid?
In view of these trends, you could consider looking into which
challenges might arise in the context of legacy systems, and how
they could be addressed
What could be visions, scenarios or missions for the smart grid
of the future?
What role could standardization and CA play in this? Where do
you see opportunities? Who are the relevant stakeholders, what
is the timeline, and what are your recommendations?
23
Work stream 4: Cyber security in distributed networks – benchmarkingThere is an increasing trend in the power systems from a centralized
fossil fuel-based grid toward a distributed and green-based network.
This requirement compels a new way of designing smart grids for a
more reliable and secure power system performance. Involving the
demand side in the power system management requires large-scale
utilization of distributed communication networks.
The benchmarking exercise foreseen in this work stream builds on
the excellent regional and sectorial coverage of the delegates, and
their collective technical, political, regulatory, standardization and CA
related experience.
The group will develop a plan for how they see the evolution of the
power system towards a distributed network and the related cyber
security challenges from the perspective of their respective regions
of the world.
Questions: when looking into the following questions it is important
to bear in mind that we would like you to project what challenges
and opportunities you think lie ahead in the coming 10-20 years.
The below bullet points include suggestions from discussions of the
IEC Market Strategy Board (MSB) but they should not limit you in
this future looking exercise. Therefore you don’t necessarily need to
consider or limit yourself to these below questions; they are there to
give you some helpful guidance and direction. Don’t forget to think
outside the box!
In the coming 10-20 years how do you see the evolution of the
power system towards a distributed network in your region of the
world? What will the related cyber security challenges be?
What standardization needs do you envision to meet this
evolution and its related cyber security challenges?
How can CA help meet this evolution and its related cyber
security challenges?
Are there underlying commonalities from the different regions
of the world? What are they (include the evolution of the power
system and the standardization and CA needs)? Does the group
consider these underlying commonalities as best practice in view
of a secure and sustainable future smart grid?
What measures could be taken to implement these best
practices in the coming 10-20 years? Who would be the relevant
stakeholders, and what is the timeline?
Work stream 5: Tomorrow’s grid – case studyCustomer choices are driving a distributed energy revolution
globally – but how would an electricity system with up to 10 million
DER actually work in the long term? How will system operators avoid
chaotic threats to power quality and reliability or choking off new
connections in constrained parts of the network?
New Standards and communication protocols will be vital to ensuring
tomorrow’s grid is not only a platform – but a platform that is open
to a degree. With increasingly granular data and communications can
the power industry transition to a multidirectional ecosystem for value
exchange, much more like telecommunications?
This will also bring a different way to view the future Standards’
needs. Could an open platform also force traditional SDOs to re-
evaluate how they draft and implement Standards?
Questions: when looking into the following questions it is important
to bear in mind that we would like you to project what challenges
and opportunities you think lie ahead in the coming 10-20 years.
The below bullet points include suggestions from discussions of the
IEC Market Strategy Board (MSB) but they should not limit you in
this future looking exercise. Therefore you don’t necessarily need to
consider or limit yourself to these below questions; they are there to
give you some helpful guidance and direction. Don’t forget to think
outside the box!
What are the foreseen challenges of a 10 million DER grid for it
to actually work in the long term? How would you address these
challenges?
What standardization and CA needs would you anticipate to help
meet these challenges?
What will a 10 million DER grid bring in terms of cyber security
challenges? How would you address these cyber security
challenges?
What standardization and CA needs would you anticipate to help
meet these cyber security challenges?
How do you see Standards being drafted and implemented
to meet the challenges of an open platform that would be
necessary to meet the requirements of such a grid?
24
Work stream 6: TransferabilityAlthough the overall scope of the 2018 edition of the IEC Future
Leaders industry forum is on the smart energy infrastructure, having
one work stream with a cross-sectorial view and a broader scope
covering the full breadth of smart and critical infrastructures is
considered useful and of mutual benefit.
The group will therefore look into transferability of the future
challenges between cyber security in the smart grid and that in
other critical Infrastructures (gas and oil, ICT, transport and traffic,
health, water, food, finance and assurance, government and
public administration, media and culture production building and
construction), or other smart infrastructures (e.g. smart cities, smart
production, smart home).
Based on a collection of commonalities, differences, lessons learnt and
good practice, the group will look at how these could be transferred
between sectors, and be transformed into collective knowledge in the
sense of learning from the best, and avoiding duplication of mistakes.
The wider aim is to contribute to the security and sustainability of
existing and future critical and smart infrastructures.
Here are some questions you could consider:
What are the common future challenges between cyber security
in the smart grid and other critical or smart infrastructures?
Which of these would be worth transferring from the smart grid
to other infrastructures or vice versa ? Would they be transferable, and how could transfer be achieved?
How could they be transformed into collective knowledge, and
hence contribute to secure and sustainable infrastructures in the
future?
Today different utilities are dealt with as silo institutions, with
discrete control and management. Do you see a future merging
of common areas across these institutions? Therefore would you
see these common future challenges as being repeated from
one critical or smart infrastructure to another in silos, or would
you see them merging into one?
