Security and Risk Managementfor Smart Grids

Dr. Lucie LangerSafety & Security Department

AIT Austrian Institute of Technology

December 7, 2012

Athens, Greece

2nd ISACA Athens Chapter Conference

Talk Outline

Background and motivation Motivation for smart grids Smart grid security concerns

State of the art NISTIR 7628 Guidelines for Smart Grid Cyber Security German BSI Smart Metering Gateway Protection Profile ENISA Smart Grid Security Recommendations

AIT research Systematic threat analysis for smart grids Decision theory support for risk analysis Architectures for network resilience

Key projects The PRECYSE Project The (SG)2 Project Upcoming project proposals

2

Motivation for Smart Grids

3

Diminishing fossil fuelsand environmental concerns

Higher availability of practical electric cars

Lack of resilience ofcurrent power grids leading to blackouts

Increased availability ofrenewable power technology

Smart Grids: The Vision“An electricity network that integrates the behavior and actions of all users connected to it - generators, consumers, or both – to ensure an economically efficient, sustainable power system with low losses and high levels of quality and security of supply and safety."

4

Smart Grid Security Concerns

5

Privacy concernsemerging fromsmart meters & increased risks associated with tampering

Greater use ofCOTS systems toimplement parts of a more open grid

A greater degree of monitoring and automatic control at electricity network edge

Increased use of ICT systems, e.g., to support prosumer communities and advanced energy services

Smart Grid Security: State of the Art

NISTIR 7628: Guidelines for Smart Grid Cyber Security

Three volume report on securing smart grids produced by the Cyber Security Working Group (CSWG) and the Smart Grid Interoperability Panel (SGIP) in the USA

Final version published in September 2010

Vol. 1: High-level smart grid architecture Logical reference model that spans smart grid domains A set of high-level security requirements

Vol. 2: Focuses on privacy issues within homes

Vol. 3: Supporting material, including research

and development themes

7

NISTIR Guidelines for Smart Grid Cyber Security

88

Smart Grid Logical Reference ModelTechnical High-level SecurityRequirements

Governance, risk and compliance

requirements

Common technical security

requirements

Unique technical security

requirements

CIA Requirements(Low, Medium, High)

Use cases

180 requirements

exist in 19 families, e.g.,

access control, Smart Grid Domains

7 Smart Grid Domains

Actors(Systems)

Interfaces

130 interfaces between actors,

organized into 22 categories with

shared or similar security

characteristics

InterfaceCategories

apply to allcategories

apply to a subsetof categories

influence

apply to all(with tailoring)

Select use cases

Risk assessment

Set boundaries (define initial architecture)

Define high-level security

requirements

Smart Grid conformance testing

& certification

1 2 3 4 5

Top down

Bottom up

Process

Guidelines

BSI Protection Profile for the Gateway of a Smart Metering System Security requirements for the gateway in a smart metering system, which

includes: assets, threats and assumptions, a set of security objectives, a set of security requirements, …

9

Smart Metering Gateway

LocalMetrological

Network

Wide AreaNetwork

HomeArea

Network

BillingCompanies

GridOperators

Initially driven by electricity network operators

Initially driven by electricity network operators

Protection Profile for the Gateway of a Smart Metering System Overview of the attacks considered:

gaining access to metering data, attackers intercept data during transmission, acquire control of the gateway, meters, controllable local systems, an attacker obtains more detail than they should.

Selected security objectives: encrypted and authenticated communication

between all parties, pseudonymisation of transmissions, if applicable, detect physical tampering, no accessible services on the gateway.

