Securing the Smart Grid

Not everyone knows what the grid is, let alone the Smart Grid

You may have heard about the Smart Grid, it has become a buzz word around developments in the energy market. But not everyone knows what the grid is, let alone the Smart Grid.

"The grid" refers to the electric grid that delivers electricity from the generator to the consumer. It has been recognised that traditional electric grids have been stretched to capacity; and in order to accommodate the requirements of a resource intensive society, a new kind of electric grid is needed – a smart grid that can automate and manage the increasing complexity of electricity demand.

A “grid” is converted to a “smart grid” when a large scale array of electricity distribution and/or transmission assets have been retrofitted with ubiquitous telecommunications infrastructure in conjunction with information technology hardware and software.

In this article we will briefly explore some of the information security objectives and risk implications of smart grids, and in particular smart meters which are a key element to manage the dynamic requirements of the grid.

The core components of a smart grid include distribution and transmission assets; communications infrastructure and information technology. And while you may derive benefit from a more (internet) connected system, the complexity introduces another dimension of risk that needs to be managed. Smart grid infrastructure uses sensors, meters, digital services and analytic tools to automate, monitor and control the two-way flow of energy across operations - from power plant to plug. By combining advanced communication, sensing and metering infrastructure with existing energy networks, smart grids enable the delivery of a more efficient, robust and consumer-friendly electricity network. However, each connection, link, and element of hardware and software can increase your threat profile (footprint) on the network and present a new entry point for an attacker to compromise.

In 2009, Smart Grid Australia received AU$100 million from the Federal Government for a National Energy Efficiency Initiative to develop a smart-grid energy network. And while smart grids have the potential to improve the economy, lifestyle and environment for Australians, their development, deployment and ongoing management will require a strategy of defence-in-depth. Indeed, the smart grid may be viewed as a solution looking for problems. Accordingly, security is warranted for such investment and critical infrastructure.

The Smart Grid's primary cyber security objectives must include protecting all services from malicious attack; preventing security incidents from compromising safety and protection; and delivering confidence in the confidentiality, integrity and availability of services including public trust in the accuracy of billing statements.

As a key element in the evolution of the Smart Grid, the Advanced Metering Infrastructure (AMI, Smart Meters) is the convergence of the power grid, the communications infrastructure, and the supporting information infrastructure. AMI security must exist in the real world with many interested parties and overlapping responsibilities.

Smart meters are a new wave of meter technology. They are effectively a computer for measurement of energy and deliver four main functions: monitoring and recording of demand; the logging of power relevant events, e.g., outages; the delivery of usage and logging information to the upstream utilities; and delivering and receiving of control messages, e.g., controlling smart appliances, remote disconnect, etc.

Because smart meters are computers, they are prone to the same security issues that affect other widely deployed systems, in particular embedded systems (special purpose computer hardware).

Among the key issues is the fact that in a competitive market, the time to deliver a product to market is significantly less than the time the product will operate in the market. Smart meters are designed to have a 20 year field operation expectancy. This provides ample opportunity to craft an attack which over the course of time, and greater product market penetration, can be expected to have greater consequence. Therefore it is imperative to design and implement secure systems.

The technical threats to smart meters will be explored in the next article in this series which will cover attacks against Software; Hardware Weaknesses; Encryption; Physical Security (tampering); Interfaces (local and radio) and Network (local and wide).

If security is addressed correctly (in-depth) then the following will be prevented. If not, the smart grid will indeed be the solution with many problems.

• Reputational Loss - Attacks or accidents that destroy trust in Smart Grid services, including their technical and economic integrity • Business Attack - Theft of money or services or falsifying business records • Gaming the system - Ability to collect, delay, modify, or delete information to gain an unfair competitive advantage (e.g., in energy markets) • Safety - Attack on safety of the grid, its personnel or users • Assets - Damaging physical assets of the grid or assets of its users • Short-term Denial or Disruption of Service • Long-term Denial or Disruption of Service (including significant physical damage to the grid) • Privacy violations • Hijacking control of neighbour's equipment • Physical and logical tampering • Subverting situational awareness so that operators take fatal actions that disrupt the system • Cause automated system to waste resources on false alarms. • Hijacking services • Using Smart Grid services or the supported communication mechanisms to attack end users residential or industrial networks (e.g., allowing end-users to compromise other end-users’ networked systems.)

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

Tags securitysmart grids

More about Federal GovernmentSmart

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Murray Goldschmidt

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts