Use Cases for Smart Grid Security Standards



Governments around the world have recognized the existing vulnerability and need to protect the grid infrastructure. With efforts from organizations such as NERC and NIST, the specific requirements for increased grid security have been well-defined.

Need for Improved Grid Security
Attacks on computer systems from viruses, root kits, Trojans, worms, keyloggers, bots and other malicious software have been the focus of hackers and cyber-security experts for many years. With historically isolated industrial controls such as supervisory control and data acquisition (SCADA) systems and programmable logic controllers (PLCs) connected to the same networks, loss of service as well as physical damage can be caused from unauthorized access. In fact, the goal of the smart grid is network connectivity, so network security is fundamental to its successful implementation.

However, the global electricity grid infrastructure has experienced a rapid increase in the number of vulnerabilities since 2000 and the occurrences are growing. As one of the key assets of any nation, protection from the increasing number of attempted and successful attacks on the grid and its metering systems is (or should be) a national priority for all industrialized countries.

Increasingly, more dangerous attacks have occurred from a variety of sophisticated attackers, including foreign governments. Attackers include state-run and financed attacks, hackers, cyber terrorists, organized crime, industrial competitors, disgruntled employees and careless or poorly trained employees. Perhaps the most well-known recent occurrence was the Stuxnet computer worm. Discovered in June 2010, Stuxnet was spread through Microsoft Windows OS targeting Siemens’ SCADA systems.

The motivation for stakeholders from content owners, service providers and manufacturers to end users varies as shown in Table 1. The bottom line is the cost impact that can be significant. At the 2011 London Conference on Cyberspace, British Prime Minister, David Cameron reported that cybercrime cost the UK an estimated 27B pounds a year, and with several other nations as much as US$1Trillion a year globally.

121207_smartenergy_1
Table 1: The impact on assets and stakeholders of cyberattacks. (Source: NIST)

As a result, governments around the world have taken steps to provide increased security and reduce the cost of cybercrime. U.S. government organizations active in standards and other areas include the North American Electricity Reliability Corporation (NERC) and the National Institute of Standards and Technology (NIST).

Designed to ensure the reliability of bulk electric systems in North America, NERC’s Critical Infrastructure Protection (CIP) includes standards development, compliance enforcement, assessments of risk and preparedness. NIST developed and issued NISTIR 7628, Guidelines for Smart Grid Cyber Security and NIST Special Publication 1108: NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 1.0.

Standards Developed to Provide Improved Grid Security
NERC’s CIP Reliability Standards require compliance with specific requirements to safeguard critical cyber assets. CIP-002 through CIP-009 address physical as well as cyber-security requirements for responsible grid entities. They provide the benchmarks for utility companies’ measurements and certifications. Cyber aspects include:

  • Identifying critical assets
  • Identifying and training cyber-security personnel
  • Developing and implementing security management
  • Defining methods, processes and procedures
  • Securing the systems identified as critical cyber assets
  • Reporting and response planning
  • Establishing recovery plans

NIST’s cyber-security objective of confidentiality, integrity and availability (CIA) impacts the interactions of several entities as shown in Figure 2. The basis of the interactions are the Internet, enterprise buses, wide area networks (WANs), substation local area networks (LANs), field area networks and premises networks. While confidentiality is least critical for power system reliability, it is increasingly important with the availability of online customer information and privacy laws that impose strict penalties for breach of privacy. The integrity for power system operation addresses requirements of:

  • Authentication of the data,
  • No modification of the data without authorization
  • Implementation of NISTIR 7628
  • Known and authenticated time stamping and quality of data
121207_smartenergy_2
Figure 2: The interactions of different smart grid domains through secure communication and electrical flows. (Source: NIST Smart Grid Framework 1.0, January 2010).

In addition to establishing the requirements, NIST existing and developed standards identify critical security aspects such as data encryption and definitions for common understanding and implementation of solutions.

Root of Trust and Other Definitions
The fundamental step towards establishing a secure or trusted component or entry point to a network is a root of trust (RoT). The RoT verifies that the component is performing in an expected manner in the initial operation or engagement of the component or system. This established trust provides the first step towards improving security. In the Aberdeen Group report, “Endpoint Security: Hardware Roots of Trust,” the analyst notes that over a twelve-month period, companies that utilized a hardware root of trust in their approach to security had 50% fewer security related incidents and 47% fewer compliance/audit deficiencies.

Two use cases exemplify the implementation of NIST requirements.

Use Case 1: Smart Meters
Smart meters or the advanced metering infrastructure (AMI) have two-way communications between field-area networks in the smart grid. As such, they can be a weak link in overall network security. In the NERC CIP assessment, critical smart meter areas are:

15 – Interface between systems that use customer site networks such as home area networks (HANs) and building area networks (BANs)

17 – Interface between systems and mobile field crew laptops/equipment

18 – Interface between metering equipment

The NIST CIA impact level of low (L), medium (M) or high (H) for these critical areas is shown in Table 2.

