Security Challenges in Smart-Grid Metering and Control Systems _ TIM Review.pdf

  • Published on
    04-Sep-2015

  • View
    3

  • Download
    1

Transcript

<ul><li><p>6/22/2015 SecurityChallengesinSmartGridMeteringandControlSystems|TIMReview</p><p>http://timreview.ca/article/702 1/7</p><p>Search</p><p>PleaseLoginorRegister</p><p>HOME TOPICS UPCOMINGTHEMES ISSUEARCHIVE CONTRIBUTE ABOUT CONTACTUS</p><p>InthisissueEditorial:Cybersecurity(July2013)CybersecurityFutures:HowCanWeRegulateEmergentRisks?SecuringCanadasInformationTechnologyInfrastructure:Context,Principles,andFocusAreasofCybersecurityResearchPeertoPeerEnclavesforImprovingNetworkDefenceKeystoneBusinessModelsforNetworkSecurityProcessorsManagingCybersecurityResearchandExperimentalDevelopment:TheREVOApproachSecurityChallengesinSmartGridMeteringandControlSystemsQ&amp;A.ShouldStartupsCareaboutApplicationSecurity?TIMLectureSeriesGreenBusinessModelstoChangetheWorld:HowCanEntrepreneursRidetheSustainabilityWave?</p><p>AboutthisarticleCitation:Fan,X.,&amp;Gong,G.2013.Security Challenges in</p><p>Smart-Grid Metering and Control Systems.TechnologyInnovationManagementReview,3(7):4249.http://timreview.ca/article/702</p><p>Citethisarticle:BibTex RTF Tagged MARC XML RIS</p><p>Authorinformation</p><p>XinxinFanUniversityofWaterlooXinxinFanisaResearchAssociateintheDepartmentofElectricalandComputerEngineeringattheUniversityofWaterloo,Canada.HeholdsaPhDdegreeinElectricalandComputerEngineeringfromtheUniversityofWaterloo,aswellasaBScdegreeinAppliedMathematicsandanMEngdegreeinInformationSystemsandTelecommunicationEngineeringfromXidianUniversity,China.Hisresearchinterestsrangefromfastandsecuresoftwareandhardwareimplementationsofcryptographicalgorithmstothedesignandtheanalysisofsecurityprotocolsforwirelessandwirelinenetworks.</p><p>Morebythisauthor</p><p>GuangGongUniversityofWaterlooGuangGongisaProfessorintheDepartmentofElectricalandComputerEngineeringattheUniversityofWaterloo,Canada,andsheistheManagingDirectoroftheCentreforAppliedCryptographicResearchatUniversityofWaterloo.SheholdsaBScdegreeinMathematics,anMScdegreeinAppliedMathematics,andaPhDdegreeinElectricalEngineeringfromuniversitiesinChina.Dr.GonghasalsoheldafellowshipattheFondazioneUgoBordoni,inRome,Italy,andwasAssociateProfessorattheUniversityofElectricalScienceandTechnologyofChina.Herresearchinterestsareintheareasofsequencedesign,cryptography,andcommunicationsecurity.</p><p>Morebythisauthor</p><p>Login</p><p>Username*</p><p>Password*</p><p>Createnewaccount</p><p>July2013</p><p>SecurityChallengesinSmartGridMeteringandControlSystemsXinxinFan,GuangGong</p><p>DownloadthisarticleasaPDF</p><p>Aswemodernizethenationselectricinfrastructuretomakeitsmarter,moreefficient,andmorecapable,weneedtomakeitmoresecurefromendtoend.</p><p>GaryLockeU.S.AmbassadortoChinaandFormerSecretaryofCommerce</p><p>Abstract</p><p>Thesmartgridisanextgenerationpowersystemthatisincreasinglyattractingtheattentionofgovernment,industry,andacademia.Itisanupgradedelectricitynetworkthatdependsontwowaydigitalcommunicationsbetweensupplierandconsumerthatinturngivesupporttointelligentmeteringandmonitoringsystems.Consideringthatenergyutilitiesplayanincreasinglyimportantroleinourdailylife,smartgridtechnologyintroducesnewsecuritychallengesthatmustbeaddressed.Deployingasmartgridwithoutadequatesecuritymightresultinseriousconsequencessuchasgridinstability,utilityfraud,andlossofuserinformationandenergyconsumptiondata.Duetotheheterogeneouscommunicationarchitectureofsmartgrids,itisquiteachallengetodesignsophisticatedandrobustsecuritymechanismsthatcanbeeasilydeployedtoprotectcommunicationsamongdifferentlayersofthesmartgridinfrastructure.Inthisarticle,wefocusonthecommunicationsecurityaspectofasmartgridmeteringandcontrolsystemfromtheperspectiveofcryptographictechniques,andwediscussdifferentmechanismstoenhancecybersecurityoftheemergingsmartgrid.Weaimtoprovideacomprehensivevulnerabilityanalysisaswellasnovelinsightsonthecybersecurityofasmartgrid.