The Smart Grid Security Challengesy g

National regulatory approaches d Eand European

standardization efforts

Francois Ennesser

19 / 01 / 2012

Smart Grid Conceptual model (from NIST IR 7628)

The EU Smart Grid Framework

Smart Grids are a strategic topic in the context of theSmart Grids are a strategic topic in the context of the “20/20/20 directive”, and their security as a critical strategic infrastructure requires a shift of paradigm for the energy industrygy yDriven by DG ENER, Expert Group 2 assisting the EC Smart Grid Task Force (which generated the M/490 Smart Grid Standardization Mandate) produced 2 reports:Smart Grid Standardization Mandate) produced 2 reports:

“Regulatory Recommendations for Data Safety, Data Handling, and Data Protection”

“Essential Regulatory Requirements and Recommendations for Data H dli D t S f t d C P t ti ”Handling, Data Safety, and Consumer Protection”

DG INFSO / ENISA Expert Group on “Security & Resilience of Communication Networks and Information S t f S t G id ” f i k tSystems for Smart Grids” focuses on risk assessment , security requirement and countermeasures

Plans to organize a workshop to raise industry awareness on Smart Grid Security issues in Brussels in JuneSecurity issues in Brussels in June

The EU Perspective on Smart Grids

20 / 20 / 20 EU Target:20 / 20 / 20 EU Target: 20% CO2 reduction, 20% renewable energy, 20% energy consumption reduction

Expert Group 2: Regulatory for data safety,

data handling and data

Expert Group 1: Regulatory functionalities

for Smart Grids and

Expert Group 3: Roles and responsibilities

of actors involved indata handling and data protection

for Smart Grids and Meters

of actors involved in Smart Grids deployment

4 4

Security Challenges: From Smart Metering to Smart Grid

Smart Meter deployment statusp y

Impact of national regulations, business models and timeframee g Meter Ownership varies between countriese.g. Meter Ownership varies between countries

Smart meter deployments started 10 years agoItaly: 90% of Electricity meters and 2/3 Gas meters are “smart”Sweden: Almost 100% penetration for electricity induced by lawSweden: Almost 100% penetration for electricity, induced by law

“Automated Meter Reading” (AMR) vs. “Advanced Metering Infrastructure” (AMI)

Different support of functionalities between countries: e.g. Sweden:Different support of functionalities between countries: e.g. Sweden:Remote load control: 40%On/Off switch: 32% no rules for 3rd party access, nor obligations for SM interoperability

Security and Privacy not seriously considered everywhere10 countries initiating deployment – No single standard!

France: Started 09/2011, target 35M electric meters by 2020G M d t EAL4 C C it i S it C tifi ti f G tGermany: Mandatory EAL4+ Common Criteria Security Certification for GatewaysFinland : OSGP?Spain, Netherlands: Different levels of national requirementsUnited Kingdom, Austria…United Kingdom, Austria…

1/19/2012 6

AMI Security Challengesy g

• Fraud prevention: ICT induces new risks for the energy industryFraud prevention: ICT induces new risks for the energy industry• Used to simple mechanical protection of metrology unit• Digital meter design + telecommunications bring new security challenges• Requires proper methodology e g Common Criteria• Requires proper methodology, e.g. Common Criteria

• Resilience: Future-proofness (20 years lifetime)• Diverse lifetimes between energy equipment and ICT components• Use modular design, based on established standards

• e.g. for security module and communication module

• Privacy preservation• “Privacy by Design” approach recommended in EU by EG 2• Data ownership and exposition

• storage • access • expiration policies

1/19/2012 7

Why is privacy so important?y p y p

• Each appliance has its own powerits own power signature: Shows what you have, and when to steal it!when to steal it!• Identification by profiling is possible

> Consumers trust will be essential!

German BSI Security Requirementsy q

An EAL4+ Common Criteria Protection Profile is required for the

CLS = Controllable Local Systems

qGateway of a Smart Metering SystemThe same security level applies for the Security Element (e.g. Smart Card) of the GatewayCard) of the Gateway

Smart Grid DSO domainsIntroduction of distributed ICT component supporting the infrastructure: Disruptive model for the industry, implying new risks!

CBMCBM AMI: Automated MeteringCBM

CISDSM

CBM

CISCIS

DSMDSM

AMI: Automated Metering Infrastructure

Focus of M/441 mandateADA Ad d Di t ib ti

COM

AMIAdvanced Meter Infrastructure

A COM

AMIAdvanced Meter Infrastructure

A

ADA: Advanced Distribution Automation

Far more criticalf C

DM

SCOMCommunications

OM

S

ADA

Advanced Distribution

DER

ed E

nerg

y Re

sour

ces

DM

SCOMCommunications

OM

S

ADA

Advanced Distribution

DER

ed E

nerg

y Re

sour

ces cf. Control system security

standards (SCADA)DER: Distributed Energy R

SCADAEM

S

on Automation

Dist

ribut

ed

SCADA

SCADAEM

SEM

S

on Automation

Dist

ribut

ed ResourcesBi-directional energy flowNew risks introduced

GISGISGISLargely unexplored domain

Risks on ADA side are far worst than on AMI side!Cf. Stuxnet virus…

Smart Grid architecture (M/490)