The high level security aspects with unique technical requirements include:

  • User identification and authentication
  • Device identification and authentication
  • Security function isolation
  • Denial-of-service protection
  • Software and information integrity

To meet these requirements, the silicon solution must provide:

  • Crypto support
  • Secure key
  • Random number generator (RNG)
  • Secure clock              
  • Trusted execution/hardware firewall
  • Tamper detection
  • Secure debug
121207_smartenergy_3
Table 2: CIA impact levels for smart meters. (Source: NIST 7628)

AMI system functions include measuring, communicating and using the data. Encryption techniques are defined for specific aspects of these functions. Smart meter encryption techniques include Advanced Encryption Standard (AES) and Elliptic Curve Cryptography (ECC) that are even more stringent than techniques used in the banking sector. NIST applies additional requirements for smart meters including unique credentials, a key management system (KMS) that supports an appropriate lifecycle of periodic rekeying and revocation and more. The successful implementation of smart meter security is based on a hardware root of trust.

Use Case 2: Data Concentrator
In the AMI architecture, a data concentrator collects meter information and data for transmission to the utility. Figure 3 shows the process.

121207_smartenergy_4
Figure 3: End-to-end security between the smart meter and the utility. (Source: FSL)

Mechanisms for the interface between the data collection system and the electricity meter (or a data concentrator and the electricity meter) include:

  • Authentication of all command messages
  • Encryption (AES 128) to ensure confidentiality of metering data using block ciphering and a unique symmetric encryption key for each meter
  • Message authentication for meter data integrity provided via AES Galois Message Authentication Code (GMAC) algorithms

Each smart meter has a unique and secret unicast AES key with its default value set in the factory. When the meter has been installed and commissioned, a new operational key replaces the default value. A unique and non-modifiable master key encryption key (KEK) in each smart meter provides added security. The master key is used during the transportation of a new working key, during the commissioning or during the operational life of the meter.

121207_smartenergy_5
Table 3: Freescale security solutions features at a glance.
121207_smartenergy_6
Figure 4: The single-core QorIQ P1010 processor’s trust architecture platform helps protect against software intrusion and software cloning with end-to-end code-signing and intrusion-prevention capabilities. Based on the e500 core, the P1010 has Security Accel, Security Fuses, Security Monitor, Internal BootROM and external Tamper Detect blocks.
121207_smartenergy_7
Figure 5: Code integrity through the trusted boot process. The Q or IQ uses an RSA public key to decrypt the signed hash and simultaneously
recalculates the SHA-256 hash over the system code. If the decrypted original hash matches the calculated hash, the code is authenticated.

Securing the Grid and More
Increased grid infrastructure networking requires increased grid security. With efforts from organizations such as NERC and NIST, the specific requirements for increased grid security have been well-defined. As a result, enabling technologies from many companies will ensure high security levels as smart-grid systems, including smart meters and data concentrators, are implemented.

     
 

Terms that may be unfamiliar to those addressing highly secure computer operation for the first time include:

  • AES – Advanced Encryption Standard
  • Anti-cloning provides a unique device ID and digital signing support and encryption
  • ECC – Elliptic Curve Cryptography                                                     
  • FIPS – Federal Information Processing Standards
  • Hash is any well-defined procedure or mathematical function that converts a large, possibly variable-sized amount of data into a small datum.
  • High assurance boot is a security library embedded in tamper-proof on-chip ROM that prevents unauthorized SW execution
  • RSA is an algorithm for public-key cryptography named for Rivest, Shamir, and Adleman who were first to publicly described it.
  • Secure clock provides reliable time source
  • Secure communications ensure the integrity of data and information
  • Secure debug protects against hardware (HW) debug (Joint Test Action Group (JTAG)) exploitation
  • Secure storage provides a programmable ARM TrustZone® protected region within on-chip RAM
  • Trusted execution isolates execution of critical software (SW) from possible malware
  • TrustZone is a trusted execution environment for security-critical SW

For more complete acronyms and glossary, see Appendix I of NISTIR 7628, Guidelines for Smart Grid Cyber Security: Vol. 3, Supportive Analyses and References

 
     

 


pic_meera

Meera Balakrishnan is the global segment marketing manager for smart energy (smart grid and metering) & Embedded Board Solutions (EBS) segments at Freescale. She graduated from Swinburne University in Melbourne, Australia and has over 11 years of experience in the semiconductor industry having worked in applications engineering, NPI marketer, distribution channel sales & business development positions both in the field and factory. She is currently based in Munich.

Share and Enjoy:
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google
  • TwitThis