Current status: final version that should be supported by gateways in Germany

10

A strong emphasis onprivacy issues

A strong emphasis onprivacy issues

ENISA Smart Grid Security Recommendations

A set of security recommendations based on a survey of 50 stakeholders and extensive background material study

Recommendations from the report include:

…develop a minimum set of security measures

based on existing standards and guidelines

…foster the creation of test beds and

security assessments

…foster research in smart grid cyber security

11

http://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-infrastructure-and-services/smart-grids-and-smart-metering/ENISA-smart-grid-security-recommendations

ENISA Smart Grid Security Recommendations

Selected research areas recommended by the report include:

Robust, secure and resilient architectures: self-healing and graceful degradation; generation, distribution and storage of cryptographic material

Trust and assurance and end-to-end security: dependencies and threat analysis and use-case modelling; active monitoring for incident detection; security metrics; security mechanisms against DoS attacks

Privacy and security by design: common procedures and interfaces, protection against zero-day vulnerabilities, optimization of cryptographic protocols

Legal and economic aspects of cyber security in the smart grid

12

Smart Grid Security: AIT Research and Innovation

Smart Grid Security Threat Analysis

Availability of the power grid Legitimate power consumption and

delivery Privacy of consumers

Smart Grid Security Threat Analysis & Recommendations

15

Authorization of users and devices to grant them least privileges to access resources and services

Integrity and plausibility checks of data, such as meter readings, grid status messages, and network traffic

Training of technicians and service staff to prevent social engineering

Security Risk Analysis based on Decision Theory

16

Communication Infrastructure Model

Topological Vulnerability Analysis

Usage Strategy Identification

Game-Theoretic ModelApplication-Oriented

Taxonomy

Rules for optimal System usage

Components of Maximal Vulnerability

System Risk Measure

System engineer

Decision MakerSystem

User

Decision Maker

System engineer

A challenge for cyber-security risk analysis for smart grids and critical infrastructures is identifying the likelihood of an attack occurring and being successful…

Architectures for Network Resilience

17

“Resilience is the ability of the network to provideand maintain an acceptable level of service in the face of various faults and challenges to normal operation.”

Smart Grid Security: Key Projects

The PRECYSE Project

19

The PRECYSE Project Demonstrators

20

Traffic control centre in the city of Valencia (Spain)

1.5 million inhabitants, 500 000 vehicles

Energy demonstrator in the city of Linz (Austria)

Power supply and related services for 400 000

inhabitants

Smart Grid Security Guidance (SG)² Project

Nationally-funded research project

Project Duration: 2 years, 11/2012 – 10/2014

Aim to produce practical guidelines for Smart Grid security for Austria

Partners from research, industry and government: AIT Austrian Institute of Technology Technische Universität Wien SECConsult Unternehmensberatung GmbH Siemens AG, Corporate Technology Österreich LINZ STROM GmbH Energie AG Oberösterreich Data GmbH Innsbrucker Kommunalbetriebe AG Energieinstitut an der JKU Linz GmbH Bundesministerium für Inneres Bundesministerium für Landesverteidigung und Sport

21

The (SG)2 Process Model

22

Safety and Security Department

Energy Department

Foresight & Policy Development Department

Safety and Security Department

Energy Department

Foresight & Policy Development Department

The European SPARKS Project Proposal

23

Partners

Conclusion and Open Issues

Smart grids represent a significant evolution of electricity networks: an increased use of ICT to support advanced open services automatic monitoring and control deeper in the network to facilitate the

use of decentralised power sources

Security and privacy concerns abound: privacy issues related to smart metering risks to availability caused by cyber attacks

A number of best practices and standards have emerged, but practical application is lacking

AIT is researching novel threat and risk analysis approaches, and architectures for ensuring the resilience of smart grids to attacks (amongst other things…)

24

AIT Austrian Institute of Technologyyour ingenious partner

Dr. Lucie Langer

Project Manager ICT Security

Safety & Security Department

lucie.langer@ait.ac.at | +43 664 8251 438 | www.ait.ac.at/it-security

26

European ABC solution with interfaces to existing security and infrastructure processes demonstrated at air-, land- and sea borders

FastPass

A harmonized, modular reference system for all European automatic border crossing points