Cyber Security and Privacy Issues in Smart Grids

Similar documents
Security and Privacy Issues In Smart Grid

Communication and Security in smart Grid. Tricha Anjali School of Computing & Electrical Engineering Indian Institute of Technology, Mandi

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

Chapter 8: Smart Grid Communication and Networking

Security Risks of an Advanced Metering Infrastructure

AUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID

Realizing the Smart Grid - A Solutions Provider's Perspective David G. Hart July Elster. All rights reserved.

Smart Grid Vision DRAFT FOR DISCUSSION PURPOSES ONLY

Industrial Security - Protecting productivity. Industrial Security in Pharmaanlagen

PRYSM ADVANCED METERING INFRASTRUCTURE. Intelligent Digital Solutions for a Smarter India

Progressing AMI in Asia Pacific Mike Wetselaar Director Sales South East ASia

Multi-Sector Urban System Initiatives

Distributor Thoughts on Smart Grid

Digital Transformation of Power Delivery

Presenter: Asim Sinan Yuksel. Submitted in Partial Fulfillment of the Course Requirements for. ECEN 689: Cyber Security of the Smart Grid, Spring 2011

SEGRID storyline. Workshop SEGRID November 14 th, 2016, Barcelona, Spain

Introduction Privacy, Security and Risk Management. What Healthcare Organizations Need to Know

Smart Grid vs. The NERC CIP

S3C Smart Consumer, Smart Customer, Smart Citizen : The Digital 3C Transformation

WELCOME. Landis+Gyr Technical Training Catalog

Proven results Unsurpassed interoperability Fast, secure and adaptable network. Only EnergyAxis brings it all together for the Smart Grid

NIST Interoperability Standards Update

Security in grid control centers: Spectrum Power TM Cyber Security

Regulatory Aspects of Smart Metering: US Practice

PREEMPTIVE PREventivE Methodology and Tools to protect utilities

Privacy Challenges in Big Data and Industry 4.0

Cyber Security of Power Grids

Threat modeling of SCADA cyber attacks

Avygdor Moise, Ph.D. Future DOS Research & Development Inc. Enablers of plug & play AMI solutions that work

NW NATURAL CYBER SECURITY 2016.JUNE.16

Public Comment on the Consumer Interface with the Smart Grid February 19, 2010

CYBER SECURITY AND MITIGATING RISKS

Standard: Event Monitoring

Chapter 2 State Estimation and Visualization

Resilient Smart Grids

NXP Semiconductors Smart Grid, Smart Mobility. Maurice Geraets June 2014

THE SMART GRID INTEROPERABILITY LAB

Evolution of Control for the Power Grid

2017 RIMS CYBER SURVEY

SCADA Protocols. Overview of DNP3. By Michael LeMay

Smart Grid Communications and Networking

Verizon Software Defined Perimeter (SDP).

WELCOME. Landis+Gyr Technical Training Catalog

Intelligent Building and Cybersecurity 2016

Cyber Security of Industrial Control Systems (ICSs)

Maxwell Dondo PhD PEng SMIEEE

Comprehensive Cyber Security Features in SIPROTEC & SICAM. SIPROTEC Dag 11. Mei 2017

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Phasor Technology Research Road Map to Improve Grid Reliability and Market Efficiency. Presented to TAC on April 5, 2005 and PAC on April 22, 2005

Smart utility connectivity

Exchange of Data and Models between Control Centers

Tom Thomassen Senior Development Manager Office of the CTO

A Review on Security in Smart Grids

Securing the Smart Grid

NIST Revision 2: Guide to Industrial Control Systems (ICS) Security

Time Synchronization and Standards for the Smart Grid

Toward Open Source Intrusion Tolerant SCADA. Trevor Aron JR Charles Akshay Srivatsan Mentor: Marco Platania

IoT in Indian Electricity Transmission & Distribution Sectors

LESSONS LEARNED IN SMART GRID CYBER SECURITY

Smart Distribution Grid: Status, Goals, Vision and Pathway for Success

Farmers Mutual Telephone Company. Broadband Internet Access Services. Network Management Practices, Performance Characteristics, and

Cloud-establishinga frameworkfor utilisingcloudservicesfor mission critical digital grid applications

Dr. Stephanie Carter CISM, CISSP, CISA

WITH THE increasing demand for electricity these years,

Southern Company Smart Grid

The modern car has 100 million lines of code and over half of new vehicles will be connected by 2020.