</p><p>Introduction</p><p>Theterm"smartgrid"generallyreferstoanextgenerationpowergridinwhichthegeneration,transmission,distribution,andmanagementofelectricityareupgradedandautomatedbyincorporatingadvancedcomputingandcommunicationtechnologiesforimprovingtheefficiency,reliability,economics,andsafetyofthegrid.Looselyspeaking,asmartgridiscomposedofapowergridandatwowaycommunicationnetworkforinformationretrievalandmanagement.Whencomparedtolegacyandclosedpowercontrolsystems,thesmartgridisenvisionedtoestablishascalable,pervasive,andinteractivecommunicationinfrastructurewithnewenergymanagementanddemandresponsecapabilities.Duringthepastfewyears,smartgridmeteringandcontrolsystemshavebeenwidelydeployedthroughouttheworld.AccordingtoanewNavigantResearchreport(2013),theglobalmarketpotentialforsmartgridequipmentmanufacturersandsolutionproviderswillnearlydoubleby2020,reaching$73billioninannualrevenueand$461billionincumulativeprofit.</p><p>Asmartgridbringsgreatperformancebenefittothepowerindustryandenablesenduserstooptimizetheirpowerconsumptionhowever,theheavydependenceoncommunicationnetworkshasmadesmartgridsvulnerabletoawiderangeofcyberspacethreats.Forexample,ithasbeenshownthatsecuritybreachesinsmartgridscanresultinavarietyofseriousconsequences,fromblackoutsandphysicaldamageofinfrastructuretotheleakageofcustomerinformation.Consideringthevastscaleandcomplexarchitectureofasmartgrid,itisnotdifficulttounderstandthatthevulnerabilitiesassociatedwiththesmartgridcommunicationsystemmayalsobeenormous.Thosesecurityvulnerabilitiesneedtobeproperlyaddressedtoensurethatsmartgridsarenotonlysecureandfunctioncorrectly,butthattheyalsomaximizetheiradoptionandsuccessfullyfulfillthepromiseofsmartgridinvestment.</p><p>Althoughmostofthearchitectures,frameworks,androadmapsforsmartgridshavealreadybeendefinedbythegovernments,industry,andacademia,therearestillmanyimportantsecurityandprivacyissuesinsmartgridcommunications.Theseissuesarenowconsideredbygovernmentsandindustrytobeoneofthehighestprioritiesforsmartgriddesign,andtheymustberesolvedbeforesmartgridscanbeoperationallyreadyforthemarket.Inthisarticle,wewillpresentthehighlevelarchitectureofasmartgridmeteringandcontrolsystem,andwewilldescribetypicalcyberspaceattacksonsmartgridcommunications.Wealsowillsummarizethesecurityrequirements,reviewsomeexistingsolutions,andhighlightseveralimportantdirectionsalongthisemergingresearchline.</p></li><li><p>6/22/2015 SecurityChallengesinSmartGridMeteringandControlSystems|TIMReview</p><p>http://timreview.ca/article/702 2/7</p><p>Requestnewpassword</p><p>Login</p><p>RelatedarticlesTIMLectureSeriesTheInternetofEverything:Fridgebots,SmartSneakers,andConnectedCarsJ.Greene</p><p>RealTimeMobileCommunicationofPowerRequirementsforElectricVehiclesD.Smith</p><p>Theperiodicpowerrequirementsofanelectricvehiclearedifficulttopredictbecausethevehicle'slocation,theamountofchargeremaininginitsbatteries,andthetimingofitsnextchargearenotknown.Forclustersofelectricvehicles,theproblemismagnified,andthereisariskthatthedemandwillstrainandoverloadapowerutilitysinfrastructure.Operationalmanagersare...</p><p>TIMLectureSeriesEnergyEfficiencyandDataSecurityinModernDataCentresJ.Glowka</p><p>TIMLectureSeries:PrivacyandSecurityinaConnectedWorldD.King</p><p>OnMay7,2008,DouglasG.King,AssistantProfessorofSystemsandComputerEngineeringatCarletonUniversity,deliveredapresentationentitled"PrivacyandSecurityinaConnectedWorld".</p><p>TheTIMLectureSeriesprovidesaforumtopromotethetransferofknowledgefromuniversityresearchtotechnologycompanyexecutivesandentrepreneursaswellasresearchand...</p><p>Theremainderofthisarticleisorganizedasfollows.First,wepresentthefundamentalarchitectureandfunctionalitiesofasmartgridmeteringandcontrolsystem.Next,wefocusonthesecurityrequirementsforsmartgridcommunications,followedbyasurveyofcurrenteffortsmadebytheindustryandacademiatosecurethesmartgridnetworksanddevices.Finally,weproposeseveralresearchareasanddirectionsinsmartgridsecurityanddrawsomeconclusions.