national regulatory approaches anded european ... · smart meter deppyloyment status impact of...
TRANSCRIPT
The Smart Grid Security Challengesy g
National regulatory approaches d Eand European
standardization efforts
Francois Ennesser
19 / 01 / 2012
Smart Grid Conceptual model (from NIST IR 7628)
The EU Smart Grid Framework
Smart Grids are a strategic topic in the context of theSmart Grids are a strategic topic in the context of the “20/20/20 directive”, and their security as a critical strategic infrastructure requires a shift of paradigm for the energy industrygy yDriven by DG ENER, Expert Group 2 assisting the EC Smart Grid Task Force (which generated the M/490 Smart Grid Standardization Mandate) produced 2 reports:Smart Grid Standardization Mandate) produced 2 reports:
“Regulatory Recommendations for Data Safety, Data Handling, and Data Protection”
“Essential Regulatory Requirements and Recommendations for Data H dli D t S f t d C P t ti ”Handling, Data Safety, and Consumer Protection”
DG INFSO / ENISA Expert Group on “Security & Resilience of Communication Networks and Information S t f S t G id ” f i k tSystems for Smart Grids” focuses on risk assessment , security requirement and countermeasures
Plans to organize a workshop to raise industry awareness on Smart Grid Security issues in Brussels in JuneSecurity issues in Brussels in June
The EU Perspective on Smart Grids
20 / 20 / 20 EU Target:20 / 20 / 20 EU Target: 20% CO2 reduction, 20% renewable energy, 20% energy consumption reduction
Expert Group 2: Regulatory for data safety,
data handling and data
Expert Group 1: Regulatory functionalities
for Smart Grids and
Expert Group 3: Roles and responsibilities
of actors involved indata handling and data protection
for Smart Grids and Meters
of actors involved in Smart Grids deployment
4 4
Security Challenges: From Smart Metering to Smart Grid
Smart Meter deployment statusp y
Impact of national regulations, business models and timeframee g Meter Ownership varies between countriese.g. Meter Ownership varies between countries
Smart meter deployments started 10 years agoItaly: 90% of Electricity meters and 2/3 Gas meters are “smart”Sweden: Almost 100% penetration for electricity induced by lawSweden: Almost 100% penetration for electricity, induced by law
“Automated Meter Reading” (AMR) vs. “Advanced Metering Infrastructure” (AMI)
Different support of functionalities between countries: e.g. Sweden:Different support of functionalities between countries: e.g. Sweden:Remote load control: 40%On/Off switch: 32% no rules for 3rd party access, nor obligations for SM interoperability
Security and Privacy not seriously considered everywhere10 countries initiating deployment – No single standard!
France: Started 09/2011, target 35M electric meters by 2020G M d t EAL4 C C it i S it C tifi ti f G tGermany: Mandatory EAL4+ Common Criteria Security Certification for GatewaysFinland : OSGP?Spain, Netherlands: Different levels of national requirementsUnited Kingdom, Austria…United Kingdom, Austria…
1/19/2012 6
AMI Security Challengesy g
• Fraud prevention: ICT induces new risks for the energy industryFraud prevention: ICT induces new risks for the energy industry• Used to simple mechanical protection of metrology unit• Digital meter design + telecommunications bring new security challenges• Requires proper methodology e g Common Criteria• Requires proper methodology, e.g. Common Criteria
• Resilience: Future-proofness (20 years lifetime)• Diverse lifetimes between energy equipment and ICT components• Use modular design, based on established standards
• e.g. for security module and communication module
• Privacy preservation• “Privacy by Design” approach recommended in EU by EG 2• Data ownership and exposition
• storage • access • expiration policies
1/19/2012 7
Why is privacy so important?y p y p
• Each appliance has its own powerits own power signature: Shows what you have, and when to steal it!when to steal it!• Identification by profiling is possible
> Consumers trust will be essential!
German BSI Security Requirementsy q
An EAL4+ Common Criteria Protection Profile is required for the
CLS = Controllable Local Systems
qGateway of a Smart Metering SystemThe same security level applies for the Security Element (e.g. Smart Card) of the GatewayCard) of the Gateway
Smart Grid DSO domainsIntroduction of distributed ICT component supporting the infrastructure: Disruptive model for the industry, implying new risks!
