Smart Grid Security: Where to Start?

Dan Pearl | Dec 10, 2010

Share/Save  
Back in March, I wrote about the impending Smart Grid security crisis by comparing it to our experience with online banking. "The true danger is not that hackers might siphon from bank accounts; it's the potential systematic destruction of the entire process by which we account for wealth."

It is not that one or a couple of people might get robbed. Yes, that would be awful, but the true danger is a lack of confidence in our banking system, leading to negative behaviors.

The same can be said about our electric system. What if one hacker remotely tampered with one meter? That's bad. But what if that one hacker propagated a worm throughout the system leading to cascading failures? That's even worse. And what if that hacker was really a foreign agent planning more wide-scale malicious activity? What if that one incident decreased consumer confidence in smart meter implementations, prevented adoption, or encouraged vocal opposition?

The Security Discussion Continues to Intensify

Since March, the global Smart Grid security discussion has intensified as several reports call out potential cyber threats to power grids.

In August, the Wall Street Journal article reported: "Computer networks controlling the electric grid are plagued with security holes that could allow intruders to redirect power delivery and steal data." Additionally, the National Institute of Standards and Technology (NIST) released its highly anticipated report NISTIR 7628: Guidelines for Smart Grid Cyber Security, which put forth the conclusion that "approaches to secure [smart grid] technologies and to protect privacy must be designed and implemented early in the transition to the Smart Grid."

Since July, the Stuxnet malware, a worm that spies on and reprograms critical industrial infrastructure, has been widely publicized. The malware uses the Windows operating system to spread to Siemens SCADA systems and programmable logic controllers. The European Union's cybersecurity agency claims Stuxnet represents a "paradigm shift" in critical infrastructure threats and that current defense philosophies need to be reconsidered. Additional coverage can be found on the security concerns surrounding the Stuxnet malware.

Many of the reports discuss high-level concerns and solutions, like "security frameworks" or "security architectures" and advocate for an evaluation of security process, people and technology. These sources discuss the opportunity that the smart grid provides to introduce a new way of thinking and to overhaul the entire system. A comprehensive security architecture IS necessary and new operational paradigms are critical. But you have to start somewhere.

To address the need for built-in security controls, consider the online banking comparison again. Consumers expect Secure Socket Layer (SSL), site keys, multiple passwords and pins as a part of their daily lives - preferring a slight inconvenience for their overall security and the protection of their personal information. Securing consumer's electricity usage can reach the same levels as the banking industry but as in banking, the transition to securing consumer's usage in electricity will not happen overnight.

Where should you start?

Start with the Information.

The Smart Grid, in many cases, begins with smart metering. The concern centers on the massive deployment of millions of new meters that will transmit data at more frequent intervals over a network, whether it is RF Mesh, WiMAX, or PLC, etc. Historically, utility companies sent a truck to manually read electromechanical meters approximately once a month which does not yield much data. However, with smart metering, at 15-minute intervals approximately 35,000 reads per customer per year will be made, which is a volume of data that has real value, to utilities and those intending harm.

What is the best way to protect that metering data? By protecting it at the source with built-in security. According to Forrester Research, "Security is only possible if it's built in...the most important aspect of making security built-in is to embed it into each system."

Encryption and Enterprise Key Management

To protect the information itself, utilities must begin by securing the data at the point of capture and physically embed cryptographic functionality within the meter. Next, they must secure the communications between the various components of the Advanced Metering Infrastructure (AMI) system.

Use of technologies like public key infrastructure (PKI), a proven backbone to securing the Internet, can protect system components by enabling encryption and digitally signing content. PKI also offers authentication, integrity and limited non-repudiation as information travels from the meter to the utility. When applied to AMI, PKI functionality within the head-end system and meters, for a secure exchange of information between them, keeps the information private to prevent fraud and misuse.

To utilize encryption on a wide scale, utilities need to be able to efficiently support millions of endpoint keys and cryptographic functions at scale.