</p><p>Architecture</p><p>Atypicalsmartgridmeteringandcontrolsystem,asillustratedinFigure1,consistsofacollectionofmeters/sensorsandcontrollers/actuatorsthatcommunicatewithasubstation/dataconcentrator,aconsumerortechnician,andvariousthirdpartyentities.Thecommunicationamongdifferentnetworkentitiesisrealizedbyhighspeedwiredorwirelesslinksoracombinationthereof.Asmartgridmeteringandcontrolsystemhasalayerednetworkstructurethroughwhichitcollectsdataandcontrolsthedeliveryofelectricity.</p><p>Figure1.ArchitectureofatypicalSmartgridmeteringandcontrolsystem</p><p>Themainfunctionalitiesofeachcomponentinasmartgridmeteringandcontrolsystemareasfollows:</p><p>1. Utilitycompany:connectstothesubstationnetworkthroughthewideareanetwork(WAN)interfaceandthecommunicationchannelmightbeWiFi,satellite,4GLTE,WiMax,etc.Theutilitycompanyisresponsibleforprocessingalarmsandalerts,managingthemeterdata,andgeneratingbills.Moreover,itmayalsoprovideawebportalthatallowscustomerstoviewtheirmonthlyenergyconsumptionandbills.</p><p>2. Substation/dataconcentratornetwork:consistsofanumberofsmartmetersinacertainareaaswellasadatacollector.TheconnectionbetweensmartmetersandthedatacollectormightthroughWiFi,ZigBee,powerlinecarrier(PLC),etc.Typically,thesmartmetersformawirelessmeshnetworkandforwardthemeterreadingstothedatacollectorthroughmultihopcommunications.Thedatacollectorthentransmitstheaccumulateddatatotheutilitycompany.</p><p>3. Homeareanetwork(HAN):providestheconsumeraccesspointstocontrolandmonitortherealtimepowerconsumption.TheHANcontainsahomegatewaythatreceivesthepowerconsumptiondatafromthesmartmeteranddisplaysitonhouseholder'sdevices(e.g.,laptop,tablet,smartphone).Furthermore,thehomegatewaymaysendthepowerconsumptiondatatoathirdpartyforothervalueaddedservices(e.g.,efficiencyadvice,supplierselection).TheHANalsoincludesacontrollerthatenableshouseholderstoremotelycontrolthestatusoftheirhomeappliances.</p><p>4. Smartmeter:iscomposedofamicrocontroller,ametrologyboard,andacommunicationboard.Underthecontrolofthemicrocontroller,themetrologyboardmeasurestherealtimepowerconsumption,andthemeterdataistransmittedtoboththesubstationnetworkaswellasthehomeareanetworkthroughthecommunicationboard.TheconnectionbetweenthesmartmeterandhomeappliancesmaybethroughWiFi,ZigBee,Ethernet,HomePlug,WirelessMBus,etc.Thesmartmetermayalsocontainadisconnectionfunctionthat(ifenabled)allowsutilitycompaniesorcustomerstoremotelyconnectordisconnectthehomeappliancesandservices.</p><p>5. Thirdparty:reliesonaccuratemeterreadingstoprovidevalueaddedservicesforhouseholders,includingpowerefficiencyadvice,supplierselection,etc.Thoseserviceswillhelphouseholderstomanagetheirpowerusageinacosteffectiveway.</p><p>Requirements</p><p>Theconventionalpowergridiscomposedofdedicatedpowerdevicesthatformclosednetworkswithreliableandpredicablecommunicationlinks.Incontrast,asmartgridmeteringandcontrolsystemreliesonadvancedwiredandwirelesscommunicationnetworks,therebyinheritingalloftheweaknessesandpotentialcyberspacevulnerabilitiesofgeneralcommunicationnetworks.Thesmartgridmeteringandcontrolsystemisbecominganincreasinglycommontargetforcyberspaceattacks,andstrongandrobustsecuritymechanismsareparamountforthepreventionoffinancialfraud,environmentalaccidents,andahostofotherpotentiallydisastrousincidents.Inthissection,we</p></li><li><p>6/22/2015 SecurityChallengesinSmartGridMeteringandControlSystems|TIMReview</p><p>http://timreview.ca/article/702 3/7</p><p>discussthemajorsecurityconcernsandrequirementsforsmartgridmeteringandcontrolsystems.</p><p>Effortsfromstandardsbodiesandorganizations</p><p>Anumberoforganizationshavebeenactivelyworkingonthedevelopmentofsmartgridsecurityrequirements,asillustratedinBox1.Amongexistingsmartgridstandardizationefforts,theNISTFrameworkandRoadmapforSmartGridInteroperabilityStandardsanditsInteragencyReport,GuidelinesforSmartGridCyberSecurity(NISTIR7628),representthemostcomprehensivecoverageofcyberspacesecurityrequirementsinthesmartgrid.