Phy-gital Roundtable: Breakfast Roundup from Germany and Netherlands

02 May '15 | Debjyoti Paul

German Shoppers: Meet Them in the Fast Lane to Phy-gital

15 January '15 | Ralf Reich

Shoppers Will Share Personal Information (But They Don’t Want to be “Friends”)

15 January '15 | Anil Venkat

Modernize or Perish: Property and Casualty Insurers and IT Solutions

14 January '15 | Manesh Rajendran

Benelux Reaches the Phy-gital Tipping Point: Omnichannel Readiness is Crucial

13 January '15 | Anil Gandharve

The New Omnichannel Dynamic: Finding Core Principles Across Industries

13 January '15 | Debjyoti Paul

Technology does not disrupt business – CIO day 2014 Roundup

02 December '14 | Anshuman Singh

Apple Pay – The Best Is Yet To Come

02 December '14 | Indy Sawhney

Digital transformation is a business transformation enabled by technology

01 December '14 | Amit Varma

3 Stages of FATCA Testing and Quality Assurance

06 October '14 | Raman Suprajarama

3 Reasons why Apple Pay could dominate the payments space

18 September '14 | Gaurav Johri

Beacon of Hope: Serving Growth and Customer Satisfaction

05 August '14 | Debjyoti Paul

The Dos and Don’ts of Emerging Technologies Like iBeacon

30 July '14 | Debjyoti Paul

What You Sold Us On – eCommerce Award Finalist Selections

17 July '14 | Anshuman Singh

3 Steps to Getting Started with Microsoft Azure Cloud Services

04 June '14 | Koushik Ramani

8 Steps to Building a Successful Self Service Portal

03 June '14 | Giridhar LV

Innovation outsourced – a myth or a mirage or a truth staring at us?

13 January '14 | Ramesh Hosahalli

What does a mobile user want?

03 January '14 | Gopikrishna Aravindan

Can we truly ensure Smart Grid security?

Posted on: 05 March '12
Girish Deshpande
Technical Director - Industrial Systems and Smart Energy Group

Smart Grid is an interconnected network of smart devices and IT systems where electricity and information flow freely. This makes an electric grid more reliable. But when systems are connected to a wider network, substantial security risks are incurred. There are three main security concerns regarding Smart Grid:

  1. Ability to confirm authenticity of the other party and communicate only with genuine parties.
  2. Integrity of the data flowing through the Smart grid network.
  3. Ability to withstand sustained attacks, and quickly recover from such attacks.

When corporate systems are already exposed to outside network and supposedly protected from risks, what is the issue with Smart Grid security? Can we not use those methods to secure Smart Grid? The key differences between corporate IT systems and Smart Grid systems are:

  • Smart Grid systems are considered as vital national infrastructure and need to be more robust to ensure energy security.
  • Power system operation must continue in the event of an attack and should recover quickly from any damage.
  • The complexity of the modern Smart Grid system exposes it to risks and threats.
  • Millions of devices and systems connected to each other in the Grid offer multiple entry points for potential attackers.
  • Any breach of data security will offer analysis and malicious usage of the humongous amount of data collected, transmitted and stored.
  • Many connections on Smart Grid will have longer durations; sometimes permanent, which increases the risk.
  • Many end points in Smart Grid will have very limited processing power and storage, making it unfeasible to use certificates and sophisticated encryption algorithms.
  • Many links in the Smart Grid network will have low communication bandwidth that will limit the security measures taken.
  • Unlike corporate IT systems, you may not be able to quickly apply patches when new vulnerabilities are discovered.

Testing is going to be challenging because the normal operation should not have an impact during security testing. The impact of security breach will vary based on the system breached. These are some scenarios that are feasible:

  • The attacker gains access to millions of smart meters and then shuts them down remotely using a remote disconnect feature in modern smart meters. In a worst case scenario, the built in configuration is changed; so meters stop communicating with the central server altogether. The only option would be to reload the firmware in millions of those meters.
  • The attacker can disrupt the load balance of the local system by suddenly decreasing or increasing the demand for power.
  • A generator can be manipulated to self-destruct using computer and communication systems connected to that generator. The Stuxnet kind of computer worm can overtake the power plant’s industrial control systems by infecting SCADA software and can destabilize the closed loop feedback control and self-destruct the plant.
  • The lead time required to replace a damaged transformer and its critical role in the grid would make this a serious threat.
  • Smart Grid technologies will offer Home Energy management solution to the end consumers where they will have control over the use of energy. This is possible because future smart appliances for homes are connected to the Home energy gateway or a Smart Meter, which can be used to set usage configurations based on options like Time of Use (TOU), real time tariff, Time of the Day, etc. This results in significant savings of energy and cost. This increases vulnerability at the consumer’s end. Such breach can impact both privacy and availability for them. Researchers have demonstrated that you can glean insights into a typical day at home by looking at the energy consumption. Based on energy signature, you can find out which appliance was used when, or if the house is occupied at the moment. The attacker may even send wrong energy usage data to the MDMS system causing monetary losses for consumers and potential disputes with utility.
  • Even law enforcing agencies routinely use energy data for consumer protection and civil liberty groups are concerned about loss of privacy.

The news articles on future attacks on the US Smart Grid also make it clear that we may never be able to safeguard it completely from all threats. Is quick detection followed by quick recovery and response the only strategy available to protect our energy supply?

Girish Deshpande

Girish Deshpande has 19 years of experience writing software and managing projects, programs and the industrial systems IG. Girish has managed projects that encompass technologies from open source, web applications, mobile applications, embedded products to testing. A majority of the projects managed by him have also been fixed priced turnkey projects with complex product development stages. Few of the projects Girish has worked on have also won the Chairman's award at Mindtree. Girish has done his engineering in computer science.

  • Harsh

    SmartGrid cannot be made secure only by testing the systems, a continues monitering of infrastructure ,looking for specious activity in system will always be needed. So notification and alter system become vital to maintain security. We need to design Smart system with will help to react quickly in case of attack. So Control,monitering and reaction are key elements need to be incorporated in Smart Grid Systems.

  • DiceAdmin

    I agree with harsh comment of active monitoring, whereas I also see hacking as a potential threat for end user devices. Having something like threshold setup for each smart meter at consumer site and the only way to change it would be via manual programming.

    • I agree that the end points on the grid will be vulnerable links. Newer devices are smarter & well connected. Many of these devices have embedded web servers running on embedded Linux kind OS. They have lot more processing power, decision making capabilities and links with other systems. It will be concerning if such devices get compromised by the hackers.
      Regards,
      Girish

  • Richard

    Security is a concern in that the data could be compromosed as it is stored and transmitted. This problem has always existed. Before AMI meters you could ask the meter reader who is or isn’t at home and they could tell you based on the usage / readings. There is a lot of hype over national security and hacking threats that are not warranted. Our world is becoming more dependent on data and automation. With that comes the need for better security of that data and systems. The hype reminds me of the Y2K scare. Let’s move forward.

    • Thanks Richard for your comment. I agree excessive fear is not going to help. The relentless march of technology will ensure all these technologies will be eventually implemented sooner or later. And in the era of Facebook the privacy is anyway subjective. But this security issue goes beyond mere consumer privacy. The availability of infrastructure in the event of determined and well planned attack is a concern. Especially if you are unable to respond and restore the services quickly. Such debate will ensure utilities, government and technology companies take adequate steps to build the security in the smart grid right from the design stage, and not as an afterthought.

      Regards,
      Girish

  • Pingback: Why Smart grid security is not the same as Enterprise IT security | New Technologist()