A metaphor for a key management solution is an apartment building landlord's key locker. Let's say the building has 20 apartments, each with one key to its front door. And let's say the landlord changes the locks (and keys) every time a new tenant moves in, every time a tenant requests a change, and every time there's a break-in. For 20 apartments, that could be manageable. But what if there were 100 apartments, or 1,000, or in the metaphorical case of smart metering, 1,000,000? If the landlord misplaces one key, how will he find it when all keys look and feel exactly the same? Sure, the belongings within the apartment will not be at risk, but what value do those contents have if the landlord or tenant can't access them? The same applies with cryptographic keys. You need a solution that can automatically manage the lifecycle of those keys at mass scale.

Questions to ask your AMI vendor:

  • What embedded security features do you offer?
  • What cryptographic protocols do you leverage?
  • What is your overall cryptographic architecture, including encryption, decryption, digital signatures and key management?
  • Does your key management solution scale?

Functional Requirements for AMI Vendors to Consider:

  • Secure messages to and from various AMI endpoint components such as meters, radio devices and boards, collectors, routers, and network nodes via cryptography
  • Sign downstream messages and upstream acknowledgments
  • Sign firmware and utility public keys
  • Generate and manage full lifecycle of keys
  • Provide a secure, centralized, FIPS-validated key management platform
  • Provide a secure auditing trail throughout the key management lifecycle

Jesse Berst, founder of Smart Grid News, said he didn't see any reason why the energy industry wouldn't be able to secure the infrastructure as it modernizes: "we've solved the cyber (security issues) for other big consequential infrastructures (like financial and Internet) and I think we can solve it to that same degree of safety for this one." The utility industry should learn from others, rather than replicating the mistakes that others before us have made.

Manufacturing, oil & gas, banking, and telecommunications all have experienced bumps along the road. Let's leverage those lessons, and try not to boil the ocean. We need a high-level strategy and something to work towards to make the smart grid a reality. That strategy should include people, process and technology. And most mindfully, we should start by securing not just the perimeter around the information, but the information itself.

Related Topics

Comments

Sobering but very relevant article. Smart meter manufacturers are more than capable of adding security to their embedded software and meter data, in fact they are more than capable of designing their smart meters to be much more powerful in many other respects, as are personal computers and mobile computing devices we are widely familiar with today.

The huge underlying problem for meter manufacturers is utility companies are highly unwilling to pay higher meter prices for additional smart meter capabilities. It is painful particularly to bear the costs of upgrades to meter technology on a regular basis once meters are deployed in the field.

The most obvious reason is the shear numbers of customers and meters means even a single dollar increase in meter prices often translates into millions of extra dollars if the added costs are to apply to each and every customer in a large urban utility company. Every penny of meter cost must be carefully weighed before committing all customers to a given meter design.

A less obvious reason is due to the regulated nature of the utility business where every utility customer must be billed the same way under regulated rates. Customer billing income ultimately pays for all the smart meters, so if smart meters are desired to be upgraded with added capabilities, such as adding new security measures in software, utilities are forced to apply it to all customers in their smart meter network.

The only way around these roadblocks for smart meter manufacturers is by regulatory reforms that would permit utility companies to raise money to add upgrades or replace smart meters without having to add rate increases to every customer, or add specific extra smart meter charges to every customer's bill. Some well-established business models to realize this are the CATV and telephone companies who routinely offer basic services to all their customers at uniform billing rates, plus optional extra services and in-home technologies to customers who are willing to pay extra to buy them.

Bob is right about the present retail market model for electricity being broken, or in fact a usless artifact of technical capabilities of a century ago. If regulators will not allow us to move to a modern computerized retail --> wholesale market such as IMEUC, they should at least free up the market so utility companies could appear as nimble (as elephants ha ha) as landline telephone companies.

As further evidence of a broken retail market for electricity, consider electronic utility billing meters have been out for over a decade now, beginning back in the 1990's with the first one-way communicating meters for automated meter reading, and have evolved into the two-way networked systems we see being deployed today. Compare how much they have advanced in that time frame with how much consumer products like personal computers and cellular phones and video games have. Meters have evolved at a snail’s pace in comparison because the marketing and commercialization of consumer products are not stifled by regulation.

Len's revolutionary and innovative IMEUC proposals are not even on the radar screens of most people in the utility business or in governments because no one dares to think or imagine anything different than the status quo when it comes to regulation of the utility companies. What a tragedy.