Cyber Physical System Security

Transforming Utility Grid Operations with the Internet of Things

Cyber Security. June 2015

Beam Technologies Inc. Privacy Policy

THE DATA CENTER AS A COMPUTER

TELECOM & ENERGY «Collaborating to Power the Smart Grids for Digital Growth«

Smart Grid Security Update

Pepco s Plans for Smart Grid. Rob Stewart Blueprint Technology Strategist

Kepware Whitepaper. A New Distributed Architecture for Remote Communications

E-guide Getting your CISSP Certification

Smart Grid Communications Architecture: A Survey and Challenges

Unified AMI Information Models to Support Diversified Smart Grid Systems and Applications

AMI in Smart Substation Pilot Project

Mobile Security Fall 2011

Critical Infrastructure Protection for the Energy Industries. Building Identity Into the Network

The Luma Learn website is a e-commerce site. By using the Luma Learn website, you consent to the data practices described in this statement.

IoT & SCADA Cyber Security Services

Smart Grid Forensic Science: Applications, Challenges, and Open Issues

Altius IT Policy Collection Compliance and Standards Matrix

Evolution of Control for the Power Grid

Research on Heterogeneous Communication Network for Power Distribution Automation

3. SECURITY REQUIREMENTS FOR AMI INTERFACE CATEGORIES Characteristics-Based Interface Categories for Defining Security Requirements...

RISK MANAGEMENT IBERDROLA S CASE

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

Securing Industrial Control Systems

Institute of Internal Auditors 2018 IIA CHICAGO CHAPTER JOIN NTAC:4UC-11

The Path to a Secure and Resilient Power Grid Infrastructure

IBM Security Intelligence on Cloud

SmartGridCity : Xcel Energy plugs into the smart grid. Presented by: Sandy Simon, Xcel Energy Anne Olson, Hollstadt & Associates

Cyber Security Panel Discussion Gary Hayes, SVP & CIO Technology Operations. Arkansas Joint Committee on Energy March 16, 2016

AMI: Communications and Integration Options

Consolidated Privacy Notice

Cyber Risks in the Boardroom Conference

Altius IT Policy Collection Compliance and Standards Matrix

Transcription:

Cyber Security and Privacy Issues in Smart Grids Acknowledgement: Slides by Hongwei Li from Univ. of Waterloo References Main Reference Liu, J. and Xiao, Y. and Li, S. and Liang, W. and Chen, C. Cyber Security and Privacy Issues in Smart Grids, IEEE Communications Surveys & Tutorials, 2012. In Brief U.S. NIST, Guidelines for smart grid cyber security, NIST IR- 7628, Aug. 2010, available at: http://csrc.nist.gov/publications/pubsnistirs.html#nist-ir-7628. NIST: National Institute of Standard and Technology 2 1

Outline 31 Reference model for the smart grid 2 Security issues 3 Privacy issues 4 Future research directions 3 Fig. 1. NIST reference model for the smart grid 4 2

SCADA: an important component of operations SCADA (Distribution Supervisory Control and Data Acquisition) A type of control system that transmits individual device status, manages energy consumption by controlling the devices. Allows operators to directly control power system equipment. The main goal of SCADA Helping the grid reduce operation and maintenance costs and ensure the reliability of the power supply. 5 MTU: Master Terminal Unit HMI: Human Machine Interface RTU: Remote Terminal Unit PLC: Programmable Logic Controller Field data interface devices: Including RTU and PLC, et al. Fig. 3. A typical SCADA architecture 6 3

