Making Smart Grids Safe

When coupled with smart meters and connected to the IoT, new power grids will put security to the test.

popularity

There is little doubt that an intelligent power grid is not only desirable, but necessary in today’s power hungry world. As the global power grid veins its electric tentacles into the farthest reaches of the ecosystem, being able to allocate and monitor what power is needed, where and when will be the model going forward.

There are a lot of issues that face the deployment of a smart grid – economics, politics, energy sources, resource control, contracts, and the like. There is also one paramount issue that, perhaps, trumps them all – security.

Exactly how the archetype of the smart grid and the Internet of Things will play out is still fuzzy. Will the objects connected to the power gird have the intelligence to monitor and control power themselves? Or will they interface with a smart meter that talks to each of them and assesses and controls power demand and supply. Various models are being considered, but time will eventually flush that out.

For now, present movement is in smart meters and a smart grid. That works because the IoT will not be up for a while and the power grid has to move into the 21st century.

The state of smart power
The rollout, type, and complexity of smart meters around the globe varies from country to country, as does the state of their respective smart grids. In some places, such as the United Kingdom, smart power is further along the implementation curve than in the United States, which is further along than Japan. But nearly all developed countries have some sort of program in place to implement smart power infrastructures, and all are within stone’s throw of each other.

The “smart” in smart grids will implement cutting-edge technologies, such as state estimation, state-of-the-art fault detection, and the implementation of autonomous self-healing network platforms. Improved reliability will result, ensuring a more reliable supply of electricity, and a more precise and quicker reaction to attacks or disasters.

It will be able to track usage down to the watt. State-of-the-art GPS technology will be used to update the phase angle technology of the 1980s to be able to, precisely, measure phase angles across wide areas. Research suggests that with large numbers of phasor measurement units (PMUs) and the ability to compare voltage phase angles at key points on the grid, automated systems may be able to revolutionize the management of power systems by responding to system conditions in a rapid, dynamic fashion¹.

This allows the grid management to, intellectually, predict energy usage patterns, and shift supply, preemptively, to accommodate demand, and prevent brownouts. Stable power will be available, regardless of environmental, conditions.

It will feature a flexible network topology capable of bidirectional energy management from non-traditional grid sources such as solar, geothermal, fuel cells, and wind as feed-in points. It will manage all of this for peak load distribution, load balancing, peak leveling, and high-demand conditions.

Finally, it will redefine the market metrics. The great enabler will be the ability to have bi-directional communications between supplier and consumer. This control will give both factions unprecedented control in cost management. Consumers will have the ability to manage costs by realigning usage to take advantage of best prices and low demand times. Suppliers will be able to chart usage patterns and optimize revenue based upon redistribution strategies.

All of this will exist on a platform of advanced services enabled by two-way communications. By automating the power grid, rapid assessment of conditions will enable precision responses to specific grid conditions. Implementing control systems comprised of distributed intelligent agents, with analytical tools such as software algorithms, and hardware such as SCADA, will evolve a grid capable of real-time, autonomous and efficient functionality.

Wireless will certainly play large as will IP, fiber and power line networking (PLN). It will be full of smart sensors and smart interfaces. A paradigm shift will occur with the power and communications industries and it is likely that they will become partners going forward.

The smart meter
The smart meter is the traffic cop that will manage this grid of the future. It will interface with both the power infrastructure and the communications infrastructure and be microprocessor controlled. It will include wide-area monitoring systems, distributed temperature sensing equipment, smart sockets, and real-time thermal assessment systems. It also will incorporate electromagnetic signature measurement/analysis, time-of-use and real-time pricing tools, as well as advanced switches and cables, protective relays and backscatter radio technology. Of course, not all of this will exist in every system, but certainly, they will all be found sprinkled throughout the grid.

It seems like a utopian solution that will provide the perfect power infrastructure. In reality, it will be a much more efficient system than we have today. But on the other side, the more complex and high-tech the system becomes, the more opportunities open up for compromising the system. And there are lots of opportunities in such a complex, largely computer-managed infrastructure.

Perhaps the vulnerability at the top of the list is that the system operates in real time and has some, or a lot, of control over the end user’s devices and systems. If infiltration of the gird occurs by cybercriminals, there can be massive effects on the end user’s systems, in real time, before any attack neutralization can occur. Since the grid and the devices all will have a degree of digital technology and, likely run on standard protocols, malware and viruses are a distinct threat, as well.