</p><p>Box1.Examplesoforganizationsworkingonsmartgridrequirements</p><p>ElectricPowerResearchInstitute(EPRI)InternationalSocietyofAutomation(ISA)IEEE14022000InternationalElectrotechnicalCommission(IEC)NationalEnergyBoard(NEB,Canada)NorthAmericanElectricalReliabilityCorporationCriticalInfrastructureProtection(NERCCIP)NationalInstituteofStandardsandTechnology(NIST)</p><p>Allstandardsbodiesconsistentlyspecifythreehighlevelsmartgridsecurityobjectives:availability,integrity,andconfidentiality.However,eventhoughthestandardsbodiesdefinethesecurityrequirementsbasedonafairlycomprehensivesetofusecasesinthepowerindustry,thereisstillaconsiderablegapbetweenunderstandingthesecurityrequirementsinthestandardsandapplyingthemtodesignasecuresmartgridmeteringandcontrolsystem.Itisextremelyimportantfordesignersandpractitionersofsmartgridstogaindeepunderstandingaboutawiderangeofmaliciousattackstothesmartgrid,asdetailedbelow.</p><p>Availability</p><p>Availabilityreferstoensuringtimelyandreliableaccesstoinformation,whichistheprimarysecuritygoalofasmartgridmeteringandcontrolsystem.Maliciousattackstargetingavailabilitycanbeconsideredasdenialofserviceattacks,whichintendtodelay,block,orevencorruptthecommunicationinthesystem.Inparticular,duetotheextensiveadoptionofwirelesscommunicationtechnologiesinthesmartgrid,ajammingattackthatfillsthewirelessmediumwithnoisesignalshasbecomethemosttypicalformofphysicallayerattack.Thejammingattackisabletodeferthetransmissionofmessagesandtodistortthetransmitteddatasignal.Asaresult,thelegitimatereceivercannotrecovermessagesoutofthedamageddatapackets.Jammingattacksaremorerelevantandseriousinthesmartgridthanotherthanothernetworkingsystems,becausethesmartgridinvolvesessentialresourcesforpeopleseverydaylives.Ontheotherhand,manymaninthemiddleattackscanbelaunchedonlywhenthefullorpartialcommunicationchannelscanbejammed.Examplesincludejammingtheninsertingfalselocationinformationandjammingthendelayingthetransmission.Becausethenetworktrafficinthesmartgridisgenerallytimecritical,itiscrucialtoevaluatetheimpactofdenialofserviceattacksandtodesignefficientandeffectivecountermeasurestosuchattacks.</p><p>Integrity</p><p>Integrityreferstopreventingordetectingthemodificationordestructionofinformationbyunauthorizedpersonsorsystems.Maliciousattackstargetingtheintegrityofasmartgridattempttostealthilymanipulatecriticaldatasuchasmeterreadings,billinginformation,orcontrolcommands.Recentresearch(Liuetal.,2011)hasdemonstratedthatanewclassofattacks,calledfalsedatainjectionattacks,arehighlyviableagainstthestateestimationinelectricalpowergrids.Basedontheassumptionthatanattackerhascompromisedoneorseveralsmartmetersandisabletoaccessthecurrentpowersystemconfigurationinformation,suchattackscansuccessfullyinjectarbitrarybogusdataintothemonitoringcentre,andatthesametime,passthedataintegritycheckingusedincurrentstateestimateprocesses.Integrityprotectioncanbeachievedbyauthentication,certification,andattestation.Morespecifically,thesmartdevicesandsubstationmustauthenticateeachothersidentitytothwartimpersonation.Datacertificationofamessagepreventsmodificationofdataduringtransmission.Dataauthenticationwithnonrepudiationgoesbeyondcertificationbypreventingthesenderfromclaimingthatitdidnotsendthedata.Substationsuseattestationtoconfirmthatthememorycontents(codeanddata)onasmartdevicehavenotbeenmodified.Thesecurityservicesrelatedtointegrityareusuallyimplementedusingpublickeycryptography,whichrequiresatrustedthirdpartythathostsakeymanagementservice.</p><p>Confidentiality</p><p>Confidentialityreferstoprotectingpersonalprivacyandproprietaryinformationfromunauthorizedaccess.Maliciousattackstargetingconfidentialityaimatobtainingdesirableinformation(e.g.,powerusage,customersaccountinformation)througheavesdroppingoncommunicationchann...</p></li></ul>

Recommended

View more >