What are your recommendations, which measures could be
taken, who are the relevant stakeholders, and what is the
timeline?
25
Annexe BList of contributors
Ethan Biery, Lutron Electronics
Kai Cui, Haier Group
Roberto Fernandez, National Grid
Markus Gaaß, VDI-VDE-IT
Laurent Gomez, SAP
Tri Hardimasyar, PT PLN (Persero)
Roland Hug, General Electric
Steven Humphries, Australian Energy Market Operator
Clemens Klemm, Siemens
Atsushi Miyoshi, Mitsubishi Electric Corporation
Chan-keun Park, Korea Testing Certification
Ralf Rammig, Siemens
Yimin Rao, JTC Corporation
Hem Parkash Thukral, Ernst & Young
Petra Weiler, VDI-VDE-IT
26
About the IEC
The IEC, headquartered in Geneva,
Switzerland, is the world’s leading publisher
of International Standards for electrical
and electronic technologies. It is a global,
independent, not-for-profit, membership
organization (funded by membership fees
and sales). The IEC includes 171 countries
that represent 99% of world population and
energy generation.
The IEC provides a worldwide, neutral and
independent platform where 20 000 experts
from the private and public sectors cooperate
to develop state-of-the-art, globally relevant
IEC International Standards. These form
the basis for testing and certification, and
support economic development, protecting
people and the environment.
IEC work impacts around 20% of global
trade (in value) and looks at aspects such
as safety, interoperability, performance
and other essential requirements for a vast
range of technology areas, including energy,
manufacturing, transportation, healthcare,
homes, buildings or cities.
The IEC administers four Conformity
Assessment Systems and provides a
standardized approach to the testing and
certification of components, products,
systems, as well as the competence of
persons.
IEC work is essential for safety, quality and
risk management. It helps make cities
smarter, supports universal energy access
and improves energy efficiency of devices
and systems. It allows industry to consistently
build better products, helps governments
ensure long-term viability of infrastructure
investments and reassures investors and
insurers.
Key figures
171 Members and affiliates
>200
Technical committees and subcommittees
20 000
Experts from industry, test and research
labs, government, academia and
consumer groups
>10 000
International Standards
in catalogue
4
Global Conformity Assessment Systems
>1 million
Conformity Assessment certificates
issued
>100 Years of expertise
A global network of 171 countries
that covers 99% of world population and
electricity generation
Offers an Affiliate Country Programme
to encourage developing countries to
participate in IEC work free of charge
Develops International Standards and runs
four Conformity Assessment Systems to
verify that electronic and electrical products
work safely and as they are intended to
IEC International Standards represent a
global consensus of state-of-the-art
know-how and expertise
A not-for-profit organization enabling global
trade and universal electricity access
27
IEC Conformity Assessment Systems—
IECEE / IECRE
c/o IEC − International Electrotechnical
Commission
3 rue de Varembé
PO Box 131
CH-1211 Geneva 20
Switzerland
T +41 22 919 0211
www.iecee.org
www.iecre.org
IECEx / IECQ
The Executive Centre
Australia Square, Level 33
264 George Street
Sydney NSW 2000
Australia
T +61 2 4628 4690
Fax +61 2 4627 5285
www.iecex.com
www.iecq.org
Asia Pacific
IEC-APRC − Asia-Pacific
Regional Centre
2 Bukit Merah Central #15-02
Singapore 159835
T +65 6377 5173
Fax +65 6278 7573
Latin America
IEC-LARC − Latin America
Regional Centre
Av. Paulista, 2300 – Pilotis Floor – Cerq.
César
São Paulo - SP - CEP 01310-300
Brazil
T +55 11 2847 4672
North America
IEC-ReCNA − Regional Centre
for North America
446 Main Street, 16th Floor
Worcester, MA 01608
USA
T +1 508 755 5663
Fax +1 508 755 5669
Please visit the IEC website at www.iec.ch
for further information. In the “About the
IEC” section, you can contact your local IEC
National Committee directly. Alternatively,
please contact the IEC Central Office
in Geneva, Switzerland or the nearest
IEC Regional Centre.
Global—
IEC − International Electrotechnical
Commission
Central Office
3 rue de Varembé
PO Box 131
CH-1211 Geneva 20
Switzerland
T +41 22 919 0211
Fax +41 22 919 0300
www.iec.ch
IEC Regional Offices—
Africa
IEC-AFRC − Africa Regional Centre
7th Floor, Block One, Eden Square
Chiromo Road, Westlands
PO Box 856
00606 Nairobi
Kenya
T +254 20 367 3000 / +254 20 375 2244
M +254 73 389 7000 / +254 70 493 7806
Fax +254 20 374 0913
Further information
T +41 22 919 [email protected]
3 rue de VarembéPO Box 131CH-1211 Geneva 20Switzerland
® Registered trademark of the International Electrotechnical Commission. Copyright © IEC, Geneva, Switzerland. 2018.
YP F
utur
e le
aser
s:20
18-1
0(en
)
InternationalElectrotechnicalCommission