One of the top concerns, according to NXP is the lifecycle of the objects that are part of the smart grid, and eventually the IoT (some of the terminology is specific to the United Kingdom, but the basic infrastructure and issues are similar in any grid). Meters, communications hubs, sensors and interfaces may remain in the field for up to 20 years, perhaps even longer. As fast as technology changes, such devices must have an avenue for upgrading. That will largely be accomplished by software upgradeability, which, if not designed with security at the inception, will be a prime vector for encroachment.

Malware injected into this vector can have devastating effects. As noted in the white paper, malwares have the potential to transform any hub or meter into another device type, performing a functionality it is totally not intended. For example uploading HAN/WAN cryptographic keys to the attacker or acting as a Trojan horse to compromise the whole Communication Service Providers (CSP) network availability.

“The reason there are so many attacks on smart grids is that these systems were not really designed with security in mind, and they are lacking dedicated security ICs within them,” said Jerome Schang, NXP’s authentication segment marketing manager. This means they are wide open to attacks, once the software security layer is breached. And the list of potential attack vectors is extensive. Potential weak points include any interface that is online – computers, IoT objects, sensors, meter, etc., and by any one of the communications channels.

Furthermore, remote devices sometimes can be disconnected from the network, especially if there is a concerted attack to isolate specific objects and take control of them. This is more likely to occur with higher-value targets up the network chain, such as substations or grid sectors, with an attack that is sophisticated enough to have a specific result in mind (robbing a bank or breaching a national security database, for example). If something happens to the network and the backend cannot talk to them, the devices should be able to make security decisions on their own and be aware whether they are receiving bogus data from a maleficent source.

This lack of integrated security on a chip level is a common thread that runs through many of the interconnected devices today. Many security experts feel that continuing to follow this pathway is opening a Pandora’s Box of cybercrime, going forward.

The fix
Considering this threat landscape, it is essential to implement a state of the art security in field devices. Three major areas include:

  • Infrastructure integrity: Devices with proof of origin, software authentication and integrity protection;
  • Mutual authentication: This is particularly important on the WAN side, based on strong protection of the keys,
  • Secure access to data: Both meters and communication hubs must be secured².

There must be a layered approach to network security. Grids, meters, and various objects, including objects of the IoT, have different security responsibilities (hubs vs. sensors vs. AC, for example). Different functionality requires different levels of security.

Essentially, every device should have a cryptographic key of some sort. Software solutions are fine, but none of them offer proven security. So keys are the only near-foolproof solution.

The ideal solution is to isolate the keys and their related cryptographic functions from the application. Run them in protected space, essentially, and implement tamper resistance to protect the sensitive data in case of attack.
This can be done in a number of ways but the model that seems to be emerging as a viable solution is the hardware security module. However, it requires a chip to implement.

According to an NXP white paper, The Security Module is a specialized hardware cryptographic module with built-in protections to securely store keys and other sensitive assets (such as device configuration or network parameters, or software white/black listing), and securely manage these keys and assets (generation, injection, modification, export, etc.).

Security modules can handle various key types, such as software integrity protection or software authentication keys, device authentication keys/certificates, keys related to enforcement of access control, proof of device origin keys, HAN encryption keys and others. The Security Module is also in charge of performing the cryptographic operations using those keys and assets (for e.g. certificate signature verification, generation/verification of software footprint signatures, set-up of secure connections like TLS, etc.) such that the keys and assets do not leak and by this are not exposed outside of the Security Module. The white paper goes on to detail how this happens but this is the high-level concept.

Going forward
With everything becoming intelligent and connected to everything else, the smart grid requires top-shelf security – just like the communications, transportation, and other high-level infrastructures. It is not one that should be deployed without security at the elementary level.

As the IoT begins to evolve, power will be a prime component of just about every object within it. It won’t be practical for many of the objects themselves to be power smart so the gird will have to shoulder the burden. The first line of defense is the grid, then the networks, then the meters. Securing the grid and its critical components cannot be an afterthought, and some of it needs to be done at the hardware level during the design stage.

1. Yilu Liu, Lamine Mili, Jaime De La Ree, Reynaldo Francisco Nuqui, Reynaldo Francisco Nuqui (2001-07-12). “State Estimation and Voltage Security Monitoring Using Synchronized Phasor Measurement.” Research paper from work sponsored by American Electric Power, ABB Power T&D Company, and Tennessee Valley Authority (PDF) (Virginia Polytechnic Institute and State University). CiteSeerX: 10.1.1.2.7959. “Simulations and field experiences suggest that PMUs can revolutionize the way power systems are monitored and controlled.”
2. Towards a Secure UK Smart Grid. An NXP white paper by Denis NOËL, Global Marketing Manager ‐ Authentication Solutions and Marc Vauclair, Technology Manager ‐ Security & Cryptography