Business Layer

Grid requirements:• uninterrupted service• robust and resilient

bl k t t bilit

Function Layer

Outline of Usecase

Business Layer

y

• black start capability• little dependencies on other infrastructures

C i i

Information LayerData Model

Data Model

Subfunctions

Inte

rope

rabi

lity

even in case of

•breakdown

Operation

Enterprise

Market

Component Layer

Communication LayerProtocol

Protocol

•breakdown, •failure •targeted attacks to ICT

GenerationTransmission

DistributionDER

Customer

Process

Field

Station

D i

Zones

CustomerPremise

Domains

M/490 Smart Grid Information Security: Positioning of security standards in the M/490 architecture

SGIS Vision: Provide an Security Toolbox

Li t f ll t / l d i l dSGIS

Layer

List of all actors/roles and involved functionalities

• Mandatory , Optional, Extended use cases / functions

Per legal Per legal Entity / Market Entity / Market RoleRole

Document SGIS-Security LevelsFor involved SG-Data Protection Class,

list all actors interacting andjustified access rights

Per ProductPer Productjustified access rights

Select Normative Profile for specific legal entity , products….Select Normative Profile for specific legal entity , products….

Select appropriate Technical requirements

for product & service development & manufacturing

Select appropriate Requirements when bringing Products & Services into market and /or into operation (install integrate configure) manufacturing

for all layers [IEC 62351, ...]

Select appropriate organizational Select appropriate governance

(install,integrate,configure)[Standards to identify]

per Productper ProductPer OrganizationPer OrganizationSelect appropriate organizational

requirements[SG-specific ISO 270xx]

Select appropriate governance, reporting and

incident handling requirements[Standards to identify][ y]

Per Market Role /Legal EntityPer Market Role /Legal Entity Per Market Role /Legal EntityPer Market Role /Legal Entity

Smart Grid Security Risks (from EG2 report)y ( p )

Trends in Smart Grid Cyber Securityy y

Regional deployment are driving investmentsRegional deployment are driving investmentsNo “One size fits all” solution

Forget “Security by Obscurity”L k f d d ill hi d iLack of standards still hinders action

Address system implementation and component securityAddress risks from older devices in aging infrastructuresAddress risks from older devices in aging infrastructures

Key Smart Grid Cyber Security technologies:M lti f t th ti ti• Multi-factor authentication

• Control Network isolation• Application white-listing

D t E ti• Data Encryption• Security event logging and correlation• Privacy-Enhancing Technologies

Smart Grid Resilience challengesgBalance Energy economy vs. Grid stability

e.g. ignore market signals to avoid disruption

Ensure scalable approach to cope with (huge) grid sizeMigrate from centralised power architectures to distributed modelsM i i f h t f i f ti il blMaximize use of huge amount of information availableCo-existence of multiple technologies with different lifecycles

• Power• Communication• Information Technology

Undertake security assessments at affordable costUndertake security assessments at affordable cost• Supply chain security (hardware, firmware, software)• Tamper resistant hardware• Due diligence assessment of 3rd parties services e g Certification Authorities• Due diligence assessment of 3rd parties services, e.g. Certification Authorities

Smart Grid Trust challengesg

Governance challenge: All actors shall feel responsible for idi d i t i i ICT it d ili t th iproviding and maintaining ICT security and resilience at their own

level• Utilities are not used to outsourcing to other infrastructure providers• Increased risk of fraud due to higher number of involved stakeholders

Mutual trust between all actors must be established !

Trust as a key enablery

INFORMATION EXCHANGE (WEB SERVICE)

CRITICAL S C

ENERGY 2.0 DomainsINFRASTRUCTURE

TRANSMISSIONSMART HOME

DR

STORAGE

DISTRIBUTED GENERATION

BUILDING AUTOMATION

ELECTRIC CARS

TRUST

DISTRIBUTION

GATEWAY(S)

RETAIL (ToU BILLING)

SMART METERING

FEE

D-IN

TRU

ST

1819/01/2012

SERVICE*SUPPLY* controllable local systems

Power Grids & Telecom Networks Interdependencies

Power Grids Telecom Network

Supply Central Distributed

Service Type Homogeneous (single commodity)

Heterogeneous (multi-commodities)

Direction Uni-directional Bi-directionalDirection Uni directional Bi directional

Scaling of capacity Expensive and time consuming

Quick and cheapconsuming

Infrastructure Local monopoly Competing market

Risk culture Safety (System impact Security (environmentRisk culture Safety (System impact on environment)

Security (environment impact on System)

Incidents Hardware failures Software failures

Telecommunication industry assets for Smart Grids

A ili li bl i i i f• A resilient, reliable communication infrastructureBut address availability and QoS guarantees

• Authentication and identification of millions of customers With supporting billing infrastructure

• A reliable security frameworkPreserving data confidentialityPreserving data confidentiality

• Trust provisioning chain relying on tamper resistant secure elementsSupporting protection and confidentiality of third party credentials/content

• Secure Remote Management infrastructure Over-The-AirSupporting firmware upgrades, etc.

Thank You!

In an increasingly connected societyIn an increasingly connected society, Gemalto is the leader in making digital interactions secure and easy

In the rapidly emerging universe of Machine-to-Machine communication (M2M) ’ l di li f(M2M) we’re a leading supplier of hardware, software and services for vertical applications .