SCADA Security Issues-1 Distribution control commands and access logs are critical for SCADA systems. Intercepting, tampering, or forging these data damages the grid. Possible solutions: Ensure all commands and log files are accurate and secure. Synchronizing time-tagged data in wide areas is essential; without it the safety and reliability of the SCADA system cannot be achieved. Possible solutions: Use a common time reference for time synchronization. 7 SCADA Security Issues-2 Every decision of SCADA comes from the analysis of the raw data based on a reasonable model. Improper models may mislead operator actions. In addition, different vendors using distinct SCADA models will disrupt the consistency of the grid. Possible solutions: So far, no. Other security issues? 8 4

PHEV; Plug-in Hybrid Electric Vehicle HAN: Home Area Network DER: Distributed Energy Resource AMI: Advanced Metering Infrastructure Fig. 2. A use case of AMI in HAN 9 Smart Meter Security Meters may suffer physical attacks such as battery change, removal, and modification. Functions like remote connect/disconnect meters and outage reporting may be used by unwarranted third parties. Customer tariff varies on individuals, and thus, breaches of the metering database may lead to alternate bills. Possible solutions Ensure the integrity of meter data. Detect unauthorized changes on meter. Authorize all accesses to/from AMI networks. Secure meter maintenance. 10 5

Customer Interface Security Home appliances can interact with service providers or other AMI devices. Once manipulated by malicious intruders, they could be unsafe factors in residential areas. Energy-related information can be revealed on the communication links. Unwarranted data may misguide users decision. Possible solutions Access control to all customer interfaces. Validate notified information. Improve security of hardware and software upgrade. 11 PHEV Security PHEV can be charged at different locations. Inaccurate billings or unwarranted service will disrupt operations of the market. Possible solutions Establish electric vehicle standards [1]. [1] U.S. NIST, Guidelines for smart grid cyber security, NIST IR-7628, Aug. 2010, available at: http://csrc.nist.gov/publications/pubsnistirs.html#nist-ir-7628. 12 6

Anomaly detection-1: Temporal Information Unsecured time information may be used for replay attacks and revoked access which has a significant impact on many security protocols. Timestamps in event logs may be tampered by malicious people. Possible solutions Use Phasor Measurement Units (PMUs) to ensure accurate time information. Adopt existing forensic technologies to ensure temporal logs are accurate. 13 Anomaly detection-2: Data & Service RTUs may be damaged in various ways. The accuracy of transmitted data and the quality of services therefore can not be guaranteed. Possible solutions Utilize fraud detection algorithms and models used in credit card transaction monitoring[1]. [1] U.S. NIST, Guidelines for smart grid cyber security, NIST IR-7628, Aug. 2010, available at: http://csrc.nist.gov/publications/pubsnistirs.html#nist-ir-7628. 14 7

Demand Response What is the demand response? Smart grid allows customers to shift load and to generate and store energy based on near real-time prices and other economic incentives. Customers can also sell surfeit stored energy back to the grid when the price is high. Such demand-response mechanisms help the grid balance power supply and demand, thus enhancing the efficiency of power usage. 15 Privacy Issues on Smart Grid countermeasures Privacy Concerns Personal Information 16 8

