Security: A PRIME Focus
PRIME Alliance was founded to provide a forum for the definition, establishment and support of an open, single specification and standard for a narrow-band power line for Smart Grid products and services. The ultimate goal is the development of a global power line standard that will enable multi-vendor interoperability for the establishment of a series of truly flexible and highly efficient Smart Grid networks.
However, to attain these goals, due consideration must be given to the issues surrounding data privacy and data security. Because smart technologies enable more dynamic and bi-directional flows of information and more interaction between suppliers and consumers, the possibility for unauthorized third parties to gain access to sensitive data must be minimized. The level of risk posed by cyber threats is also rising as a result of the rapid growth in machine-to-machine interactions enabled by digital communications and the internet.
Security experts have warned that Smart Metering could introduce a strategic vulnerability to a country's essential infrastructure. With Smart Meters in place, the potential for unauthorized supply interruption increases and does not solely require physical tampering. Thus, the software procedures like the combination of commands that can cause meters to interrupt supply, the firmware upgrades that will run in the meters themselves, and the cryptographic keys used to authenticate these commands all need to be thoroughly secured against external unwanted interaction to safeguard critical portions of the grid. Research suggests that programming errors and security vulnerabilities in Smart Meter devices need special attention to avoid any unauthorized interaction of the end-points in power distribution networks.
If left unaddressed, the PRIME Alliance believes that these security issues will become challenging barriers to successful roll outs of Smart Meters, and could impact consumer acceptance of the new technology.
The PRIME Alliance is also aware that addressing security concerns is imperative before the devices are deployed; waiting until after-the-fact is the least effective and least efficient method of addressing potential vulnerabilities within the communication infrastructure, as well as the hardware and software components of the Smart Grid. Instead, security measures will need to be incorporated holistically and by design at critical points across the Smart Metering infrastructure. This must start within the home area network and local area network, and also cover the entire wide area network to the database within the utility. Here too, the appropriate security mechanisms will also be required for safeguarding the system.
Consequently, the optimal approach is to ensure that information security is considered a critical priority of any Smart Grid in the upfront design, and that end-to-end security provisions are inherent in any system design. To that end, the PRIME Alliance has incorporated the consideration of security issues into the development of its specification and standard for a narrow-band power line.
A road map is already in place, and work has started on establishing the necessary security requirements. Also, the Alliance is working to ensure that findings from research and experience at both a national and EU level are fed into the resultant standard. Work on the development of a sound security architecture design that will ensure reliable and sufficient privacy and security levels are integrated in the core specifications for PRIME has also been completed. This covers critical components such as secure firmware updates, trust provisioning and critical command security.
Currently, the Alliance is focusing on finalizing the secure PRIME protocol and is investigating how Application Layer Protocols and MAC Layer security will apply to the PRIME power line protocol, and assigning specific security targets such as confidentiality, integrity and authentication to each layer. The final phase, to be undertaken in beginning of 2013, will be concerned with finalizing certification and compliance requirements.
In addition, there are Privacy Enhancing Technologies (PET) available that help address concerns and reassure potential consumers. These should be considered a critical element of any Smart Meter systems by design. Underpinning data privacy is watertight data security, which is an issue of concern not just to end-users but also to their suppliers.
Achieving a secure Smart Grid is a challenge that is necessary to overcome for successful acceptance and roll outs. The PRIME Alliance is working to address these challenges by encouraging greater interoperability with regards to the development and deployment of narrow-band power line. By bringing information security concerns into the heart of that process, PRIME Alliance shapes the technological future towards overcoming the one of the biggest obstacles to universal Smart Meter adoption.