CBMCBM AMI: Automated MeteringCBM
CISDSM
CBM
CISCIS
DSMDSM
AMI: Automated Metering Infrastructure
Focus of M/441 mandateADA Ad d Di t ib ti
COM
AMIAdvanced Meter Infrastructure
A COM
AMIAdvanced Meter Infrastructure
A
ADA: Advanced Distribution Automation
Far more criticalf C
DM
SCOMCommunications
OM
S
ADA
Advanced Distribution
DER
ed E
nerg
y Re
sour
ces
DM
SCOMCommunications
OM
S
ADA
Advanced Distribution
DER
ed E
nerg
y Re
sour
ces cf. Control system security
standards (SCADA)DER: Distributed Energy R
SCADAEM
S
on Automation
Dist
ribut
ed
SCADA
SCADAEM
SEM
S
on Automation
Dist
ribut
ed ResourcesBi-directional energy flowNew risks introduced
GISGISGISLargely unexplored domain
Risks on ADA side are far worst than on AMI side!Cf. Stuxnet virus…
Smart Grid architecture (M/490)
Business Layer
Grid requirements:• uninterrupted service• robust and resilient
bl k t t bilit
Function Layer
Outline of Usecase
Business Layer
y
• black start capability• little dependencies on other infrastructures
C i i
Information LayerData Model
Data Model
Subfunctions
Inte
rope
rabi
lity
even in case of
•breakdown
Operation
Enterprise
Market
Component Layer
Communication LayerProtocol
Protocol
•breakdown, •failure •targeted attacks to ICT
GenerationTransmission
DistributionDER
Customer
Process
Field
Station
D i
Zones
CustomerPremise
Domains
M/490 Smart Grid Information Security: Positioning of security standards in the M/490 architecture
SGIS Vision: Provide an Security Toolbox
Li t f ll t / l d i l dSGIS
Layer
List of all actors/roles and involved functionalities
• Mandatory , Optional, Extended use cases / functions
Per legal Per legal Entity / Market Entity / Market RoleRole
Document SGIS-Security LevelsFor involved SG-Data Protection Class,
list all actors interacting andjustified access rights
Per ProductPer Productjustified access rights
Select Normative Profile for specific legal entity , products….Select Normative Profile for specific legal entity , products….
Select appropriate Technical requirements
for product & service development & manufacturing
Select appropriate Requirements when bringing Products & Services into market and /or into operation (install integrate configure) manufacturing
for all layers [IEC 62351, ...]
Select appropriate organizational Select appropriate governance
(install,integrate,configure)[Standards to identify]
per Productper ProductPer OrganizationPer OrganizationSelect appropriate organizational
requirements[SG-specific ISO 270xx]
Select appropriate governance, reporting and
incident handling requirements[Standards to identify][ y]
Per Market Role /Legal EntityPer Market Role /Legal Entity Per Market Role /Legal EntityPer Market Role /Legal Entity
Smart Grid Security Risks (from EG2 report)y ( p )
Trends in Smart Grid Cyber Securityy y
Regional deployment are driving investmentsRegional deployment are driving investmentsNo “One size fits all” solution
Forget “Security by Obscurity”L k f d d ill hi d iLack of standards still hinders action
Address system implementation and component securityAddress risks from older devices in aging infrastructuresAddress risks from older devices in aging infrastructures
Key Smart Grid Cyber Security technologies:M lti f t th ti ti• Multi-factor authentication
• Control Network isolation• Application white-listing
D t E ti• Data Encryption• Security event logging and correlation• Privacy-Enhancing Technologies
Smart Grid Resilience challengesgBalance Energy economy vs. Grid stability
e.g. ignore market signals to avoid disruption
Ensure scalable approach to cope with (huge) grid sizeMigrate from centralised power architectures to distributed modelsM i i f h t f i f ti il blMaximize use of huge amount of information availableCo-existence of multiple technologies with different lifecycles
• Power• Communication• Information Technology
Undertake security assessments at affordable costUndertake security assessments at affordable cost• Supply chain security (hardware, firmware, software)• Tamper resistant hardware• Due diligence assessment of 3rd parties services e g Certification Authorities• Due diligence assessment of 3rd parties services, e.g. Certification Authorities
Smart Grid Trust challengesg
Governance challenge: All actors shall feel responsible for idi d i t i i ICT it d ili t th iproviding and maintaining ICT security and resilience at their own
level• Utilities are not used to outsourcing to other infrastructure providers• Increased risk of fraud due to higher number of involved stakeholders
Mutual trust between all actors must be established !
Trust as a key enablery
INFORMATION EXCHANGE (WEB SERVICE)
CRITICAL S C
ENERGY 2.0 DomainsINFRASTRUCTURE
TRANSMISSIONSMART HOME
DR
STORAGE
DISTRIBUTED GENERATION
BUILDING AUTOMATION
ELECTRIC CARS
TRUST
DISTRIBUTION
GATEWAY(S)
RETAIL (ToU BILLING)
SMART METERING
FEE
D-IN
TRU
ST
1819/01/2012
SERVICE*SUPPLY* controllable local systems
Power Grids & Telecom Networks Interdependencies
Power Grids Telecom Network
Supply Central Distributed
Service Type Homogeneous (single commodity)
Heterogeneous (multi-commodities)
Direction Uni-directional Bi-directionalDirection Uni directional Bi directional
Scaling of capacity Expensive and time consuming
Quick and cheapconsuming
Infrastructure Local monopoly Competing market
Risk culture Safety (System impact Security (environmentRisk culture Safety (System impact on environment)
Security (environment impact on System)
Incidents Hardware failures Software failures
Telecommunication industry assets for Smart Grids
A ili li bl i i i f• A resilient, reliable communication infrastructureBut address availability and QoS guarantees
• Authentication and identification of millions of customers With supporting billing infrastructure
• A reliable security frameworkPreserving data confidentialityPreserving data confidentiality
• Trust provisioning chain relying on tamper resistant secure elementsSupporting protection and confidentiality of third party credentials/content
• Secure Remote Management infrastructure Over-The-AirSupporting firmware upgrades, etc.
Thank You!
In an increasingly connected societyIn an increasingly connected society, Gemalto is the leader in making digital interactions secure and easy
In the rapidly emerging universe of Machine-to-Machine communication (M2M) ’ l di li f(M2M) we’re a leading supplier of hardware, software and services for vertical applications .