Personal Information NIST guidelines have provided a list of personal information that may be available through the smart grid as follows[1]: Name: responsible for the account Address: location to which service is being taken Account number: unique identifier for the account Meter IP, Meter reading, current bill, billing history Lifestyle; when the home is occupied and it is unoccupied, when occupants are awake and when they are asleep, how many various appliances are used, etc. DER: the presence of on-site generation and/or storage devices, operational status, net supply to or consumption from the grid, usage patterns. Service Provider: identity of the party supplying this account, relevant only in retail access markets. [1] U.S. NIST, Guidelines for smart grid cyber security, NIST IR-7628, Aug. 2010, available at: http://csrc.nist.gov/publications/pubsnistirs.html#nist-ir-7628. 17 Privacy Concerns Energy consumption data obtained by a third part may disclose personal information without one s permission[1]. Firstly, data in the smart meter and HAN could reveal certain activities of home smart appliances, e.g., appliance vendors may want this kind of data to know both how and why individuals used their products in certain ways. Secondly, obtaining near real-time data regarding energy consumption may infer whether a residence or facility is occupied, what they are doing, and so on. Thirdly, personal lifestyle information derived from energy use data could be valuable to some vendors or parties, e.g., vendors may use this information for targeted marketing, which could not be welcomed by those targets.... [1] U.S. NIST, Guidelines for smart grid cyber security, NIST IR-7628, Aug. 2010, available at: http://csrc.nist.gov/publications/pubsnistirs.html#nist-ir-7628. 18 9

Countermeasures NIST proposed some countermeasures to address privacy issues in smart grid [1]. An organization should ensure that information security and privacy policies exist and are documented and followed. Audit functions should be present to monitor all data accesses and modifications. Before collecting and sharing personal information and energy use data, a clearly-specified notice should be announced. Organizations should ensure the data usage information is complete, accurate, and relevant for the purposes identified in the notice. Personal information in all forms, should be protected from unauthorized modification, copying, disclosure, access, use, loss, or theft.... [1] U.S. NIST, Guidelines for smart grid cyber security, NIST IR-7628, Aug. 2010, available at: http://csrc.nist.gov/publications/pubsnistirs.html#nist-ir-7628. 19 Future Research Directions 1 Control System Security 2 Power system security 4 3 Accountability Integrity and Confidentiality 5 Privacy 20 10

Control System Security Industrial control normally does not do too much about security. In recent years, people pay some attention to control systems security to protect power generation, transmission and distribution. Co-designs of control and security in smart grids will be interesting topics in the future. [1] Liu, J. and Xiao, Y. and Li, S. and Liang, W. and Chen, C. Cyber Security and Privacy Issues in Smart Grids, IEEE Communications Surveys & Tutorials, 2012. 21 Power System Security Besides cyber security, vulnerabilities in physical power grid should also be further explored and studied. Since new devices will be largely deployed, no one can guarantee the power line itself is 100% secure. [1] Liu, J. and Xiao, Y. and Li, S. and Liang, W. and Chen, C. Cyber Security and Privacy Issues in Smart Grids, IEEE Communications Surveys & Tutorials, 2012. 22 11

Integrity and Confidentiality Integrity and confidentiality are two main aspects for computer and network security design. Naturally, they are still essential for securing the smart grids. For example, integrating with huge numbers of DERs may incorporate with distributed database management and cloud computing technology. Whether or not we could adopt current solutions to provide integrity and confidentiality for smart grid is a future research direction. [1] Liu, J. and Xiao, Y. and Li, S. and Liang, W. and Chen, C. Cyber Security and Privacy Issues in Smart Grids, IEEE Communications Surveys & Tutorials, 2012. 23 Privacy Privacy issues in cyber security may be addressed by adopting newly anonymous communication technologies. Current approaches to anonymize traffic in general networks will cause overhead problems or delay issues. For some time-critical operations, limited bandwidth and less connectivity features in the smart grid may hinder the implementation of anonymity. [1] Liu, J. and Xiao, Y. and Li, S. and Liang, W. and Chen, C. Cyber Security and Privacy Issues in Smart Grids, IEEE Communications Surveys & Tutorials, 2012. 24 12

Accountability As a complement, accountability is required to further secure the smart gird in terms of integrity, confidentiality and privacy. Even if a security issue presents itself, the built-in accountability mechanism will determine who is responsible for it. Once detected, some problems can be fixed automatically through the predefined program, while others may provide valuable information to experts for evaluation. [1] Liu, J. and Xiao, Y. and Li, S. and Liang, W. and Chen, C. Cyber Security and Privacy Issues in Smart Grids, IEEE Communications Surveys & Tutorials, 2012. 25 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback