Security and Risk Management for Smart Grids - PowerPoint PPT Presentation

1 / 26
About This Presentation
Title:

Security and Risk Management for Smart Grids

Description:

2nd ISACA Athens Chapter Conference Security and Risk Management for Smart Grids Dr. Lucie Langer Safety & Security Department AIT Austrian Institute of Technology – PowerPoint PPT presentation

Number of Views:420
Avg rating:3.0/5.0
Slides: 27
Provided by: Skop4
Category:

less

Transcript and Presenter's Notes

Title: Security and Risk Management for Smart Grids


1
Security and Risk Managementfor Smart Grids
2nd ISACA Athens Chapter Conference
  • Dr. Lucie Langer
  • Safety Security Department
  • AIT Austrian Institute of Technology
  • December 7, 2012
  • Athens, Greece

2
Talk Outline
  • Background and motivation
  • Motivation for smart grids
  • Smart grid security concerns
  • State of the art
  • NISTIR 7628 Guidelines for Smart Grid Cyber
    Security
  • German BSI Smart Metering Gateway Protection
    Profile
  • ENISA Smart Grid Security Recommendations
  • AIT research
  • Systematic threat analysis for smart grids
  • Decision theory support for risk analysis
  • Architectures for network resilience
  • Key projects
  • The PRECYSE Project
  • The (SG)2 Project
  • Upcoming project proposals

3
Motivation for Smart Grids
Increased availability of renewable power
technology
Diminishing fossil fuels and environmental
concerns
Lack of resilience of current power grids leading
to blackouts
Higher availability of practical electric cars
4
Smart Grids The Vision
  • An electricity network that integrates the
    behavior and actions of all users connected to it
    - generators, consumers, or both to ensure an
    economically efficient, sustainable power system
    with low losses and high levels of quality and
    security of supply and safety."

5
Smart Grid Security Concerns
Increased use of ICT systems, e.g., to support
prosumer communities and advanced energy services
A greater degree of monitoring and automatic
control at electricity network edge
Privacy concerns emerging from smart meters
increased risks associated with tampering
Greater use of COTS systems to implement parts of
a more open grid
6
Smart Grid Security State of the Art
7
NISTIR 7628 Guidelines for Smart Grid Cyber
Security
  • Three volume report on securing smart grids
    produced by the Cyber Security Working Group
    (CSWG) and the Smart Grid Interoperability Panel
    (SGIP) in the USA
  • Final version published in September 2010
  • Vol. 1
  • High-level smart grid architecture
  • Logical reference model that spans smart grid
    domains
  • A set of high-level security requirements
  • Vol. 2
  • Focuses on privacy issues within homes
  • Vol. 3
  • Supporting material, including research
  • and development themes

8
NISTIR Guidelines for Smart Grid Cyber Security
Guidelines
180 requirements exist in 19 families, e.g.,
access control,
7 Smart Grid Domains
Smart Grid Logical Reference Model
Technical High-level Security Requirements
Smart Grid Domains
apply to all (with tailoring)
Governance, risk and compliance requirements
Actors (Systems)
130 interfaces between actors, organized into 22
categories with shared or similar security
characteristics
apply to all categories
Common technical security requirements
Interface Categories
Interfaces
apply to a subset of categories
Unique technical security requirements
Use cases
influence
CIA Requirements (Low, Medium, High)
Process
1
2
3
4
5
Select use cases
Risk assessment
Define high-level security requirements
Set boundaries (define initial architecture)
Smart Grid conformance testing certification
8
9
BSI Protection Profile for the Gateway of a Smart
Metering System
  • Security requirements for the gateway in a smart
    metering system, which includes
  • assets, threats and assumptions,
  • a set of security objectives,
  • a set of security requirements,

Initially driven by electricity network operators
Wide Area Network
Grid Operators
Billing Companies
Local Metrological Network
Smart Metering Gateway
Home AreaNetwork
10
Protection Profile for the Gateway of a Smart
Metering System
A strong emphasis on privacy issues
  • Overview of the attacks considered
  • gaining access to metering data,
  • attackers intercept data during transmission,
  • acquire control of the gateway, meters,
    controllable local systems,
  • an attacker obtains more detail than they should.
  • Selected security objectives
  • encrypted and authenticated communication
  • between all parties,
  • pseudonymisation of transmissions, if applicable,
  • detect physical tampering,
  • no accessible services on the gateway.
  • Current status final version that should be
    supported by gateways in Germany

11
ENISA Smart Grid Security Recommendations
  • A set of security recommendations based on a
    survey of 50 stakeholders and extensive
    background material study
  • Recommendations from the report include
  • develop a minimum set of security measures
  • based on existing standards and guidelines
  • foster the creation of test beds and
  • security assessments
  • foster research in smart grid cyber security

http//www.enisa.europa.eu/activities/Resilience-a
nd-CIIP/critical-infrastructure-and-services/smart
-grids-and-smart-metering/ENISA-smart-grid-securit
y-recommendations
12
ENISA Smart Grid Security Recommendations
  • Selected research areas recommended by the report
    include
  • Robust, secure and resilient architectures
    self-healing and graceful degradation
    generation, distribution and storage of
    cryptographic material
  • Trust and assurance and end-to-end security
    dependencies and threat analysis and use-case
    modelling active monitoring for incident
    detection security metrics security mechanisms
    against DoS attacks
  • Privacy and security by design common procedures
    and interfaces, protection against zero-day
    vulnerabilities, optimization of cryptographic
    protocols
  • Legal and economic aspects of cyber security in
    the smart grid

13
Smart Grid Security AIT Research and Innovation
14
Smart Grid Security Threat Analysis
  • Availability of the power grid
  • Legitimate power consumption and delivery
  • Privacy of consumers

15
Smart Grid Security Threat Analysis
Recommendations
  • Authorization of users and devices to grant them
    least privileges to access resources and services
  • Integrity and plausibility checks of data, such
    as meter readings, grid status messages, and
    network traffic
  • Training of technicians and service staff to
    prevent social engineering

16
Security Risk Analysis based on Decision Theory
A challenge for cyber-security risk analysis for
smart grids and critical infrastructures is
identifying the likelihood of an attack occurring
and being successful
17
Architectures for Network Resilience
Resilience is the ability of the network to
provide and maintain an acceptable level of
service in the face of various faults and
challenges to normal operation.
18
Smart Grid Security Key Projects
19
The PRECYSE Project
20
The PRECYSE Project Demonstrators
Traffic control centre in the city of Valencia
(Spain) 1.5 million inhabitants, 500 000
vehicles
Energy demonstrator in the city of Linz
(Austria) Power supply and related services for
400 000 inhabitants
21
Smart Grid Security Guidance (SG)² Project
  • Nationally-funded research project
  • Project Duration 2 years, 11/2012 10/2014
  • Aim to produce practical guidelines for Smart
    Grid security for Austria
  • Partners from research, industry and government
  • AIT Austrian Institute of Technology
  • Technische Universität Wien
  • SECConsult Unternehmensberatung GmbH
  • Siemens AG, Corporate Technology Österreich
  • LINZ STROM GmbH
  • Energie AG Oberösterreich Data GmbH
  • Innsbrucker Kommunalbetriebe AG
  • Energieinstitut an der JKU Linz GmbH
  • Bundesministerium für Inneres
  • Bundesministerium für Landesverteidigung und
    Sport

22
The (SG)2 Process Model
23
The European SPARKS Project Proposal
Safety and Security Department Energy
Department Foresight Policy Development
Department
Partners
24
Conclusion and Open Issues
  • Smart grids represent a significant evolution of
    electricity networks
  • an increased use of ICT to support advanced open
    services
  • automatic monitoring and control deeper in the
    network to facilitate the use of decentralised
    power sources
  • Security and privacy concerns abound
  • privacy issues related to smart metering
  • risks to availability caused by cyber attacks
  • A number of best practices and standards have
    emerged, but practical application is lacking
  • AIT is researching novel threat and risk analysis
    approaches, and architectures for ensuring the
    resilience of smart grids to attacks (amongst
    other things)

25
AIT Austrian Institute of Technology
  • your ingenious partner
  • Dr. Lucie Langer
  • Project Manager ICT Security
  • Safety Security Department
  • lucie.langer_at_ait.ac.at 43 664 8251 438
    www.ait.ac.at/it-security

26
FastPass
A harmonized, modular reference system for all
European automatic border crossing points
  • European ABC solution with interfaces to existing
    security and infrastructure processes
    demonstrated at air-, land- and sea borders
Write a Comment
User Comments (0)
About PowerShow.com